Twitter LinkedIn
White Collar Posts

Pennsylvania Supreme Court Puts Employers on Notice: You Can Be Liable When Hackers Breach Your Systems >
December 5, 2018
By: Yune D. Emeritz, Kate A. Kleba, and Abraham J. Rein
The Pennsylvania Supreme Court has recast two key legal principles that have stood as crucial bulwarks against liability for employers and other businesses that find themselves hacked by malicious third parties. The decision, Dittman v. UPMC, has the potential to usher in a new era of data breach litigation in Pennsylvania. It stands as a strong warning to Pennsylvania employers that they should act now to review and assess the adequacy of their data security.
Read More

Highlights from IRS Criminal Investigation Division (CID) FY 2018 Annual Report >
November 14, 2018
By: Carolyn H. Kendall
On November 14, 2018, IRS Criminal Investigation Division (“CID”) released its Annual Report for fiscal year 2018, detailing its enforcement actions for the past fiscal year. CID is the federal enforcement agency with exclusive jurisdiction over federal tax crimes, i.e., Title 26 and 31 offenses.
Read More

Pennsylvania Data Breach Litigation: An Important New Resource...and a Case to Watch >
January 10, 2018
By: Abraham J. Rein
On January 8, 2018, Bloomberg Law's Privacy & Data Security publication released its "Domestic Privacy Profile" for Pennsylvania, for which I served as Bloomberg's subject matter expert practitioner. The publication is extremely comprehensive in scope, but I'd like to take the opportunity to highlight one Pennsylvania case that it discusses, which is currently before the state Supreme Court and could have a significant impact on privacy and data security litigation in Pennsylvania.
Read More

Mr. Mueller's Options, Short of Indictment >
November 28, 2017
By: Ronald H. Levine
Suppose Special Counsel Robert Mueller's team develops evidence that nonetheless is material to matters of national security or to non-criminal malfeasance? Obviously, this would be of great interest to the public and to Congressional committees investigating parallel and related matters. What are his options? I discuss this in my November 27, 2017 article for Law360, "Mueller's Options, Short Of Indictment."
Read More

Navigating the Cloud's Data Security and Legal Hazards >
June 7, 2017
By: Abraham J. Rein
The Legal Intelligencer recently published my article, “Cloud Control: Data Security Hazards and How to Avoid Them,” in their 2017 Cybersecurity Supplement. The article looks at what businesses need to be thinking about in terms of cybersecurity and compliance issues associated with cloud computing - a model that has largely been embraced by the business world as the rule rather than the exception.
Read More

Liability for What Goes on Behind Closed Doors: Sex Trafficking and the Hospitality Industry's Privacy Tightrope >
March 28, 2017
By: Abraham J. Rein, Charles W. Spitz, and Marc H. Perry
Earlier this month, the Philadelphia hotel, Roosevelt Inn, its corporate parents, its New York management company, and an individual owner/manager of the hotel, were sued for allegedly allowing trafficking of sex involving a minor to take place on the hotel's premises. The case - the first of its kind invoking Pennsylvania's recently-amended human trafficking law - raises an abundance of difficult legal and ethical questions regarding hotels' legal responsibilities for and obligations concerning their guests' conduct, and how to meet those responsibilities while also respecting guests' privacy.
Read More

New York Proposed Cybersecurity Regulations: A Predictor of Things to Come for the Finance and Insurance Industries >
January 27, 2017
By: Steven J. Fox, Cynthia A. Haines, and Abraham J. Rein
The proposed regulations would be the most prescriptive data security requirements yet to be imposed. They would require all covered financial institutions and insurers to establish and maintain cybersecurity programs and policies addressing a list of minimum requirements, "to the extent applicable to the Covered Entity's operations."
Read More

FCC Commissioner Seeks Investigation of Wi-Fi Hotspot Limitations at Presidential Debate >
September 28, 2016
By: Abraham J. Rein
At Monday's presidential debate, host Hofstra University ruffled feathers by reportedly moving to prevent journalists, attempting to file stories from the scene, from relying on their own wireless hotspots to get online. The move was seen by some as an effort to force reporters to use the venue's wireless service, said to cost $200, and caught the attention of the FCC. If correct, these factors may distinguish the Hofstra scenario from prior FCC enforcement actions, sufficiently to avoid an enforcement proceeding.
Read More

The Lambis Case and the Future of 'Stingray' Evidence >
August 22, 2016
By: Abraham J. Rein
I recently examined for Law360 a federal court decision in U.S. v. Lambis that marked the first time a federal judge has suppressed evidence secured from a cell-site simulator, or "Stingray" device. These devices mimic cell towers for surveillance purposes and can locate a cell phone. The case and decision are part of the larger story of mounting attempts to constrain law enforcement's use of Stingrays and similar devices, the use of which remained largely unknown by the public as recently as 2011.
Read More

Record $5.5 Million HIPAA Data Security Settlement: Lessons Learned >
August 8, 2016
By: Carolyn H. Kendall and Abraham J. Rein
On August 4, 2016, the Department of Health and Human Services, Office of Civil Rights (OCR) announced that Advocate Health Care Network, Illinois' largest hospital chain, agreed to pay $5.5 million to resolve multiple alleged violations of the Health Insurance Portability and Accountability Act (HIPAA). This settlement is the largest HIPAA-related settlement in OCR history, and comprises more than a quarter of the nearly $20 million that the government has collected in HIPAA-related enforcement actions in 2016 alone.
Read More

