Tag Archives: Data Security

FAA Takes One Small Step Toward Legalizing Commercial Use of Small Unmanned Aircraft Systems, a.k.a. Drones

The Federal Aviation Administration (FAA) has long been studying the promise and perils of small unmanned aircraft systems (“UAS”), a.k.a. drones. The commercial potential of UAS technology is clear. Businesses are eager to use UAS to do everything from covering traffic accidents to taking real estate and wedding photos to delivering small parcels. However, the … Continue Reading

Ofcom Publishes Plan To Support the Internet of Things

In January, Ofcom, the UK telecommunications regulator, published its Statement on ‘Promoting investment and innovation in the Internet of Things’ (Statement). The Statement acknowledges that the Internet of Things (IoT) has the potential to deliver significant benefits to citizens and consumers. In light of this, Ofcom sought views from its stakeholders on what role Ofcom … Continue Reading

German Data Protection Commissioners Take Action Against Safe Harbor

At the Data Protection Conference in Berlin, the Berlin and Hamburg Data Protection Commissioners (Commissioners) made a number of important announcements regarding the ‘inadequacy’ of the EU/U.S. Safe Harbor Program. Both Dr. Alexander Dix and Prof. Johannes Caspar, Commissioners for Berlin and Hamburg respectively, asserted that U.S. companies do not protect data to the same … Continue Reading

Senators Trying to Hit the Brakes on Smart Cars, Citing Privacy and Security Concerns

On February 11, Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) announced that they would introduce legislation intended to address the data privacy and security vulnerabilities with Internet-connected cars. The legislation, if passed, would require manufacturers to adhere to a number of security and privacy standards, including the following: Requirement that all wireless access points … Continue Reading

Finland Introduces New Information Society Code

The Information Society Code (2014/917) (Code) – a new act in Finland on electronic communications, privacy, data security, communications, and the information society in general – took effect 1 January. This sees a consolidation of 10 existing acts into one, which had included Finland’s Communications Market Act; Act on the Protection of Privacy in Electronic … Continue Reading

In Nevada Court, Millions of Dollars Wasted in the Name of Macau Data Privacy Law

Clark County Nevada District Judge Elizabeth Gonzalez is considering further sanction against Sands China Ltd. for redacting “personal information” from about 2,600 documents the company produced in 2013 as part of an ongoing wrongful termination suit first filed in 2010 by Steven Jacobs, the former president of Sands Macau. Jacobs alleges that he was wrongfully … Continue Reading

Australian Data Protection Authority Issues Guidelines On Securing Personal Information

On 19 January 2015, the Australian data protection authority, the Office of the Australian Information Commissioner (OAIC), released an updated information security guide: ‘Guide to securing personal information.’ The Guide aims to help organisations meet their data security obligations under the Australian Privacy Principles (APPS) that provide the framework for Australia’s Privacy Amendment (Enhancing Privacy … Continue Reading

FTC Report Offers Privacy and Security Guidance for ‘Internet of Things’

This post was written by Frederick Lah. On Tuesday, January 27, the FTC issued a 71-page Staff Report on the privacy and security issues with the Internet of Things. As we’ve noted in our previous blog posts, the Internet of Things (“IoT”) refers to the growing ability of everyday devices to monitor and communicate information … Continue Reading

European Banking Authority Releases Internet Payment Guidelines

The European Banking Authority (EBA) released ‘Final guidelines on the security of internet payments’ (Guidelines). These Guidelines are based on the work published by the European Forum on the Security of Retail Payments (SecuRe Pay) and set the minimum security requirements that Payment Services Providers (PSPs) in the EU will be expected to implement by … Continue Reading

N.Y. AG Seeks To Have the ‘Strongest, Most Comprehensive’ Data Security Law in Nation

Last week, New York Attorney General Eric Schneiderman announced that he would propose a new data security law in his state that would require companies to take increased safeguards for the protection of personal information. The bill, if passed, would broaden the scope of information that companies would be responsible for protecting, and would require … Continue Reading

Turkish Parliament Approves E-Commerce Law

Turkey’s Parliament has approved Law No. 6563 on the Regulation of Electronic Commerce (Law) aimed at creating a more secure, transparent and accessible e-commerce environment. The Law is expected to come into force 1 May 2015. The Law covers electronic communications, liabilities of service providers, contracts concluded electronically, and the information provided to consumers, as … Continue Reading

OECD Releases Guidance for Digital Consumer Products

The Organisation for Economic Cooperation and Development (OECD) released Consumer Policy Guidance on Intangible Digital Content Products (Guidance) for protecting online consumers of digital content. With the expansion of the Internet and mobile devices, digital content has grown considerably. The OECD recognizes that this has brought consumers considerable benefits, “including ready access to a wide … Continue Reading

