Internet Law

Cybersecurity and Privacy Rules

Published on: December 7, 2020 | by Law Offices of Salar Atrizadeh

Cybersecurity and privacy rules have changed the private and public sectors’ landscapes. The state and federal rules are changing the ways private and public organizations are managing their operations. These rules are focusing on privacy, security and regulations in all jurisdictions but uniformity is an issue. Therefore, state and federal legislators should ensure uniformity to avoid regulatory and enforcement contradictions.

The State of California has enacted laws to promote cybersecurity within its jurisdiction. For example, Assembly Bill 89 (“AB 89”) was enacted to ensure information sharing should be conducted in a way that protects an individual’s privacy and civil liberties, confidential information, preserves business confidentiality, and enables public officials to detect, investigate, and prevent network security breaches. It has also enacted the California Consumer Privacy Act (“CCPA”) that allows individuals to file a legal action against businesses that fail to implement and maintain reasonable security measures to protect their personal information. Now, “reasonable security measures” may include using a firewall, encryption, and intrusion detection software on their computer networks.

The State of New York has enacted laws to promote cybersecurity within its jurisdiction. For example, it has passed the Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) to protect consumers from exposure of private information from cybersecurity attacks. This statute is designed to increase data protection and data breach notification requirements for commercial enterprises. It is meant to hold business organizations responsible for gathering and storing consumer personal information which may include a name, address, telephone number, email address, date-of-birth, and social security number.

Workplace Privacy Rights – Part III

Published on: November 23, 2020 | by Law Offices of Salar Atrizadeh

There is a general presumption that workplace privacy does not exist under any circumstances. However, that is not always the case. The state Constitution grants privacy rights and a private right of action to file a lawsuit against employers who violate those rights. It states in relevant part that: “All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, pursuing and obtaining safety, happiness, and privacy.”

The courts have decided that the main issue is whether the employee has a “reasonable expectation of privacy.” So, for example, employers are allowed to monitor internet usage or business email communications. Nevertheless, employers are not permitted to conduct surveillance in bathrooms or locker rooms. An employer may be held liable for disclosing the employee’s termination reasons, arrests, convictions, credit reports, misconduct reports, medical information, or confidential communications.

Employers are usually interested in social media activities of their actual or potential employees. They may review their social media accounts to make hiring decisions. However, California Labor Code § 980 prohibits employers from requesting disclosure of usernames or passwords of social media accounts. It also prohibits employers to require the employees to access personal social media accounts in their presence. California Labor Code § 980 states in relevant part that an employer shall not require or request an employee or applicant for employment to do any of the following:

Workplace Privacy Rights – Part II

Published on: November 16, 2020 | by Law Offices of Salar Atrizadeh

Workplace privacy rights and legal restrictions on workplace monitoring are important issues. Many employers monitor employee activities to increase productivity and avoid workplace violations. They may use special software to monitor the network activities which can include email, telephone, and internet activities. However, they should also consider the employee’s reasonable expectation of privacy.

An employer, that has a legitimate interest in monitoring its employees, should be allowed to monitor business-related communications without problems. A legitimate interest can be established when there is proof that surveillance was conducted to promote efficiency and productivity. Employers usually inform their employees that they are being monitored to avoid violating their privacy rights. In other words, once the employee knows that he or she is being monitored, then he or she does not have a reasonable expectation of privacy. However, any kind of workplace monitoring should be narrowly tailored in time, place, and manner.

The Electronic Communications Privacy Act (codified under 18 U.S.C. 2511, et seq.) is a federal statute that is designed to control the workplace monitoring of electronic communications. It generally prohibits employers from intercepting electronic communications of their employees. Nevertheless, there are the following exceptions: (1) business purpose exception; and (2) consent exception. The “business purpose exception” applies when the employer is able to show surveillance was being conducted for a legitimate business purpose. The “consent exception” applies when the employer is able to show surveillance was being conducted with the employee’s knowledge and consent.