Plan Ahead, Stay On Top of Government and Tech Changes, and Be Ready to Call the FBI: Key Lessons from the PHI Protection Network Conference >
March 22, 2016
By: Abraham J. Rein
Late last week, the health care data security community gathered in Philadelphia for the PHI Protection Network Conference. The diverse group of speakers included in-house data security officers, technology consultants, academics, attorneys, and a variety of influential federal government representatives. I was in the audience. A handful of key themes were reiterated in various ways throughout the two-day gathering.
Read More

Two Points and a Lesson from PrivacyCon, FTC's Digital-Privacy Conference >
January 19, 2016
By: Abraham J. Rein
Last week, on January 14, 2016, the Federal Trade Commission (FTC) convened PrivacyCon, a first-of-its kind conference bringing together policymakers, academics, and technology researchers to discuss the challenges surrounding online privacy as we navigate between a fixed-internet world, a mobile one, and the growing “internet of things.” I was in the audience, and I came away with two major points and a lesson for white collar defense lawyers and their clients.
Read More

FCC Takes on Hospitality Wi-Fi Management Again: More Sanctions, Unresolved Concerns >
November 4, 2015
By: Abraham J. Rein and Charles W. Spitz
On Monday, November 2nd, the Federal Communications Commission (FCC) took more enforcement steps in its campaign against Wi-Fi blocking, "the practice of blocking unauthorized Wi-Fi hotspots that let consumers share mobile data access with other devices, like laptops and tablets" in hotels and convention spaces. This comes on the heels of a $750,000 settlement with Smart City Holdings over its Wi-Fi blocking at multiple convention centers, and a late-2014 settlement of $600,000 with Marriott over similar conduct.
Read More

HHS's Data Security Problem: Lessons for the Private Sector >
August 11, 2015
By: Steven J. Fox and Abraham J. Rein
Recently, the House of Representatives Committee on Energy and Commerce cataloged a series of potentially-serious data security failures at the Department of Health and Human Services (“HHS”). The Committee's report reveals, among other things, that HHS division systems have been hacked five times in the past three years, and traces the root of the problem to HHS's treatment of data security as subordinate to operational priorities.
Read More

Potential Class Action Highlights Cyber-Identity Theft Issues in the Tax Industry >
April 30, 2015
By: Abraham J. Rein and Carolyn H. Kendall
The tax industry has an identity theft problem. According to the Government Accountability Office (“GAO”), the IRS estimates that in 2013 it paid out approximately $5.8 billion in tax refunds to filers later determined to be identity thieves.
Read More

White Collar Principal Hardy and Associate Kendall Author Guest Blog on SCA Searches for Data Stored Abroad for the Federal Tax Crimes Blog >
April 25, 2015
In an April 25 guest blog post for Federal Tax Crimes, White Collar Principal and Data Protection/Breach Practice Group Co-Chair Peter D. Hardy and Associate Carolyn H. Kendall examine the Microsoft Appeal in In re Warrant to Search a Certain E-Mail Account, 15 F. Supp. 3d 466 (S.D.N.Y. 2014).
Read More

Recent Developments in FTC vs. Wyndham Underscore Importance of Cybersecurity Vigilance in the Hospitality Industry >
March 30, 2015
By: Abraham J. Rein and Marc H. Perry
On Friday, March 27, the parties in FTC vs. Wyndham, a key data security case with the potential to deeply impact the hospitality industry's cybersecurity practices" filed special supplemental briefs that the Third Circuit Court of Appeals requested during oral arguments earlier in the month.
Read More

The Philadelphia Inquirer: How Lawyers Prepare for Supreme Court and High-Profile Case >
February 8, 2015
By: Ronald H. Levine and Abraham J. Rein
In a February 8 article, Philadelphia Inquirer reporter Chris Mondics profiles Ronald H. Levine and Associate Abraham J. Rein as they prepared for oral arguments before the Supreme Court of the United States (SCOTUS) in November/December 2014.
Read More

Managing Wi-Fi Networks on Business Premises: Aggressive Enforcement and Unanswered Questions >
February 2, 2015
By: Abraham J. Rein
On Friday, January 30, 2015, Marriott International, Inc. (Marriott) the American Hotel & Lodging Association (AH&LA), and Ryman Hospitality Properties (Ryman) announced the withdrawal of their petition seeking clarity from the Federal Communications Commission (FCC) regarding businesses' ability to control Wi-Fi connectivity on their premises. It was probably the right decision strategically. However, certain key regulatory questions are unresolved, with no promise of a ready resolution forthcoming.
Read More

The Fifth Amendment Meets Password Protection >
July 6, 2012
By: Abraham J. Rein
Earlier this year, two federal courts weighed in on what surely is an important legal question affecting criminal investigations in the twenty-first century, and one that is significant for potential white collar targets or defendants.
Read More

New Civil E-Discovery Rules for Pennsylvania Courts >
June 11, 2012
By: Ronald H. Levine and Abraham J. Rein
The Pennsylvania Supreme Court has adopted an amendment to the Rules of Civil Procedure, as the Commonwealth joins a growing number of states with rules specifically addressing the discovery of electronically stored information (ESI) in civil litigation. The amendment makes it more important than ever that potential litigants be prepared for e-discovery disputes, armed with technical knowledge and legal know-how.
Read More