Technology
-
Thomas Jackson, Chair of the Technology Practice, was mentioned as a data privacy expert in the article “20 Questions on the CCPA with Answers from Privacy Experts” published in the DataGrail blog.01/10/2020 | https://datagrail.io/blog/20-questions-on-the-ccpa-with-answers-from-privacy-experts
The article addresses some of the key questions raised by California’s new privacy law, the California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, including what is covered by and who must comply with the new law and how it compare with Europe’s General Data Protection Regulation (GDPR) implemented in May 2018.
-
Article - The New York Law Journal publishes “Canada Proposes Requiring Consent for Transfers of Personal Data Across Its Border,” an article authored by Patrick Burke, Chair, Data Technology & Cybersecurity Group, and Anne-Sophie Hutteau-Hiltzer, referendare with the Group. (Subscription Required)05/15/2019 | New York Law Journal
Authored by Patrick Burke, Chair, Data Technology & Cybersecurity, and Anne-Sophie Hutteau-Hiltzer, referendare with our Data Technology & Cybersecurity, German and Corporate & Business Law Practices
Excerpt:
Canada’s Privacy Commissioner, Daniel Therrien, recently announced his intention to obligate companies to obtain Canadians’ consent before an organization engaged in commercial activities may legally transfer their personal information across the border for processing, including to the United States. Canada’s Office of the Privacy Commissioner (OPC) released a consultation paper on April 9, 2019 communicating this proposed change of direction, and calling for stakeholders’ commentary by June 4, 2019 (April 9, 2019 OPC Consultation on Transborder Data Flows). It is unclear at present whether the anticipated consent requirement will be applied to transborder transfer for processing of employees’ personal information by employers, which until now has not explicitly been required.
This is a significant turnabout for Canada. Consent for such transfers is not explicitly required under Canada’s Personal Information Protection and Electronic Document Act, S.C. 2000, c.5 (Can.) (PIPEDA). Until now, the OPC did not require the consent of consumers or other “data subjects” for transborder transfers of personal information for processing. Instead, it applied an “accountability principle” that was satisfied if a Canadian-based entity informed data subjects of transborder transfers in its posted privacy policy and remained legally accountable for the protection of personal data sent abroad to a third party for processing. Principle 4.1.3 of schedule 1 of PIPEDA provides as follow: “An organization is responsible for personal information in its possession or custody including information that has been transferred to a third-party for processing. The organization shall use contractual or other means to provide a comparable level of protection while the information is being processed by a third party.” -
Media - Thomas Jackson, Chair of the Technology Practice, is quoted in "Challenges Facing Hospitality In the Next Five Years - An Inhospitable Environment" published in the D/SRUPTION Magazine report, The Future of Hospitality. | Read here04/24/2019 | D/SRUPTION Magazine
To read the full Hospitality Report, click here.
Thomas Jackson, partner at Phillips Nizer LLP, explains that the industry’s extraordinarily rich data market brings with it a much higher risk of identity theft. This is particularly the case, he says, “when the breach involves dates of birth, passport numbers, travel itineraries, and other kinds of discrete data that one would not expect to see in a typical payment system.”
-
Article - Collecting Biometric Information Just Became Riskier Under Illinois Law (Pratt's Privacy & Cybersecurity Law Report, April 2019) authored by Patrick Burke and Alisha McCarthy | Read here04/01/2019 | Pratt's Privacy & Cybersecurity Law Report
The authors Patrick J. Burke and Alisha L. McCarthy discuss a recent Illinois Supreme Court ruling, which is a boost to plaintiffs in Biometric Information Privacy Act lawsuits, and carries a cautionary note for companies that collect biometric information from consumers or employees in Illinois.
-
Media - Patrick Burke addresses the susceptibility of blockchain-based software to cyberattacks in LegalTech News article, "Users Beware: Blockchains Are Susceptible to Attacks," after reports of more hacks to blockchain-backed cryptocurrencies and smart contracts. (Subscription Required)03/18/2019 | Law.com / LegalTech News
“With anything involving software, anything involving anything online, it’s always an IT security risk,” said Phillips Nizer partner and former New York state Department of Financial Services deputy superintendent Patrick Burke.” So while the blockchain itself is generally pretty impregnably accept for the ‘51% attacks’, the software written around the blockchain is as susceptible as any other software.”
“At DFS, we would look at [a blockchain's] vulnerability to 51% attacks,” Burke said. ”You have to look at the number of miners it would take, what is the criteria for controlling [it], is it proof of work, proof of stake [and] how small of a group can pull off a 51% attack.” -
Media - Tom Jackson, Chair of the Technology Practice, quoted by Business Travel News in, “Marriott's Plans for Data Protection,” an article highlighting the multinational hotel group’s potential changes to its cybersecurity protocols as a result of a data breach to the reservation system of its subsidiary Starwood Hotels in 2018. | Read here03/08/2019 | Business Travel News
At the time of the announcement of the breach, it was reported that over 300 million customers were potentially affected. Starwood was acquired by Marriott International in 2016.
-
Article - CoinReport publishes, "The Lost Treasure of Quadriga CX: A Teachable Moment," an article by Patrick Burke, Chair of the Data Technology & Cybersecurity Group | Read here03/01/2019 | CoinReport
Customers of QuadrigaCX, the Canadian virtual currency exchange, have been left in limbo without access to their funds after it was reported the company's founder and CEO Gerald Cotton had passed away leaving no other company executive with the private keys to their accounts.
