is Of Counsel in the Litigation department of Fenwick & West. He focuses his practice on privacy and data security litigation, counseling and investigations, as well as intellectual property and commercial disputes affecting high technology and data driven companies. Hanley regularly advises companies large and small on data breaches and cybercrimes, network and data security, and internal investigation.
There is often a tension between the needs of law enforcement and the companies that collect and store the electronic data of individuals. Law enforcement may seek this data from the companies through subpoenas, search warrants, and other court orders as part of its investigation and request that the companies did not disclose their interaction with authorities to maintain the confidentiality of the investigation. In contrast, companies may wish, or be obligated under the terms of their agreements or privacy policies, to disclose to their customers that they have produced the customers’ electronic data to law enforcement pursuant to legal process. To prevent the companies from doing so, federal law enforcement typically obtains a non-disclosure order pursuant to 18 U.S.C. § 2705(b) from a federal magistrate court. These orders have generally not had a definite expiration date. However, companies have recently begun to challenge the limits and scope of such orders. The recent case of Microsoft Corp. v. United States Dep’t of Justice, No. C16-0538 JLR, represents the most serious challenge to date.
Cybercrime seemed to be in the news daily in 2016. From the hack of the Democratic National Committee email accounts to the massive data breaches suffered by large technology companies, a major restaurant chain, and numerous government agencies, the news seemed inundated by a steady stream of high profile cybercrime. What is in store for 2017? Given the proliferation of electronic devices and data in our society, we can reasonably expect cases of cybercrime to continue to increase in number and complexity in the new year.
The privacy implications of the driverless car are significant. The data that such a vehicle could collect and the potential uses of that data could be extraordinarily intrusive. Driverless cars could provide both historic and real-time, continuous geolocation data. Companies could utilize this data to determine not only your current location and destination but also every place that you have been. This data could lead to commercially valuable, but extremely sensitive and intimate information about individuals being discovered. Advertisers may be able to discern the purchasing patterns of individuals by tracking what stores they frequent. Insurers may be able to determine what the lifestyle of individuals is like by following their daily activities (e.g., constant trips to the gym) and dining habits (e.g., persistent trips to fast food restaurants).