Jun. 12, 2024

Lessons From the Trenches: Winning Strategies for Defeating Pen Register Lawsuits

As Congress considers the proposed American Privacy Rights Act, creative plaintiffs’ lawyers are filling the void by filing hundreds of lawsuits each year alleging novel state law theories to challenge the collection of information on the internet. The most active bench of privacy advocates has seized on the California Invasion of Privacy Act (CIPA) to file a barrage of privacy litigation based on a decades-old law. The latest filings have focused on the argument that commonplace tracking software, like cookies or pixels, constitutes “pen register” and “trap and trace” devices that may not be used without consent or a court order. In this guest article, Blank Rome partner Rachel Schaller lays out plaintiffs’ pen register litigation playbook and provides strategies to defeat CIPA claims. See our two-part series on website-tracking lawsuits: “A Guide to New Video Privacy Decisions Starring PBS and People.com” (Mar. 29, 2023), and “Takeaways From New Dismissals of Wiretap Claims” (Apr. 5, 2023).

Six Steps for Improving Cloud Security From CSRB’s Report on Microsoft Intrusion

The U.S. Cyber Safety Review Board’s (CSRB’s) recent post-mortem look at a 2023 cyber incident concluded that Microsoft’s “cascade of security failures” let Chinese hackers spy on U.S. government email accounts. The CSRB urged Microsoft to deprioritize development of new features to make “rapid and substantial” improvements to its security culture. The report includes 21 recommendations, including calls to improve cloud-system authentication processes and to give customers more access to security logs, for which Microsoft currently charges companies separately from its core services. This article, with insights from Cloud Security Alliance, CrowdStrike, Dinsmore & Shohl, Netskope and Reed Smith, identifies key takeaways from the report and addresses how companies can improve their cloud security. See “Checklist Covering CSRB Recommendations on Five Areas for Strengthening Cyber Defenses” (Mar. 27, 2024).

Privacy and Data Security Regulators Discuss Enforcement Priorities and Collaborative Efforts

With the deluge of new data privacy and security legislation, alongside rapid growth in innovation, enforcement continues unabated, though the focus has shifted in some cases. This article distills insights on recent enforcement actions, trends and best practices from privacy and data security regulators who spoke during a panel discussion led by Freshfields Bruckhaus Deringer partner Christine Lyon at the Practising Law Institute’s recent 25th Annual Institute on Privacy and Cybersecurity Law. See “Practical Insights Direct From U.S. State Privacy Enforcers” (Apr. 10, 2024).

Cybersecurity and Privacy Partner Joins Alston & Bird in Washington, D.C.

Jennifer Everett has joined Alston & Bird as a partner and member of its privacy, cyber & data strategy team in Washington, D.C. She arrives from Jones Day. For commentary from Everett, see “Choosing Cybersecurity Insurance in a New Risk Environment” (Nov. 6, 2019). For insights from Alston & Bird, see “Navigating Ransomware’s Challenges” (May 1, 2024); and “Binance’s $4.3‑Billion Criminal Resolution Raises Questions on Crypto Guidance” (Feb. 7, 2024).

Womble Welcomes Data Privacy Partner in Los Angeles

Womble Bond Dickinson has announced that Kyle Kessler has joined as a partner in the privacy and cybersecurity group in Los Angeles. She arrives from Orrick. For insights from Womble, see “U.K. Equifax Fine Calls for Stricter Parent-Subsidiary Data-Sharing Processes” (Oct. 25, 2023); and “How Colonial Pipeline Changed Advice on Ransomware Preparation and Response” (Apr. 6, 2022).