Workplace Privacy Rights – Part I

Published on: November 9, 2020 | by Law Offices of Salar Atrizadeh

Electronic data exists on multitude devices for everyone. In other words, electronic information such as letters, emails, pictures, or videos are being stored on your electronic devices on a regular basis. Now, we should be cognizant of this process and take steps to protect the electronic information and promote privacy rights.

The Fourth Amendment was enacted to promote an individual’s right to privacy and states as follows:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

United States Cybersecurity Laws – Part III

Published on: November 2, 2020 | by Law Offices of Salar Atrizadeh

Cybersecurity is the most important measure for protecting your personal and confidential information. There are cybersecurity incidents taking place on a daily basis. In general, most targets are companies and individuals who yield confidential information such as financial documents. This way, the hackers can use the information to promote their illegal acts or violations. In fact, it is known they use malware and spam to infiltrate electronic devices and extract confidential information.

Spam has been prolifically used by hackers to target victims. The hackers use this method to send unsolicited emails to victims. In other words, they ask them to click on a link or download a file which unbeknownst to the victim contains malware. Then, once the victim has downloaded the malware, his or her computer will be infected. The virus will extract personal information and send it back to the hacker. The virus may also use a “keylogger” to track the victim’s activities. It can track and record the victim’s financial transactions and find a way to log into his/her bank accounts.

Hackers can find their victims by using several methods. For example, phishing scams have been used to lure their victims into traps. They use instant messages and text messages to contact their victims. The hackers use these methods to take the victim’s usernames and passwords without authorization. They will try to gain access to the victim’s financial accounts and extract funds without authorization. As a result, the hackers will ruin the victim’s credit by opening up credit card or mortgage accounts without authorization. They can obtain cash advances if they gain access to the financial information. They will also utilize the victim’s social security number to engage in fraudulent activities.

United States Cybersecurity Laws – Part II

Published on: October 26, 2020 | by Law Offices of Salar Atrizadeh

Data breach incidents have caused a significant amount of complications for business owners and their customers. The statistics show that at least 50% or more of companies have been targeted by hackers. So, the lawmakers have taken steps to promulgate laws to protect the victims and penalize the bad actors.

Data Breach Notification Laws

Every state has some form of data breach notification legislation that requires business owners to give notice to consumers about a data breach that has resulted in the unauthorized acquisition of unencrypted personal information. These laws usually require the business owners to give notice to the consumers in the most efficient manner. They may require the business owners to notify the Attorney General’s office if the business is required to notify a significant number of residents in that state. They also grant a “private right of action” (i.e., the right to file a lawsuit) to the victim in order to seek legal and equitable damages.

United States Cybersecurity Laws – Part I

Published on: October 19, 2020 | by Law Offices of Salar Atrizadeh

Cybersecurity is paramount to secure online communications whether they are for sending or receiving sensitive or confidential information – e.g., trade secrets, intellectual properties, financial information. Many people assume they are protected on the internet when transferring or receiving files over computer networks. They may attach tax-related documents to their message and press the send button without hesitation. What most people do not realize is that information may be intercepted without authorization. Now, most laws require “reasonable security measures” to ensure the privacy of confidential records.

What are the state laws?

There is no single state law that applies to all cybersecurity-related issues. So, every state has promulgated several statutes in order to address and promote cybersecurity. These state laws are usually similar in their nature and scope. For example, California recently passed the California Consumer Privacy Act (“CCPA”) codified under Civil Code Sections 1798.100, et seq., to enhance consumer privacy rights. It grants consumers the right to know what kind of personal information is being collected about them, whether the personal information is sold or disclosed, to refuse the sale of their personal information, to gain access to their personal information, to request deletion of their personal information, and to not be discriminated against for exercising their privacy rights.

