No good deed goes unpunished: Did P.F. Chang’s prompt notice of data breach create standing to sue?

A troubling recent opinion issued by the Seventh Circuit involving restaurant chain P.F. Chang's will likely cause some to re-think the prudence of making any announcement of a potential hack until more is known about the nature and scope of the breach. It will also cause some to re-evaluate mitigating responses to a breach. Read more >>

Court Decisions, Data Breach

Another court weighs in on the iPhone battle

In an order filed February 29, 2016, Judge James Orenstein, a federal magistrate judge in the Eastern District of New York, denied the U.S. government’s request to force Apple to bypass security measures on an iPhone involved in a criminal investigation. The order comes in the wake of another high-profile dispute between Apple and the U.S. government related to the December 2015 shooting in San Bernardino, California. 

Though not binding and factually distinguishable from the San Bernardino case, the recent decision by the magistrate judge in New York has been viewed as a significant blow to the government’s arguments and is anticipated to impact several other cases across the country. This is largely due to the fact that both cases pose the same question: Can the 1789 All Writs Act (AWA) be used to give the government access to encrypted data stored on suspects’ devices?

Read more in the latest Cybersecurity Insight

Court Decisions, General News

Do your company’s cybersecurity practices deceive consumers?

Not a day goes by without breaking news of a cybersecurity breach. Indeed, thoughts of a system hack keep many executives up at night. Small- and medium-sized businesses often fear that they do not have the robust resources or staff to adequately handle these threats.

The Consumer Financial Protection Bureau (CFPB) has now weighed in on these issues with a consent order that delivers cybersecurity guidelines.Of particular importance is the fact that the CFPB has now used its ultimate weapon — Unfair, Deceptive, or Abusive Acts or Practices (UDAAP) — as a tool to ensure that companies adopt effective security protocols.

For a detailed analysis of the CFPB's consent order and what it means for consumer-facing businesses, read the latest Cybersecurity Insight

Court Decisions, Prevention