Posted on August 24, 2010 by Christopher Wolf

September Privacy Events Galore

 

With the new "school year" comes a plethora of privacy events featuring Hogan Lovells attorneys:

On September 9th, the International Association of Privacy Professionals will present this Web Conference on "The Evolution of FTC Privacy Enforcement Actions—What More Granular Enforcement Means for Respondents and Businesses" featuring Hogan Lovells attorneys Chris Wolf and Tim Tobin and FTC Attorney Kandi Parsons.

 

It is a given that there can be no privacy without data security.  Chief Security Officer magazine is presenting the Security Standard conference on September 13 and 14 at the Marriott Brooklyn Bridge in New York City to explore  the complexities of modern security strategies, addressing identity management, cloud security, data protection, risk management and privacy.  For registration information, click here

Hogan Lovells' Chris Wolf will be presenting the following session on September 13:

Negotiating with Your Cloud Provider:  Standard service agreements don’t go far enough in protecting your data and your organization in the event of security incidents or outages at cloud providers. In this session, learn how to negotiate the right terms and penalties to get the protection you need from your cloud provider, from identity management to business continuity, incident response plans and more.

 

On September 14th, Pike & Fischer (a BNA company) will present this Web Conference entitled "Legal Landmines in Europe for Internet-Based Businesses" and featuring Hogan Lovells attorneys from our Paris Office David Taylor, Winston Maxwell, and Chris Wolf from Washington, DC, as well as Google's Global Privacy Counsel Peter Fleischer.

 

 

On September 21st, Hogan Lovells will present a complimentary webinar on NAFTA Privacy featuring top governmental privacy officials from Canada, US, and Mexico, as well as the Chief Privacy Leader of General Electric, and moderated by Hogan Lovells' Chris Wolf.   More information can be found here  To register, please click here.

 

And later in September....

 

You are invited to join Hogan Lovells at the upcoming Online Trust Alliance 5th Anniversary "Online Trust & Cybersecurity Forum" being hosted at Georgetown University, September 22 to 24.  Of particular interest on Wednesday the 22d are three pre-conference workshops focusing on(1) email regulatory compliance, (2)  email and domain authentication, and (3) malvertising.  More information on the agenda and registration information are posted here .

Thursday keynotes include the US Secretary of Commerce Gary Locke, Greg Link of CoveyLink, Howard Schmidt (White House Cybersecurity Coordinator) and Randall Rothenberg (IAB) as well as dozens of other business and industry leaders.  Friday Representative Cliff Stearns is speaking and kicking off a privacy roundtable following by sessions on data breach remediation, identity management and privacy policy makeovers.

At the September 24th session, Christopher Wolf of Hogan Lovells will participate in this panel:

Data Breach & ID Theft; Detection & Remediation *
Despite increased security prevention investments and employee training, incidents of data loss are increasing. Companies need to pro-actively plan for the worst case understanding the focus is not if an event will occur, but when. An effective plan includes an orchestrated play book to be deployed on moment’s notice. This session will examine steps businesses can take to protect consumers and their brands by reviewing elements of an effective plan including consumer education.  Session will also examine the role consumers have in the chain of trust and steps they can take to protect their identity.

  • Chris Shenefelt, Executive Vice President, Global Operations, Intersections Inc.

  • Anne Wallace, President, Identity Theft Assistance Corporation

  • Christopher Wolf, Director, Privacy & Information Management Practice, Hogan Lovells

OTA has offered readers of the Hogan Lovells Blog the opportunity to register by August 31st for only $399.50 for the two day program and save 50%.  Use discount code Hogan50  Register at https://otalliance.org/dc.html

 

 

AMP Summit is "an annual forum for influentials and thought leaders in the activist, media and political spheres."   Public officials and regulators, experts from think tanks, trade associations, and public relations, and members of the media will attend. This conference in Washingrton at the Marriott Metro Center "is intended to inspire new thinking, challenge traditional strategies, and create opportunities to learn from each other."   Detailed information can be found here .

Chris Wolf from Hogan Lovells will participate on a panel on Friday, September 24th from 3:50 to 5 PM entitled "Privacy in the Internet Age: Does DC Have a Role to Play?" with Lillie Coney of the Electronic Privacy Information Center and  Berin Szoka of the Progress and Freedom Foundation, moderated by Bruce Mehlman of Mehlman, Vogel, Catagnetti.

 

Also, as shown here, Quentin Archer from the Hogan Lovells London Office will be co-chairing the Sedona Conference International Programme on Cross-Border E-Discovery and Privacy on 15 and 16 September in Washington, DC.

Tags: , , , , , , , , ,
Posted on October 1, 2009 by Christopher Wolf

Employee Liability Under the Computer Fraud and Abuse Act

Our colleague, Bill Flanagan, has provided this guest blog on a new case from the 9th Circuit construing the Computer Fraud and Abuse Act in the employment context:

The Ninth Circuit Court of Appeals recently weighed in on the question whether an employee who has been granted access to his employer’s computer system – but then uses the properly-accessed information in a manner contrary to the employer’s interest – has acted “without authorization” in violation of the Computer Fraud and Abuse Act (“CFAA”), a federal statute that imposes criminal and civil liability for certain computer crimes (LVRC Holdings LLC, v. Brekka, et al., No. 07-17116 (9th Cir., Sept. 15, 2009). The court came down on the side of the employee, ruling that because the employee had been given access to the information on the computer, he did not violate when he allegedly misused it.

In this case, the employee emailed the company’s valuable financial and other business records to his personal email account while he was employed, but did not delete the records from the personal computer when he quit. When the company later learned facts leading it to conclude that the former employee was using the information for competitive purposes, it sued him, alleging that the former employee accessed the computer information “without authorization,” which is prohibited under the CFAA. 

 

The court affirmed the lower court’s judgment for the employee – concluding that under the plain meaning of CFAA an employee accesses a computer “without authorization” only where the person has not received permission to use the computer in the first place (such as when a hacker accesses a computer without permission), or where the employer has rescinded access to the computer but the employee uses it anyway. According to the Ninth Circuit, it is irrelevant under the CFRA that an employee, who has been granted access to the employer’s computer information, uses the accessed information for personal or wrongful purposes. (Language in the opinion suggests that the outcome might have been different if the employer had a policy that prohibited the transfer of company data to a personal computer and required employees to return all company data upon termination of employment – and employers might want to consider enhancing their computer-usage policies accordingly.)

 

The Ninth Circuit decision is squarely at odds with a decision in the Seventh Circuit, International Airport Centers LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006.) In that case, the court held that an employee’s authorization to access a computer ended for purposes of the CFAA when the employee breached his duty of loyalty by deleting information, including the employer’s valuable data and evidence of the employee’s efforts to set up a competing business in violation of his employment contract, from the employer’s computer.

 

It is unlikely that employers have heard the last word on the issue, as the opposite conclusions reached by the Ninth and Seventh Circuits are sure to trigger additional litigation and, perhaps, ultimate resolution by the Supreme Court.
Tags: , , ,