Internet Fraud Rules and Regulations

Published on: October 12, 2020 | by Law Offices of Salar Atrizadeh

Internet fraud and scams have exponentially increased in recent years. There are several reasons for this development which include the expansion of technology and usage of electronic devices in our daily lives.

The fraudsters find different ways to retrieve sensitive or confidential information in order to commit their crimes. For example, they may extract the information by dumpster diving next to corporations and financial institutions. There have been cases where sensitive information of a corporation’s employees was extracted without authorization. They may also engage in “shoulder surfing” which is another way to surreptitiously extract confidential information from the unsuspecting victim. These activities usually take place close to a bank’s ATM in order to steal the victim’s debit card PIN. They can also use what is referred to as a “skimming device” as a way to obtain sensitive information from debit or credit cards. These devices can be placed on ATMs to procure the confidential information without suspicion. The fraudsters can also obtain sensitive or confidential information by breaking and entering into the victim’s property. This way, they can look into the victim’s house or vehicle for valuable items or confidential documents.

There is a long list of internet fraud methods such as auction scams, rental scams, dating scams, lottery scams, and charity scams. The criminals are finding new ways to trick their victims into relinquishing valuable information – e.g., address, telephone, date-of-birth, social security number, debit or credit card number. Social engineering is another method to obtain information which is usually done by gaining the victim’s trust. It has become one of the main methods for extracting valuable information from unsuspecting victims. The internet allows culprits to anonymously communicate with their victims which is the major issue in lawsuits simply because it takes time and effort to launch an investigation. Our law firm is able to unmask the anonymous culprit’s identity by using the proper tools and techniques. We have access to a network of experts and investigators who can help our clients. We have also established relationships with local, state, and federal law enforcement agencies.

Discovery of Electronically-Stored Information

Published on: October 5, 2020 | by Law Offices of Salar Atrizadeh

The parties are generally entitled to discovery of relevant and admissible evidence during litigation. This process includes the discovery of electronically-stored information (“ESI”) which can be stored at internal and external locations such as the local area network and cloud. It has become more prevalent for companies to transfer their electronic files to the cloud to reduce costs. It is now more practical to upload and transfer data to a third-party’s servers. However, there are certain risks associated with this process. First, you will be relinquishing control over the electronic information. Second, you will not have control over the third-party’s information security protocols. In other words, even if the electronic information is originally encrypted, it may lose its encryption status if uploaded or transferred to the third-party’s servers.

It is important for attorneys to have a general understanding of the client’s network infrastructure. So, it is always recommended to interview the client’s information technology staff. This way, legal counsel can be better prepared to ask and answer discovery-related questions. Moreover, the relevant discovery rules are outlined in the Federal Rules of Civil Procedure 26, 33, 34, 37, and 45, and Federal Rule of Evidence 502.

Court Mandated Guidelines

What is Sextortion?

Published on: September 21, 2020 | by Law Offices of Salar Atrizadeh

Sextortion is a type of online blackmail. It’s one kind of sexual exploitation that takes place on the internet when an anonymous individual threatens to distribute the victim’s explicit videos or pictures if he or she does not comply with the demands which can include transferring funds through digital currencies. The culprit may use a webcam to extract private information and make threats to harm the victim if the victim fails or refuses to comply with the demands.

The culprit usually follows his victims on websites and chatrooms to gain their trust. The culprit may send a message to the victim that has malware in an effort to hack into the victim’s electronic devices. The victim can make the mistake of clicking on the link which releases the virus on to the computer. The infected computer is now compromised and can be used for nefarious purposes.

The courts have been dealing with sextortion since it is a new problem in the technology age. The law prohibits the non-consensual dissemination of intimate pictures or videos but the litigants or their lawyers have been using laws related to harassment, extortion, bribery, or child pornography. For example, 18 U.S.C. § 2251 prohibits sexual exploitation of children. The following federal statutes could be relevant to these activities: 18 U.S.C. § 2252, 18 U.S.C. § 2422, and 18 U.S.C. § 875.