FTC Chairwoman Rings in the New Year with ‘Internet of Things’ Warning

While hundreds of tech companies are racing to develop the newest in Internet-connected “smart” devices, Federal Trade Commission (“FTC”) Chairwoman Edith Ramirez is sending a reminder to those companies of their responsibilities to consumers. At the 2015 Consumer Electronics Show held in Las Vegas, January 6-9, Chairwoman Ramirez highlighted some best practices to address the … Continue Reading

New Jersey Requires Encryption for Health Insurance Carriers; May Open Door to Class Action Suits over Violations Under State Consumer Protection Law

Gov. Chris Christie has signed into law S. 562, which, as its title states, “Requires health insurance carriers to encrypt certain information.” Violation of this new law constitutes a facial violation of the New Jersey Consumer Fraud Act, a powerful consumer remedies statute. The NJCFA can be enforced by the state attorney general, or by … Continue Reading

Cybersecurity Risks Are Higher than Ever and Are Proving Costly

Cybersecurity is an increasing concern for companies. Last April, the UK Department for Business, Innovation & Skills (BIS) published the 2014 information security breaches survey: technical report. The report comprises the findings from two online questionnaires completed by 1,125 respondents, and contains a number of important cyber-attack statistics for both large organisations and small businesses. … Continue Reading

Russia sets a new deadline for data localisation, and removes Hong Kong and Switzerland from Adequate Privacy Protection List

The Russian Duma recently set a new deadline for companies to localise their data processing of Russian citizens on Russian soil, while the data protection authority published an order removing Hong Kong and Switzerland from its ‘adequate privacy protection list’. The Russian Duma has voted through, on a first reading, an accelerated effective date for … Continue Reading

White House Previews Ambitious (if Familiar) Privacy and Cybersecurity Proposals for 2015

On January 20, 2015, President Obama will address Congress with his annual State of the Union report. On Monday, the president spoke at the Federal Trade Commission, providing a “sneak peek” of the privacy and cybersecurity agenda that he intends to set. Of the United States, the president remarked: “We pioneered the Internet, but we … Continue Reading

EU Art. 29 Confirms Cookie Rules Apply to Digital Fingerprinting

The Article 29 Data Protection Working Party (Working Party) released Opinion 9/2014 on ePrivacy Directive 2002/58/EC (amended in 2009), stating that the consent and transparency mechanisms apply to digital fingerprinting of devices (Opinion). The Working Party issued the opinion to clarify that consent was required and to end “surreptitious tracking” of users in light of … Continue Reading

EU Commission Publishes Work Program for 2015

The European Commission’s work program for 2015 covers 10 actions for 2015, including a “connected digital single market” across the EU. As part of the Digital Single Market Package, the Commission aims to conclude negotiations on the European data protection reform and the Regulation, and to propose changes to deal with existing challenges in the … Continue Reading

Presidency of the Council of Ministers publishes amendments to ‘one stop shop’ of the draft EU Data Protection Regulation

In October 2013, we reported on the move towards a ‘One Stop Shop’ (OSS) approach to EU Data Protection. The OSS principle aims to create consistency for international organisations to process personal data in multiple member states through the appointment of a single competent authority to monitor the data-controller’s activities across all EU Member States. … Continue Reading

EU Art. 29 Working Party Announces Cooperation Procedure for EU Model Clauses

The Article 29 Data Protection Working Party (Working Party) released a Working Document setting forth a co-operation procedure for issuing common opinions on “Contractual clauses” considered as compliant with the EC Model Clauses (Working Document). The aim of this Working Document is to facilitate the use of the EU model clauses across multiple jurisdictions in … Continue Reading

Hong Kong Privacy Commissioner Ends 2014 with Special Interest in Mobile Apps

The Hong Kong Privacy Commissioner of Personal Data (the “Commissioner”) ended 2014 with a special interest in mobile applications (“apps”). In a media statement published 15 December 2014, the Commissioner reported that versions 4.3 and earlier of Google’s Android operating system contained a flaw that allowed others to read shared memory in mobile devices without … Continue Reading

European Commission and EU Art 29 dispel the myths on the ECJ’s decision in Google Spain

In May 2014, we reported on the implications of the landmark decision in Google Spain which recognises the right for individuals to have links about themselves de-listed from search results. In response to the complaints received, the Article 29 Working Party (Art 29 WP) published a report on work being carried out to handle complaints, … Continue Reading
LexBlog