Archives: Regulatory

Subscribe to Regulatory RSS Feed

Importance of State AGs in Privacy in the United States – Interview of CT AG George Jepsen by Professor Danielle Citron at IAPP Privacy Bar Section Forum

Notwithstanding potential changes to privacy regulation at the federal level, state attorneys general (AGs) will continue to be robust and influential privacy policymakers and enforcers in the United States – that was the key takeaway of an interview by University of Maryland Law Professor Danielle Citron of Connecticut Attorney General George Jepsen at the IAPP … Continue Reading

Data Privacy and Security Legal Reform, and Plaintiffs’ Bar White Paper the Focus of IAPP Panel

A panel on legal reform in the area of privacy and data security at this week’s IAPP Summit provided an opportunity for a discussion between businesses and regulators, as well as for the launch of a white paper on the activities of the plaintiffs’ bar in this area that Reed Smith prepared for the U.S. … Continue Reading

Germany’s approach against criminal content on social networks faces resistance by stakeholders

On 5 April 2017, the German Federal Minister of Justice’s new bill aimed at improving enforcement of rights in social networks (Entwurf eines Gesetzes zur Verbesserung der Rechtsdurchsetzung in sozialen Netzwerken; Netzwerkdurchsetzungsgesetz – NetzDG, the Bill; see our previous blog) has, in a slightly revised version, been adopted by the Federal Cabinet (Bundeskabinett) and is now … Continue Reading

State Attorneys General Gather to Discuss Privacy Enforcement

A panel at a meeting of the National Association of Attorneys General highlighted data breaches and privacy in the context of new technology, signalling that state regulators are focused on consumer protection in this area. The panel at the Southern Regional Meeting in Charlottesville on April 4 was devoted to emerging technologies, privacy concerns, and … Continue Reading

Recent Open Meeting Foreshadows FCC Commissioners’ Views if ACA Decision Is Remanded

As the cherry blossoms prepare to bloom in Washington, D.C., our thoughts turn toward wondering when the D.C. Circuit will hand down its ruling in ACA International, et al v. FCC (Case No. 15-1211). This case, you will recall, is the consolidation of a number of appeals challenging the July 10, 2015, Order in which … Continue Reading

German Federal Minister of Justice introduces new bill against criminal content on social networks

On 14 March 2017, the German Federal Minister of Justice, Heiko Maas, announced a new bill aimed at improving the application of the law to social networks (Entwurf eines Gesetzes zur Verbesserung der Rechtsdurchsetzung in sozialen Netzwerken; Netzwerkdurchsetzungsgesetz – NetzDG, the Bill). The Bill strengthens the rights of individuals who are affected by ‘hate speech’ … Continue Reading

FTC’s FinTech Forum continues focus on emerging technologies including AI and Blockchain Technologies

The Federal Trade Commission continues its efforts to be the leading federal regulator in the areas of privacy and data security.  Its latest FinTech Forum highlights emerging issues relating to blockchain, machine learning, and related tools that increasingly influence how sensitive information about consumers is collected, used, shared and secured.  These programs help inform the … Continue Reading

Vizio Settlement with FTC May Signal Future Direction of Agency Enforcement

The Federal Trade Commission’s recent settlement with VIZIO, Inc., may have created a new definition of “sensitive information” that includes viewing data, but the opinion of Acting Chairperson Maureen Ohlhausen may provide further insight on how the agency will act under the new administration. On February 6, the FTC settled charges with VIZIO, one of the … Continue Reading

OMB Federal Agency Data Breach Guidelines – Considerations for Industry

Earlier in February, the Executive Office of Management and Budget (“OMB”) issued Memorandum M-17-12 to federal agencies to set out guidelines and procedures for preparing for or responding to a breach involving the release of personally identifiable information (“PII”). The OMB’s suggested framework specifically aims to “[assess] and mitigate the risk of harm to individuals … Continue Reading

NIS Directive to be implemented in UK despite Brexit

In January, the UK government confirmed that it will be implementing the EU’s Network and Information Security Directive (NIS Directive) regardless of Brexit. EU countries have until 9 May 2018 to implement the Directive into their national laws. Given Brexit, the UK government confirmed in its Cyber Security Regulation and Incentives Review that details of the … Continue Reading

“Do as I say, not as I do”: A business specialising in blocking unsolicited marketing calls is fined for making unsolicited marketing calls

