Author Archives: LeClairRyan


About: LeClairRyan

As a trusted advisor, LeClairRyan provides business counsel and client representation in corporate law and litigation. In this role, the firm applies its knowledge, insight and skill to help clients achieve their business objectives while managing and minimizing their legal risks, difficulties and expenses. With offices in California, Colorado, Connecticut, Georgia, Maryland, Massachusetts, Michigan, Nevada, New Jersey, New York, Pennsylvania, Texas, Virginia and Washington, D.C., the firm has approximately 380 attorneys representing a wide variety of clients throughout the nation.

Crowdfunding 101

“Crowdfunding” offers an option to startups and small businesses to raise capital, although it is a greatly misunderstood and misused term. It refers to the pooling of money from a crowd for the funding of a project or venture, whether utilizing a donation model, reward model, royalty model, debt model or equity model. Securities laws apply when equity or debt securities are offered. In regard to crowdfunding, Congress amended the Securities Act to allow for an exemption from the registration of such securities if the issuer complies with certain rules and restrictions. To implement this amendment, federal crowdfunding rules were …


Responsibility Shifting for Cyber Attacks?

When a company’s protected data is compromised, potential litigants generally look to the company itself as the target for damages claims. The list of recent cases filed against the company suffering the data breach is long and, by now, familiar. In addition to potential damages claims, the breached company also must sustain the cost of remediation and attorneys’ fees, both in regard to its “first party” costs and with regard to third party claims. In very large breaches, it’s not uncommon for the company’s cost to far outstrip its insurance coverage, even if it has very good coverage. Historically, the …


US-China Cyber Deal Big on Promises, Short on Action

In the aftermath of recent cyberattacks attributed to China’s government and citizens, many observers prepared for a rather uncomfortable state visit by Chinese President Xi Jinping last week.  Then, as President Xi began his visit, the White House announced on September 25 what appeared to be a significant victory for corporate data security in America.  “We have agreed that neither the U.S. or [sic] the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.  In addition, we’ll work together and with other nations to promote international rules …


Is a Uniform Federal Data Breach Law Really Necessary?

In June 2015, the United States Office of Personnel Management announced a massive data breach. Estimates are that the breach compromises the personal information of up to 18 million current, former and potential federal employees. This data breach joined the growing list of mega breaches that has many calling for a single, federal, uniform data breach notification law, to replace and preempt the current so-called “patchwork” of state laws that exist in all but a handful of states. On July 7, 2015, the Attorneys General of 47 states and US territories joined together in a letter to congressional leaders opposing …


SCOTUS Decision in Spokeo Could Have Significant Impact on Data Breach Litigation

Following several significant data breaches in 2014 and 2015, including one reported just last week by the IRS, organizations of all types are on high alert to safeguard against data breaches and to prepare incident response plans, recognizing that no one is immune. As organizations prepare for a future business climate in which consumers and government regulators alike expect proactive risk assessment and programs to address identified vulnerabilities, there is little question that such heightened expectations will lead to significant future regulatory action and litigation in the aftermath of data breaches. At a May 11, 2015 event hosted by U.S. …


The Utility and Risk of Mobile Device Tracking

Americans are becoming increasingly dependent on mobile devices. These devices allow us to remain in constant contact with our family, “friends” (the real kind and the Facebook kind), Followers, and colleagues. Use of the devices is now cross-generational; teenagers to grandparents are carrying around the latest iPhone or Android product. Retailers are taking notice and capitalizing on this social and technological phenomenon by tracking mobile devices and their owners as they move about malls, shopping centers, and stores. This allows for the study of customer behavior, which ultimately enables a better understanding and improvement of the customer experience, which hopefully …


Has the FTC Met Its Match?

Companies across the Country should be following the Federal Trade Commission’s (“FTC”) civil suit brought against Wyndham Worldwide Corporation and Wyndham Hotels and Resorts, LLC (“Wyndham”) entitled Federal Trade Commission v. Wyndham Worldwide Corporation, et al. as the outcome of this case may significantly impact the FTC’s ability to regulate U.S. companies with regard to cyber security. In June 2012, the FTC filed a complaint in the U.S. District Court for the District of Arizona against Wyndham. The action arises from multiple cyber security breaches of Wyndham’s computer network purportedly occurring from 2008 to 2010 and resulting in an alleged …


Social Engineering & Breaking Bad: Exploiting Social Weaknesses of Cybersecurity

In September 2013, viewers across the world watched the 62nd and final episode of the hit AMC show Breaking Bad, a show about a chemistry teacher, Walter White, who becomes a methamphetamine kingpin after learning that he has cancer. What people may not have realized is that in this final episode, Walter employed a technique commonly used by cybercriminals, known as Social Engineering, and the show offered a very realistic illustration of a threat regarding which all businesses and individuals should be aware.

Looking at the Past to Predict the Future of HIPAA/HITECH Enforcement

2013 was a busy year for the Department of Health and Human Services. In January 2013, HHS issued its Final Omnibus Rule, substantially modifying both the Privacy, Security, and Enforcement Rules related to the Health Insurance Portability and Accountability Act (HIPAA) and the Breach Notification Rule under the Health Information Technology for Economic and Clinical Health Act (the HITECH Act). The Final Omnibus Rule gives HHS’s Office of Civil Rights even greater authority to police covered entities and to enforce HIPAA/HITECH Act privacy regulations. As expected, OCR was active in its enforcement of the Final Omnibus Rule in 2013. In …


Big Box Data Breaches

2013 was a difficult year for several large U.S. “Big Box” retailers which experienced major data breaches at the hands of cybercriminals. These well-publicized breaches included those among the largest in history. These now infamous “Black Friday Hacks” caused these companies to suffer significant economic losses, including remediation, defending class action lawsuits and fighting off the FTC and States Attorneys General. In addition, there is the unquantifiable damage to the companies’ brands and reputations. The type of cybercrime experienced by these retailers has been a reality for nearly a decade. For example, in 2005 cybercriminals stole 90 million records from …