Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity directs the National Institute of Standards and Technology (“NIST”) to develop a Cybersecurity Framework of standards, methodologies, and processes for addressing cybersecurity risk. It also charges the Department of Homeland Security with developing a Critical Infrastructure Cybersecurity Program to promote adoption of the Cybersecurity Framework by critical … Continue Reading
Speaking at a seminar hosted by the International Association of Privacy Professionals, Assistant Director Chris Olsen and Senior Attorney Peder Magee, both of the Federal Trade Commission’s Division of Privacy and Identity Protection, provided a useful overview of the FTC’s recent enforcement actions and current enforcement priorities. Based on this discussion, the following infographic identifies the … Continue Reading
Yesterday, a bill that would reform the Electronic Communications Privacy Act of 1986 (“ECPA”) was approved by the Senate Judiciary Committee on a voice vote. Under ECPA, as it currently stands, police need only a subpoena, issued without approval by a judge, to access private e-mails that have already been opened or that are more … Continue Reading
In the wake of the Boston marathon bombings and in response to the quick work of law enforcement officials who were significantly aided in their identification of the suspected bombers by videos from government- and privately owned surveillance cameras, there has been renewed public discussion regarding the privacy implications of the proliferation of security cameras. … Continue Reading
The Federal Trade Commission has released its much anticipated revised COPPA FAQs. Although these FAQs are not legally binding, they provide informal guidance to industry on staff’s interpretations of the COPPA Rule. For the most part, the FAQs reiterate past guidance and emphasize key provisions of the new COPPA Rule and its Statement of Basis and Purpose. However, here are 5 key things that the revised … Continue Reading
Last week, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) published in the Federal Register a joint rule requiring entities regulated by the agencies to adopt programs to detect and prevent identity theft. The rule is referred to as the “red flags rule” and applies to certain broker-dealers, mutual funds, investment advisers, futures … Continue Reading
The U.S. Department of Health and Human Services (HHS) issued on April 19 an advance notice of proposed rulemaking (ANPRM) regarding HIPAA and the National Instant Criminal Background Check System (NICS). This action is based on one of the executive actions in President Obama’s plan to reduce gun violence, which was released in January 2013. … Continue Reading
The data protection authority in Hamburg, Germany, issued an administrative fine in the amount of € 145,000 against Google for its illegal WiFi data collection activities. This fine fell just short of the maximum amount for such fines under German data protection law, which is € 150,000 (in cases of negligence). Between 2008 and 2010, … Continue Reading
After gaining prominence in 2012, state legislation restricting access to personal social media accounts by employers and schools has remained active. Three more states have enacted their own restrictions thus far in 2013, and bills are pending in more than two dozen other states, according to the National Conference of State Legislatures. In 2012, Illinois … Continue Reading
Yesterday, the Federal Trade Commission announced that it would hold a public workshop on November 21, 2013 on “the growing connectivity of consumer devices, such as cars, appliances, and medical devices”―also known as, “the Internet of Things.” The FTC will accept public comments (due June 1, 2013) in advance of the workshop. In describing the … Continue Reading
On April 10, 2013, China’s internet regulator, the Ministry of Industry and Information Technology (“MIIT”), issued a draft regulation for public comment entitled Provisions on Protecting the Personal Information of Telecommunication and Internet Users (“Draft Provisions”). The Draft Provisions would impose additional requirements when telecommunication service providers (“TSPs”) and internet information service providers (“IISPs”) collect … Continue Reading
On April 2, the Article 29 Working Party (the “Working Party”) approved a new Opinion on a principle of European data protection law known as the “purpose limitation”. The principle (which stems from Article 6(1)(b) of the Data Protection Directive) requires that data controllers only collect data for “specific”, “explicit” and “legitimate” purposes, and not … Continue Reading
Advances in technology present opportunities to improve student learning, allow teachers and students to work more efficiently, and reduce operational costs for educational institutions. Many schools are taking advantage of these benefits by implementing online course systems and cloud computing services that allow students and teachers to access their programs, e-mails, and documents online from … Continue Reading
In a vote Wednesday afternoon, the House Permanent Select Committee on Intelligence passed the Cyber Intelligence Sharing and Protection Act (“CISPA”). Eighteen Representatives voted in favor of the bill, and two–Rep. Adam Schiff (D-CA) and Rep. Jan Schakowsky (D-IL)–voted against. The Committee adopted amendments that Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) … Continue Reading
Employees’ use of social media and other online services in their professional and personal lives has increased the risk of an employee bringing claims against a current or former employer. In the past three years, for example, employers have had to defend against claims related to ownership of social media accounts used by former employees … Continue Reading
On March 27, 2013, the Federal Reserve released a report on consumers’ use of mobile banking and mobile payments. The report follows a similar report issued by the Federal Reserve last year. The report found that use of mobile banking has increased significantly in the past year while use of mobile payments has increased as well. … Continue Reading
By David N. Fagan and Kristen E. Eichensehr On March 28, our firm hosted an event, co-sponsored with The Chertoff Group, on Legal and Policy Developments in Cybersecurity. The event featured keynote addresses by former Secretary of Homeland Security Michael Chertoff, now Senior Of Counsel with Covington and founder of The Chertoff Group, and Representative … Continue Reading
By David N. Fagan and Kristen E. Eichensehr In a call with reporters Monday, Representatives Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD), respectively the Chairman and Ranking Member of the House Permanent Select Committee on Intelligence (“HPSCI”), announced several planned amendments to the Cyber Intelligence Sharing and Protection Act (“CISPA”). The bill is expected to … Continue Reading
At a recent forum in New York, a team of Covington lawyers addressed the growing concern among companies that their most valuable assets could leave the building on a thumb drive in an employee’s pocket or be disclosed through an employee’s use of a social media site. Addressing this threat involves many disciplines beyond trade … Continue Reading
A bill titled the “Right to Know Act of 2013” (AB 1291), which was first introduced by Assembly Member Bonnie Lowenthal this past February, continues to gather momentum in the California legislature. The Right to Know Act would repeal and re-write Cal. Civ. Code § 1798.83 (often referred to as the California Shine the Light law) … Continue Reading
BNA is reporting that Mexico’s data protection authority, the Federal Institute for Access to Information and Data Protection (IFAI), will issue a fine of $1 million against one of Mexico’s largest banks for violating the country’s Federal Law on the Protection of Personal Data in Possession of Private Parties. The action against the bank — … Continue Reading
Last week, in Comcast Corp. et. al. v. Behrend et al., the United States Supreme Court reversed the Third Circuit’s decision to certify a class of Comcast subscribers allegedly harmed due to practices of Comcast in the Philadelphia “cluster” that supposedly lessened competition and resulted in supra-competitive prices. A 5-4 majority of the Court held that … Continue Reading