-
Media - Patrick Burke comments on JPMorgan's new digital currency "JPM Coin" in the article, "JPMorgan’s New Digital Currency: Will Benefits Outweigh Risks?" appearing on Law.com/LegalTech News (Subscription required)02/21/2019 | Law.com / LegalTech News
“One risk is that somehow there’s a glitch in the software and the accounting gets screwed up and people feel like they’ve lost money. And one way that there can be a glitch is if there’s a hack of the system so they need to be very careful about their cybersecurity around the blockchain...Since it’s staying in the bank it’s at much lower risk for money laundering or violation of sanctions. So they’re safer as these things go compared to a cryptocurrency that’s out in the wild.”
-
Media - Patrick Burke quoted by Cyber Defense Magazine in, "QuadrigaCX Cryptocurrency Exchange — Password or Death Fail?" about the death of Gerald Cotten, Founder, sole Director, and CEO of QuadrigaCX, the Canadian cryptocurrency exchange. | Read here02/12/2019 | Cyber Defense Magazine
Cotten died in December 2018 reportedly as the only individual with the master password to access the internal server for the exchange. Since the initial reports of Cotten's passing, alarming information has come to light, including alleged missing coins, cash, and other digital assets, and possible fraud.
"It’s one thing to trade your cryptocurrency on an unregulated exchange; it’s another to trust them to store your coins safely for you. If you are not day-trading, you do not need to store your crypto on an exchange. The safest place is with companies that specialize in providing ultra-safe custody for digital assets."
-
Media - Law360 quotes Thomas Jackson in "Yahoo Breach Deal's Failure Shows Vagueness Doesn't Pay," highlighting a U.S. District Court refusal to approve a $50 million data breach deal between Yahoo! and its users. (Subscription Required)02/11/2019 | Law360
Excerpt:
"Central to the concerns Judge Koh is raising is why it took 143 attorneys from 32 firms to file a complaint, oppose a stay, oppose a demurrer and file a motion for class action certification, and how that work could conceivably justify an award, on average, of over a million dollars for each of the firms...the court in its decision painted a picture of Yahoo as the poster child for bad behavior...It took particular pains to point out that Yahoo's estimate for settlement purposes of the number of accounts affected was not accurate, as well as other misdeeds, including Yahoo's denial in public filings that it knew anything about unauthorized access to personal data, its withholding of information and its delay, in some cases for a period of years, in notifying users of something it had contemporaneous knowledge of, leaving them in the dark as far as any actions they needed to take to protect themselves against the potential misuse of the compromised data."
-
Media - Alan Behr, member of the Intellectual Property Law Practice, has been quoted by IPPro magazine in the article, "Oracle v Rimini: The shifting sands of copyright". | Read here02/08/2019 | IPPro Magazine
The U.S. Supreme Court will resolve a conflict in the Circuits concerning whether the copyright statute's authorization of recovery of “full costs” includes costs, such as expert witness fees, for which recovery is not otherwise authorized under the general statutory provision defining recoverable costs in every federal case. Alan commented on that question and the broader problem of ambiguity and interpretation of a copyright statute dating from 1976—on that he believes is long overdue for overhaul or full replacement.
-
Media - Thomas Jackson, Chair of the Technology Practice, quoted by Law360 in "Apple's Facebook, Google App Bans Shake Up Privacy Fight." The article reports on Apple's recent block of an internal marketing research app Facebook and Google distributed to consumers, including minors. (Subscription required)02/01/2019 | Law360
Excerpt:
"I don’t regard a teenager — or for that matter an adult — being incentivized to download a 'survey' app based on a statement that trusting the app 'may give' Facebook’s developers 'access to your data' and tapping a 'Trust' button as having given his or her consent."
-
Media - Law360 quotes Patrick Burke in, "Google's EU Privacy Fine Sets High Bar For Educating Users," published on January 22, 2019. (Subscription required)01/22/2019 | Law360
“This is a lesson to U.S.-based companies operating across Europe. Unless you want to suffer from disparate enforcement and fines from various European member states’ data protection authorities, your organization should comply with the GDPR’s one-stop-shop mechanism by empowering its subsidiary in its jurisdiction of choice as a true ‘main establishment’ with decision-making power over processing operations across Europe. Google’s delay in so designating its Irish subsidiary may have cost it 50 million euros.”
-
Press Release - Patrick Burke, Cybersecurity and Cryptocurrency Regulator, Joins Phillips Nizer; Launched Office of Financial Innovation for NYS Department of Financial Services01/15/2019
Led state office overseeing cybersecurity and virtual currency regulations; established practitioner in global data privacy and digital investigations
-
Understanding The Realities Of The ADA And Your Website (Total Food Service)05/18/2018 | Total Food Service
Website accessibility is a hot topic right now which means you should be checking if your website is compliant with Title III of the Americans with Disabilities Act (ADA). If your website is not accessible to individuals with disabilities, you might get slapped with an unwanted and expensive lawsuit.
-
"Identifying the Right Vendors and Processes for Securing Your Data", Metropolitan Corporate Counsel, September 25, 201409/25/2014 | Metropolitan Corporate Counsel / Corporate Counsel Business Journal
-
"‘Wultz’ May Influence U.S. Cross-Border E-Discovery Privilege Law", New York Law Journal, March 17, 2014 (Subscription required)03/17/2014 | New York Law Journal