Inside Privacy

Subscribe to all posts by Inside Privacy

Deputy Attorney General Rod Rosenstein Warns Against Warrant-Proof Encryption

In a speech delivered at the United States Naval Academy on October 10, Deputy Attorney General Rod Rosenstein waded into the public debate between data privacy and law enforcement interests.  As part of a discussion moderated by former Covington cybersecurity attorney Jeff Kosseff, Rosenstein’s remarks discussed cyber issues facing law enforcement with a particular focus … Continue Reading

Validity of EU Standard Contractual Clauses Referred to CJEU

By Joseph Jones and Ruth Scoles Mitchell On October 3, 2017, the Irish High Court referred Data Protection Commissioner v Facebook Ireland Limited [2016 No. 4809 P.] to the Court of Justice of the European Union (“CJEU”).  The case, commonly referred to as Schrems II, is based on a complaint by Max Schrems concerning the transfer … Continue Reading

Digital Health Check-Up: Key Questions Market Players Should Be Asking

On our sister blog, CovingtonDigitalHealth, our global cross-practice digital health team has launched a three-part series on the key questions the technology, life sciences and communications industries should be considering as they fit together the regulatory and commercial pieces of the complex digital health puzzle.  Read the first post in the series here.… Continue Reading

Recent Cases on E-Mail “Spoofing” Coverage Highlight the Impact of Specific Crime Policy Wordings

By Benjamin Duke, Matt Schlesinger, and Scott Levitt [This article was also published as a Client Alert.] Two recent federal district court decisions involving computer “spoofing” scams highlight the uncertainty about whether such incidents may be covered under standard “computer fraud” provisions in widely used crime insurance forms. The conflicting results in these cases provide … Continue Reading

Is The Hutchins Indictment Over Malware Unconstitutional?

By Alex Berengaut [This article also was published in Law360.] In May 2017, the “WannaCry” malware was used to launch a worldwide ransomware cyberattack. WannaCry encrypted files on victim computers and demanded a ransom payable in bitcoin to provide the encryption key. The attack was stopped when a British security researcher, Marcus Hutchins, accidentally discovered … Continue Reading

NIST Releases Fifth Revision of Special Publication 800-53

By Susan Cassidy, Jenny Martin, and Catlin Meade The National Institute of Standards and Technology (“NIST”) released on August 15, 2017 its proposed update to Special Publication (“SP”) 800-53.  NIST SP 800-53, which was last revised in 2014, provides information security standards and guidelines, including baseline control requirements, for implementation on federal information systems under … Continue Reading

CJEU: EU-Canada proposed agreement on the transfer of Passenger Name Record data does not conform to EU data protection law standards

By Dan Cooper and Rosie Klement On July 26, 2017, the Court of Justice of the EU (CJEU) published Opinion 1-15 (the “Opinion”) on the proposed agreement between the European Union and Canada on the transfer and processing of passenger name record (“PNR”) data (the “Agreement”).  The Agreement was signed in 2014, but the CJEU … Continue Reading

Impact Assessment Institute Releases Report Critical of Commission’s Case for E-Privacy Regulation

By Lisa Peets, Ezra Steinhardt, and Rosie Klement On July 14, 2017, the Impact Assessment Institute (“IAI”) (an independent institute committed to impartial impact assessment and scientific evaluation of policy and legislation in the EU) published a study assessing the impact assessment carried out by the European Commission in connection with the Commission’s proposal for … Continue Reading

Washington Becomes the Third State with a Biometric Law

By Rebecca Yergin On May 16, 2017, Governor Jay Inslee signed into law H.B. 1493—Washington’s first statute governing how individuals and non-government entities collect, use, and retain “biometric identifiers,” as defined in the statute.  The law prohibits any “person” from “enroll[ing] a biometric identifier in a database for a commercial purpose, without first providing notice, … Continue Reading

European Cloud in Health Advisory Council Calls For Review of eHealth Rules and Ethics of Medical Data Re-Use

In a new post on the Covington Digital Health blog, our colleagues discuss a new European Cloud in Health Advisory Council whitepaper calling for a review of European healthcare data protection rules holding back greater adoption of cloud computing and AI; and for more discussion about the ethics and governance of re-use of patient data for research and planning.  To read … Continue Reading

