Blog

The Computer Fraud and Abuse Act prohibits all of the following EXCEPT

After the Supreme Court’s decision in Van Buren, it is clear that individuals only “exceed authorized access” if they overcome technological “code-based” limitations on access, not ones enforced only by contract or policy.

Elephants and Donkeys, Inc. is a data aggregation service that collects consumer information from many sources and provides it to political groups for direct marketing.  While Elephants and Donkeys, Inc. never provides information such as dates of birth or social security numbers, many of the data streams it aggregates contain that type of information.  Elephants and Donkeys, Inc. does not have a policy in place regarding storage or maintenance of personal information collected. On January 1, 2017, Elephants and Donkeys suffered a major data breach and all of its stored data, including some personal information from residents of every state in the United States, were accessed and copied by hackers. Elephants and Donkeys, Inc. immediately launched an investigation into the nature of the breach, notified law enforcement, and implemented its data breach action plan.  About six months after the breach, Elephants and Donkeys, Inc. sent the following notice to all affected individuals via the United States Postal Service:   Dear Consumer, In January of this year, we suffered a major data breach.  Our investigation revealed that the breach was the result of Chinese State-Sponsored Hackers.  These hackers stole your data, including potentially your date of birth and social security number.  We’re very sorry that they stole the data, but we did literally everything we could to protect your data and prevent a breach.  We recommend that you monitor your credit reports for identity theft for at least the next year.   Sincerely, Stew N. Patatas, Prez., Elephants and Donkeys QUESTION:  Did the timing of Elephants and Donkeys, Inc.’s breach notification letter comply with law?

Section 5 of the FTC Act includes explicit cybersecurity requirements for companies handling consumer data.

The Electronic Communications Privacy Act provides which of the following remedies against individuals who gain unauthorized access to communications facilities and thereby access electronic communications stored incident to their transmission? 

Which of the following are essential features of a contract?

Hans Bizarre, continued. Please use this fact pattern for the following question (names have been changed to protect the innocent….and not so innocent)   Cheryl Haskins runs a world-famous exotic animal sanctuary called “Large Cat Liberation.”  Large Cat Liberation is a 400-acre nature preserve located in Florida filled with exotic animals that Ms. Haskins has “rescued” from poachers and substandard exotic animal sanctuaries. Her web site, “LargeCatLiberation.org” posts backgrounds and updates of all recued wildlife as well as sells a variety of merchandise (t-shirts, posters, mouse pads, auto sun shields, etc) all displaying the Large Cat Liberation nationally-trademarked name and logo.  Approximately 500,000 people visit LargeCatLiberation.org daily, and it is the first Google recommended site after typing “Large Cat” in the Google search bar.  The website generates approximately $1million in merchandise sales every year.   Hans Bizarre, the proprietor of a third-rate tiger sanctuary/travelling circus in South Dakota named “SD Sanctuary,” has always detested Cheryl and is extremely jealous of her fame.  His site, “SDSanctuary.com” only receives about 13,000 visits per day, and many of those “visits” are suspected to really be Hans sitting at his desk hitting “refresh” on the browser over and over again.  He is also jealous of her income, especially as his zoo has fallen on hard times due to recent exotic animal zoo exposés on Hulu.  One day, Hans has a great idea: he is going to change the company name and website to “LargeCatLiberationLive.com” in order to tap into Cheryl’s popularity.    The change was an immediate success- traffic to his site increased to 250,000 visits per day, and he finally began selling merchandise with the new name.  As a bonus, whenever Hans typed “Large Cat Liberation” in the Google search bar, both his new site and LargeCatLiberation.org were similarly displayed.  Back in Florida, Cheryl first noticed a precipitous decline on her merchandise sales, but then she saw that her daily traffic had dropped by about 200,000 per day.  Digging even deeper, she saw that there was now a website called “LargeCatLiberationLive.com.”  To add insult to injury, when she went to “LargeCatLiberationLive.com.” she saw that it was actually run by her sworn nemesis, Hans Bizarre. Question 2:   Cheryl is so mad that in addition to suing Hans, she wants to make a statement and punish search engines for even displaying results of the infringing website.  She therefore files a $10million suit against Google for “contributory” and “indirect” trademark infringement (Cheryl plans to use the judgement to sponsor veterinarian scholarships in the name her husband, Harold, who died years ago under mysterious circumstances).  In her suit against Google, how likely is Chery to prevail:

State enforcement actions for state notification violations in a data breach are brought by the ____________________. 

All of the following are elements of the FTC’s unfairness test EXCEPT

_______________’s data security laws are widely studied and followed because they are the most comprehensive and detailed.  By following the laws of this state, companies can be confident they are meeting minimum data security requirements in every state.