Data Privacy

Information security (“IS”) and data privacy are often under-appreciated operational qualities, even for physical product and service ventures. Commerce is, increasingly if not unavoidably, digital, and the convenience digital commerce provides both consumers and providers exposes each to a host of legal and pragmatic risks.

Au LLC’s IS and data privacy-related activities roughly fall into the following areas:

  • Compliance and Risk Assessment
  • Incident Response Protocols
  • Privacy-related litigation
  • Software / IT-related contracts

Being mindful of litigious risks involving data security, privacy policies, and biometric information translates into the ability to properly assess operational risks, create incident response plans, and appropriate draft software and IT-related contracts.

Stored Communications Act

The Stored Communications Act (18 U.S.C. § 2701, et seq.) is federal legislation designed to generally prohibit hacking-related activity and service providers’ unauthorized disclosure of the content of communications transmitted over their networks.

Biometric Information Privacy Act

The Illinois Biometric Information Privacy Act (740 ILCS § 14/1, et seq., the “BIPA”) is very progressive and unique legislation designed to protect Illinois consumers who provide biometric identifiers and information (e.g., a fingerprint scan) to private entities.

Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act (18 U.S.C. § 1030, et seq, the “CFAA”) is federal legislation designed to protect “protected computers” against a broad range of hacking-related activities. It is primarily a criminal statute, yet its Section 1030(g) provides a private right of action to recover compensatory damages and injunctive relief for some activity.

Illinois Computer Tampering Act

The Illinois Computer Tampering Act (720 ILCS § 5/17-51, or “ICTA”) is primarily a criminal statute analogous to the Federal Computer Fraud and Abuse Act. However, Section 5/17-51(c) of the ICTA provides a private right of action for parties damaged by computer intrusions.