In This Issue:

- European Commission Proposes Changes to the US-EU Safe Harbor:

In our November Privacy & Cybersecurity Update,1 we reported that the European Commission was undertaking a review of the U.S.-EU Safe Harbor, one of the frameworks available to U.S. companies to satisfy the “adequacy” requirement for transborder data flows from the EU under the EU Data Directive. This concern was triggered, in no small part, by revelations of U.S. surveillance programs. On November 27, 2013, the European Commission issued its report, setting forth 13 recommendations to improve the protection afforded to EU residents under the Safe Harbor. The report came as a relief to some who were concerned that the European Commission might propose a wholesale revision to the Safe Harbor process or even advocate for its elimination...

- LabMD Challenges FTC Authority to Enforce Data Security Policies:

LabMD, an Atlanta-based cancer detection company, is challenging the FTC’s jurisdiction over a company’s data security practices. Like Wyndham Hotels, which has been engaged in a similar legal battle with the FTC since June 2012, LabMD has asserted that since there is no definitive legal standard for security, there is, in effect, nothing for the FTC to enforce. The challenges by LabMD and Wyndham are significant because they come at a time when the FTC is seeking to expand its role in the cybersecurity arena...

- FTC Sets Privacy and Data Security Agenda for 2014:

As we have reported in this and previous newsletters, much of the enforcement activity with respect to privacy and data security has occurred through the FTC. It is therefore important to review the FTC’s announced roadmap for what it sees as the key privacy and security issues in 2014...