“Do as I say, not as I do” It is difficult to miss the irony of the ICO’s first-awarded fine for nuisance calls since taking over the Telephone Preference Service (TPS), as reported in our earlier blog in December. IT Protect Ltd., a Bognor Regis firm in the business of selling a call-blocking device that … Continue Reading

EU Commission publishes its proposals for new e-Privacy Regulation

On 10 January, the EU Commission proposed a new Regulation on Privacy and Electronic Communications (“proposed Regulation”) to replace Directive 2002/58 (known as the “ePrivacy Directive”). The proposed Regulation The proposed Regulation aims to align the rules that apply to electronic communications services with the forthcoming General Data Protection Regulation (GDPR).… Continue Reading

NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems

On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.”  The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems. … Continue Reading

FDA Releases Guidance on Cybersecurity and Medical Devices

The FDA represents the latest federal agency to show a focus on cybersecurity issues with the release December 28 of new guidance. While the prospect of network-enabled medical devices increasingly offers the promise of improved care and patient treatment, evolving technology and new-found connectivity present emerging security considerations as well. The Food and Drug Administration … Continue Reading

ICO to assume Telephone Preference Service responsibility

Effective 30 December 2016, the Information Commissioner’s Office (‘ICO’) will be responsible for recording and maintaining the Telephone Preference Service (‘TPS’) register. The TPS is a free service offered to the public, which records a list of those individuals who have expressly opted out of receiving direct marketing materials. Marketers and other organisations (including charities, … Continue Reading

New California AG Appointed with Possibilities for Privacy Enforcement

With the election of current California Attorney General Kamala Harris to the U.S. Senate, Governor Jerry Brown was tasked with appointing her replacement. On December 1, he announced that his pick is U.S. Representative Xavier Becerra, head of the House Democratic caucus. Becerra was first elected to the House in 1992 and has also served … Continue Reading

Preparing for the GDPR: what you need to know

Data protection procedures will require an overhaul for any company that offers goods and services, or tracks individuals, in the EU under the European General Data Protection Regulation (GDPR) to take effect from 25 May 2018. Given the changes in compliance requirements that the GDPR entails, it is vital that you use 2017 to audit … Continue Reading

Leveraging the Blockchain to Provide an Unalterable, Distributed Ledger for Transactions, Supply Chains and Other Corporate Processes

On Monday, November 14, 2016, the Securities and Exchange Commission (SEC) hosted a forum to discuss financial technology (FinTech) innovation in the financial services industry. The summit discussed several topics, but the second panel, titled “Impact of Recent Innovation on Trading, Settlement, and Clearance Activities,” specifically addressed blockchain-enabled distributed ledger technology and its applicability in … Continue Reading

A Gentle Reminder from the FCC: Autodialed Text Messages Fall Under TCPA Restrictions

Last week, the FCC’s Enforcement Bureau issued an enforcement advisory reiterating its position that autodialed text messages must comply with requirements set forth in the Telephone Consumer Protection Act (TCPA).  Though it is unclear what prompted this specific advisory (perhaps, the upcoming holiday season), the Enforcement Bureau issued the warning in order to promote understanding … Continue Reading

Article 29 Working Party issues results of GDPR Fablab workshop

Ahead of the forthcoming General Data Protection Regulation (GDPR), the Article 29 Working Party earlier this year organised the Fablab workshop. Meeting in Brussels, more than 90 participants gathered to discuss certain operational and practical issues linked to the GDPR with representatives of industry, civil society, academics and relevant associations. Fablab’s objective was to generate … Continue Reading

FTC’s New Guidelines Provide Agency View on Data Breach Response

On October 25, the Federal Trade Commission released “Data Breach Response: A Guide for Business,” its latest guidance on data privacy and security regulation. The Guide seeks to help businesses comprehend the Agency’s understanding of both legal requirements and best practices, although what is legally required versus what is encouraged continues to be challenging for … Continue Reading

Company bosses can no longer dodge nuisance call fines

In an ongoing effort to tackle nuisance calls, the UK government has signalled its intention to make company directors directly liable for breaches of the Privacy and Electronic Communications Regulations (PERC) carried out by their firms. These fines will be in addition to any fines ordered against the firm itself. Deemed a growing problem that, … Continue Reading
LexBlog