Last week, President Trump nominated four new commissioners to the Federal Trade Commission (“FTC”): Joseph J. Simons, an antitrust attorney, as Chairman; Noah Joshua Phillips, chief counsel for Senate Majority Whip John Cornyn (R-Texas), for the second Republican seat; Christine Wilson, an executive for Delta Air Lines, for the third Republican seat; and Rohit Chopra, … Continue Reading
On January 25, 2018, the Court of Justice of the European Union (“CJEU”) handed down a ruling permitting consumer privacy actions to be brought in the consumer’s home jurisdiction — as opposed to the jurisdiction in which the defendant data controller has its main establishment — but not permitting consumer privacy class actions to be … Continue Reading
On January 2, 2018, the Standardization Administration of China (“SAC”) released the final version of the national standard on personal information protection, officially entitled GB/T 35273-2017 Information Technology – Personal Information Security Specification (GB/T 35273-2017 信息安全技术 个人信息安全规范) (hereinafter “the Standard”). The Standard will come into effect on May 1, 2018. As highlighted in our previous … Continue Reading
On January 12, the International Consumer Electronics Show (CES) in Las Vegas closed its doors for another year. Each CES raises a new set of technology themes, ranging from robots to smart fridges — and this year, the winner was voice technologies. Such technologies, while not entirely new, are now becoming mainstream: sales of smart … Continue Reading
On January 18, the Federal Trade Commission released its annual Privacy and Data Security Update, highlighting its enforcement efforts in 2017. The report discusses significant enforcement efforts in the areas of privacy, data security, credit reporting and financial privacy, international enforcement, children’s privacy, and telemarketing. The report also highlights the FTC’s efforts in advocacy, rulemaking, guidance, … Continue Reading
Following the Equifax data breach in 2017, there has been heightened awareness surrounding how credit reporting agencies handle consumers’ personal information. At the same time, recent high-profile attacks, such as the “WannaCry” ransomware attacks, have focused media and regulatory attention on vulnerabilities associated with unpatched systems. In response to these two concerns, on January 10, … Continue Reading
On January 9, the House of Representatives passed the Cyber Vulnerability Disclosure Reporting Act by voice vote. The Act directs the Secretary of the U.S. Department of Homeland Security (“DHS”) to prepare a report describing the policies and procedures that DHS developed to coordinate the cyber vulnerability disclosures. Under the Homeland Security Act of 2002 … Continue Reading
Last week, U.S. Customs and Border Protection (“CBP”) released a revised Directive governing searches of electronic devices at the border. These are the first official revisions CBP has made to its guidelines and procedures for devices since its 2009 Directive. The new Directive is intended to reflect the evolution of technology over the intervening decade, … Continue Reading
As we summarized last fall, the EU Commission published a new Cybersecurity Communication in September that, among other things, sets out proposals for an EU cybersecurity certification framework as part of an EU “Cybersecurity Act” (see our post here and a more detailed summary here). Just before the holidays, on December 20, 2017, the UK Government published a consultation on these proposals, which the … Continue Reading
[The referenced article was originally published in Law360.] Since August 2015, defense contractors have been on notice that they were required to implement the security controls in National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-171 no later than December 31, 2017 on covered contractor information systems. Although the focus has been on meeting … Continue Reading
