In the past few years, we have seen an uptick in agencies beginning to focus on the cybersecurity readiness and response of organizations subject to their jurisdiction. The U.S. Securities and Exchange Commission (SEC), for example, has identified cybersecurity as a top priority for many years. This past June, the SEC named Stephanie Avakian and … Continue Reading
Three bipartisan Senate bills are up for consideration in Congress that would attempt to modernize the legal standards under which the U.S. government can access communications electronically stored by email service providers and cloud computing companies. The proposed bills, introduced July 27, 2017, each provide a different scheme in updating the Electronic Communications Privacy Act … Continue Reading
The Financial Conduct Authority recently released guidance regarding cyber resilience (in the form of new webpages) which FCA regulated firms should take account of. While many larger regulated firms have substantial cyber resilience systems in place, the FCA is well aware that all firms are still vulnerable to attack, and that cyber attacks can impact … Continue Reading
Nevada is the latest state to clarify blockchain’s legal status under state law. The law, Senate Bill 398, was signed by the governor June 5, and prohibits local governments from imposing taxes or fees on the use of a blockchain; requiring a certificate, license, or permit to use a blockchain; or imposing any other requirement … Continue Reading
The UK FCA Publish Discussion Paper on Distributed Ledger Technology Regulators globally are focused on understanding industry consumers’ views on distributed ledger technology’s (DLT) potential risks and opportunities. On 10 April 2017, the UK Financial Conduct Authority (FCA) published a discussion paper DP17/3 on DLT, and followed it with a speech at the Innovate Finance … Continue Reading
Nearly every state in the United States requires notification when certain personal information is lost, stolen, or misused. However, the many state laws vary in subtle but crucial respects, making it difficult to get to a bottom line quickly. Reed Smith’s Information Technology, Privacy & Data Security practice is thrilled to release a first-of-its-kind tool … Continue Reading
In the course of its E-commerce Sector Inquiry (Sector Inquiry) launched in May 2015, the European Commission gained an insight into the standard business practices engaged in by producers of consumer goods when distributing their products online. The Sector Inquiry, which formed part of the Commission’s wider Digital Single Market Strategy, was recently completed, with … Continue Reading
The European Commission has imposed a fine of EUR110 million (US$122 million) on Facebook for providing misleading or incorrect information to the European Commission when it filed the acquisition of WhatsApp for merger approval in 2014. In the notification, Facebook stated that it would be unable to establish a reliable automated matching between Facebook users’ … Continue Reading
Notwithstanding potential changes to privacy regulation at the federal level, state attorneys general (AGs) will continue to be robust and influential privacy policymakers and enforcers in the United States – that was the key takeaway of an interview by University of Maryland Law Professor Danielle Citron of Connecticut Attorney General George Jepsen at the IAPP … Continue Reading
A panel on legal reform in the area of privacy and data security at this week’s IAPP Summit provided an opportunity for a discussion between businesses and regulators, as well as for the launch of a white paper on the activities of the plaintiffs’ bar in this area that Reed Smith prepared for the U.S. … Continue Reading
On 5 April 2017, the German Federal Minister of Justice’s new bill aimed at improving enforcement of rights in social networks (Entwurf eines Gesetzes zur Verbesserung der Rechtsdurchsetzung in sozialen Netzwerken; Netzwerkdurchsetzungsgesetz – NetzDG, the Bill; see our previous blog) has, in a slightly revised version, been adopted by the Federal Cabinet (Bundeskabinett) and is now … Continue Reading
A panel at a meeting of the National Association of Attorneys General highlighted data breaches and privacy in the context of new technology, signalling that state regulators are focused on consumer protection in this area. The panel at the Southern Regional Meeting in Charlottesville on April 4 was devoted to emerging technologies, privacy concerns, and … Continue Reading
As the cherry blossoms prepare to bloom in Washington, D.C., our thoughts turn toward wondering when the D.C. Circuit will hand down its ruling in ACA International, et al v. FCC (Case No. 15-1211). This case, you will recall, is the consolidation of a number of appeals challenging the July 10, 2015, Order in which … Continue Reading
On 14 March 2017, the German Federal Minister of Justice, Heiko Maas, announced a new bill aimed at improving the application of the law to social networks (Entwurf eines Gesetzes zur Verbesserung der Rechtsdurchsetzung in sozialen Netzwerken; Netzwerkdurchsetzungsgesetz – NetzDG, the Bill). The Bill strengthens the rights of individuals who are affected by ‘hate speech’ … Continue Reading
The Federal Trade Commission continues its efforts to be the leading federal regulator in the areas of privacy and data security. Its latest FinTech Forum highlights emerging issues relating to blockchain, machine learning, and related tools that increasingly influence how sensitive information about consumers is collected, used, shared and secured. These programs help inform the … Continue Reading
The Federal Trade Commission’s recent settlement with VIZIO, Inc., may have created a new definition of “sensitive information” that includes viewing data, but the opinion of Acting Chairperson Maureen Ohlhausen may provide further insight on how the agency will act under the new administration. On February 6, the FTC settled charges with VIZIO, one of the … Continue Reading
Earlier in February, the Executive Office of Management and Budget (“OMB”) issued Memorandum M-17-12 to federal agencies to set out guidelines and procedures for preparing for or responding to a breach involving the release of personally identifiable information (“PII”). The OMB’s suggested framework specifically aims to “[assess] and mitigate the risk of harm to individuals … Continue Reading
In January, the UK government confirmed that it will be implementing the EU’s Network and Information Security Directive (NIS Directive) regardless of Brexit. EU countries have until 9 May 2018 to implement the Directive into their national laws. Given Brexit, the UK government confirmed in its Cyber Security Regulation and Incentives Review that details of the … Continue Reading
“Do as I say, not as I do” It is difficult to miss the irony of the ICO’s first-awarded fine for nuisance calls since taking over the Telephone Preference Service (TPS), as reported in our earlier blog in December. IT Protect Ltd., a Bognor Regis firm in the business of selling a call-blocking device that … Continue Reading
In one of his earliest official acts, President Trump appointed FCC Commissioner Ajit Pai as the long-term Chairman of the FCC. While many thought Commissioner Pai was the most likely candidate to be named interim Chairman of the Commission, President Trump skipped the interim step and immediately appointed Chairman Pai on a long-term basis. This … Continue Reading
On 10 January, the EU Commission proposed a new Regulation on Privacy and Electronic Communications (“proposed Regulation”) to replace Directive 2002/58 (known as the “ePrivacy Directive”). The proposed Regulation The proposed Regulation aims to align the rules that apply to electronic communications services with the forthcoming General Data Protection Regulation (GDPR).… Continue Reading
On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.” The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems. … Continue Reading
The FDA represents the latest federal agency to show a focus on cybersecurity issues with the release December 28 of new guidance. While the prospect of network-enabled medical devices increasingly offers the promise of improved care and patient treatment, evolving technology and new-found connectivity present emerging security considerations as well. The Food and Drug Administration … Continue Reading
Effective 30 December 2016, the Information Commissioner’s Office (‘ICO’) will be responsible for recording and maintaining the Telephone Preference Service (‘TPS’) register. The TPS is a free service offered to the public, which records a list of those individuals who have expressly opted out of receiving direct marketing materials. Marketers and other organisations (including charities, … Continue Reading
