chevron-down Created with Sketch Beta.
Privacy & Data Security

Practice Points

What you need to know in a quick-to-read format. Find all of the Privacy and Data Security Committee’s practice points in this archive.


Tips for Protecting Your Business from Wiretap Lawsuits Targeting Companies with Consumer-Facing Websites
By Alexander (Sandy) Bilus, Joseph Lipchitz, and Allison Burdette – February 22, 2023
Class action lawsuits stemming from use of session replay software are on the rise.


California Attorney General Reaches $1.2 Million Settlement with Sephora
By Patrick Hromisin and Austin Strine – November, 2022
The settlement was part of a continued enforcement of the California Consumer Privacy Act.

Lessons Learned from EyeMed Vision Care’s Cybersecurity Settlement
By Dimple T. Shah – November 10, 2022


FTC Amends Standards for Safeguarding Customer Information
By Alexander (Sandy) R. Bilus – December 16, 2021
The key changes will become effective one year after the Final Rule is published in the Federal Register.


Lawyers Beware: How Data Privacy Protections Differ from Privilege and Confidentiality
By Joanna L. Storey – December 21, 2020
Navigating current privacy laws is like wandering through a labyrinth. Where should a lawyer start?

The Four Ps of Privacy
By Starr Drumm – December 16, 2020
A quick guide to spotting issues with privacy laws.


The Third-Party Doctrine in the Wake of a “Seismic Shift”
By Steven Arango – June 13, 2019
The need for data privacy legislation to keep pace with technology.


Ohio Law Creating Affirmative Defense in Data Breach Litigation Takes Effect
By Sean Fernandes – November 5, 2018
While it is unclear whether the safe harbor is sufficiently effective to incentivize voluntary compliance, this statute does indicate a new approach to data security regulation that practitioners should monitor.

Supreme Court Addresses Stored Communications Act Cases
By Sean Fernandes – July 10, 2018
Two recent cases, Carpenter v. United States and United States v. Microsoft, cases recently reached resolution.

Supreme Court Hears Oral Argument on Stored Communications Act Cases
By Sean Fernandes – March 30, 2018
While it is a fool’s errand to predict the outcome of a case based on oral argument, the themes in these arguments will be of interest to attorneys following these issues.


Supreme Court to Address Significant Stored Communications Act Cases
By Sean Fernandes – August 16, 2017
Attorneys interested in electronic communications privacy issues should take note of two cases currently under consideration.

Spies in the Skies? D.C. Circuit Invalidates Drone Registration Rule
By Sean Fernandes – June 7, 2017
The court invalidated an FAA rule requiring recreational drone owners to register with the FAA, clouding the FAA's ability to regulate drone usage.

Tips for Smart Privacy Practices from Smart TV Settlement
By Sean Fernandes – March 27, 2017
Several important takeaways for privacy and data security practitioners from the FTC's recent complaint against VIZIO.

Fourth Circuit Declines to Find VA Violated Privacy and Administrative Procedure Acts
By Danielle Pomeraniec – March 6, 2017
The case involved the dismissal of two class actions brought against the Secretary of Veteran Affairs.

Fourth Circuit Weighs in on Data Breach Standing
By Sean Fernandes – February 15, 2017
The ruling comes in Beck v. McDonald.

Email Privacy Act Unanimously Passed by House of Representatives
By Danielle Pomeraniec – February 14, 2017
The act prohibits the federal government from searching individuals’ emails without a warrant.

Former Uber Employee Files Suit for Retaliation in Reporting Insecure Data Privacy Practices
By Angel Chiang – January 9, 2017
This is not the first time the ride-sharing juggernaut has been accused of privacy violations.

Insurance Data Security Model Law Expected in 2017
By Alex Pearce – January 31, 2017
What are the implications for insurers, agents, brokers, and service providers?

Recent Lessons from the FTC’s July 2016 Ruling in In the Matter of LabMd., Inc.
By Angel Chiang – November 28, 2016
Tips for organizations storing and managing sensitive personal consumer information.

Fight Over Amazon Echo Access in Murder Case Raises Internet of Things Privacy Concerns
By Christina Liu – January 17, 2017
A murder, a hot tub, and the digital assistant that may have recorded it all.

NYS Department of Financial Services Announces Changes to Proposed Cybersecurity Regulation
By Danielle Pomeraniec – January 5, 2017
Covered entities will have 180 days from the effective date to become compliant.


Review the Rule Act Aims to Delay Changes to Federal Rules of Criminal Procedure
By Danielle Pomeraniec – November 30, 2016
The act’s sole purpose is to gain more time to assess the impact the changes would have on individuals’ Fourth Amendment rights.

Recent Lessons from the FTC’s July 2016 Ruling in In the Matter of LabMd., Inc.
By Angel Chiang – November 28, 2016
Tips for organizations storing and managing sensitive personal consumer information.

New York State Department of Financial Services to Regulate the Cybersecurity of Financial Institutions
By Danielle Pomeraniec – October 31, 2016
Governor Andrew Cuomo announced the proposition in September.

California AG’s Office Takes Lead in Tackling Cyber Crime in Establishing C4 Center
By Christina Liu – October 19, 2016
The center will give law enforcement assistance in investigations where cyber expertise is needed.