The Obama administration has introduced its Cybersecurity National Action Plan (the "CNAP") in connection with its 2017 budget proposal. The CNAP aims to protect Americans, government agencies, and companies against the...more
Until its invalidation in October last year, many businesses relied on the EU-US Safe Harbor framework as a safe passage for transatlantic data flow. After months of negotiating, a new deal has been reached, renamed the...more
The Federal Communications Commission has proposed rules requiring all participants in the nation's emergency alert system ("EAS") to implement certain cybersecurity risk management practices. The proposed rules could apply...more
On December 17, 2015, Senators Jack Reed (D-RI) and Susan Collins (R-Maine) introduced, S2410, the Cybersecurity Disclosure Act of 2015, which would require public companies to disclose what cybersecurity expertise their...more
The Omnibus appropriations bill entitled the Fiscal Year 2016 Consolidated Appropriations Act released late Tuesday, includes language from separate cybersecurity bills that had previously passed in both the House of...more
Federal Trade Commission ("FTC") charges against the cancer-screening laboratory LabMD, stemming from two data breaches involving sensitive personal information of thousands of consumers were dismissed in a decision made...more
On October 30, 2015, the Department of Defense ("DoD") issued a new rule, Requirements Relating to Supply Chain Risk, requiring its agencies to evaluate cybersecurity risks when considering contractors who provide Information...more
On October 27, the Cybersecurity Information Sharing Act (CISA) finally passed the Senate by a hefty margin of 74–21 (read the text of the bill as passed). Despite an escalation of opposition and rhetoric over the past couple...more
Following a September 23, 2015 opinion by Advocate General (AG) Bot that the US-EU Safe Harbor framework, which provided for the "safe" transfer of personal data from the EU to the US, did not provide sufficient guarantees...more
10/26/2015
/ Advocate General ,
Binding Corporate Rules ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
European Court of Justice (ECJ) ,
International Data Transfers ,
Judicial Redress Act ,
Model Contracts ,
Pending Legislation ,
US-EU Safe Harbor Framework
The Department of Defense (DoD) has published regulations that require DoD contractors to report cyber incidents impacting unclassified DoD contractor systems. The new regulations mandate compliance with elements of the...more
Earlier this month, a California jury found the University of California, Los Angeles Health System (UCLA) not liable for damages that allegedly resulted when a medical office assistant, Alexis Price, improperly accessed and...more
On September 1, 2015, the Digital Advertising Alliance ("DAA") began enforcing the application of its Self-Regulatory Principles for Online Behavioral Advertising and Multi-Site Data (the "OBA Principles", the "MSD...more
9/15/2015
/ Advertising ,
Behavioral Advertising ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Digital Advertising Alliance ,
Direct Marketing Association ,
Geolocation ,
Mobile Apps ,
Online Advertisements ,
Popular ,
Prior Express Consent ,
Self-Regulatory Organizations ,
Transparency
The Federal Trade Commission (FTC) has brought over 50 cases against companies that put consumer data at unreasonable risk. On June 30, 2015, the FTC released a guide titled Start with Security that summarizes 10 lessons the...more
As noted in previous alerts, the FCC has dramatically increased its enforcement of data security practices and breaches resulting from what the FCC considers to be inadequate security measures. ...more
Student privacy has become a focal point in the education sector. While media attention has largely focused on activities in Washington, we believe it is also critical for schools and Ed Tech companies to pay closer attention...more
An industry-led committee advising the Federal Communications Commission ("FCC") on cybersecurity released its final report on best risk management practices tailored to each of five main industry segments—broadcasting,...more
On December 15, 2010, Canada passed Canada's Anti-Spam Legislation ("CASL"), one of the world's most stringent anti-spam laws. On January 15, 2015, the provisions set forth in Section 8 of CASL relating to the installation of...more
On February 27, 2015, President Obama released a draft of a proposed Consumer Privacy Bill of Rights Act (Proposal). The Proposal aims to protect the privacy of individual consumers on the Internet by (a) establishing...more
On January 27, 2015, the Federal Trade Commission (FTC) released a staff report titled Internet of Things—Privacy and Security in a Connected World. The report summarizes the topics discussed and input provided by...more
Over the past two weeks, President Obama has made clear that cybersecurity continues to be a concern, and he and the administration are increasing their focus on the issue. ...more
Recent widely publicized cyberattacks have made clear that nation-state hackers are now hacking companies for political purposes and they appear to be focused on broadcasters and other media companies....more
California S.B. 568, titled "Privacy Rights for California Minors in the Digital World," (the "Privacy Law") took effect January 1, 2015. The new Privacy Law includes a provision known as the "Eraser Law" that gives...more
1/6/2015
/ Advertising ,
COPPA ,
Marketing ,
Minor Eraser Law ,
Minors ,
Mobile Privacy ,
New Legislation ,
Notice Requirements ,
Online Platforms ,
Popular ,
Privacy Laws ,
Social Media ,
Social Networks ,
Websites
After years of pundits saying "oh, major cyber legislation will pass this year," it may finally be happening. Last week Congress hammered out details on four different cyber bills that are intended to help the country move...more
California recently passed the Student Online Personal Information Protection Act (“SOPIPA” a.k.a. “so-peep’-ah”), which is the first state law to comprehensively address student privacy and will be effective January 1, 2016....more
In July 2014, Russian Federation President Vladimir Putin signed Federal Law No. 242-FZ (the "Law"), which amends existing Russian data privacy laws to require that personal data of Russian citizens be processed by servers...more