Working Effectively with Forensic Firms

Among the many issues that can give rise to the initial uncertainty of responding to a significant cybersecurity incident is a failure by incident response team members to understand the perspectives and priorities of other stakeholders. But this complicating factor can readily be mitigated through cross-functional education and relationship building before an incident occurs. In … Continue Reading

Irish Data Protection Commissioner Releases 2016 Annual Report

By Denitsa Marinova On April 11, 2017, the Data Protection Commissioner of Ireland (DPC) published her annual report for 2016, highlighting key developments and activities for the past year and outlining priorities for 2017 and beyond.  The report will be of interest to Irish entities and multinational organizations with a base in Ireland, including companies … Continue Reading

The Information Commissioner’s Office Publishes a Consultation Paper on Profiling and Automated Decision-Making under the GDPR

By Dan Cooper and Rosie Klement On April 2, 2017, the Information Commissioner’s Office (“ICO”) released a consultation paper for UK organizations to comment on how the new profiling provisions under the General Data Protection Regulation (“GDPR”) could be interpreted and applied when the GDPR comes into force in May 2018. The public consultation on … Continue Reading

Legislation Introduced in House and Senate to Establish Drone Privacy Rules

By Stephen Kiehl Continuing their focus on drone privacy issues, Senator Edward J. Markey (D-Mass.) and Rep. Peter Welch (D-Vt.) introduced legislation in the House and Senate this month that would require drone operators to create policies covering data collection and retention and require warrants for law enforcement agencies to conduct surveillance by drone. The … Continue Reading

Italian DPA Issues Record Data Privacy Fine

By Luca Tosoni and Dan Cooper On 2 February 2017, the Italian DPA (“Garante”) imposed a record fine of 5,880,000 Euros on a UK company operating in Italy for its violation of the data privacy consent rules contained in Italian law.  This is the largest data privacy fine ever issued by a European data protection … Continue Reading

CDRH Releases Postmarket Cybersecurity Final Guidance

By Christopher Hanson On December 28, 2016, CDRH announced the publication of the final guidance “Postmarket Management of Cybersecurity in Medical Devices.”  In a separate post, we reported on the January 22, 2016 draft version of this guidance document.  The final guidance provides FDA’s recommendations on a risk-based framework for medical device manufacturers to assess and … Continue Reading

China Seeks Comment on Seven Draft Cybersecurity and Data Privacy National Standards

By Tim Stratford and Yan Luo China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released seven draft national standards related to cybersecurity and data privacy for public comment on December 21, 2016.  The public comment period … Continue Reading

Inside Privacy Named to ABA Blawg 100

We’re honored to announce that InsidePrivacy has been included in the American Bar Association’s Annual Blawg 100, the ABA’s annual list of 100 best law blogs, for 2016.  In including InsidePrivacy in its tenth anniversary list of top blogs, the ABA noted:  “Covington & Burling bloggers address the struggles of courts and governments around the … Continue Reading

FTC Seeks Rehearing of Ninth Circuit Dismissal of Throttling Suit

Last week, the Federal Trade Commission (“FTC”) filed a petition for en banc (full court) review of a Ninth Circuit opinion dismissing the FTC’s lawsuit against AT&T for violating Section 5 of the FTC Act due to its throttling practices. As we previously reported, in October 2014, the FTC challenged AT&T’s practice of reducing—or “throttling”—the … Continue Reading

G-7 Publishes Fundamental Elements of Cybersecurity for the Financial Sector

On October 11, 2016, the finance ministers and central bank governors of the Group of 7 (G-7) countries announced the publication of the Fundamental Elements of Cybersecurity for the Financial Sector, a non-binding guidance document for financial sector entities.  The publication  describes eight fundamental “elements” of effective cybersecurity risk management to guide public and private … Continue Reading

White House Releases Report on the Future of Artificial Intelligence

On October 12, 2016, the White House released a report entitled Preparing for the Future of Artificial Intelligence.  The report surveys the current state of Artificial Intelligence (AI), its existing and potential applications, and the questions that progress in AI raises for society and public policy.  The publication of the report follows a series of … Continue Reading

Launch of the Third Edition of Data Protection & Privacy, edited by Covington’s Monika Kuschewsky

On September 22, 2016, Monika Kuschewsky, a senior lawyer in Covington’s global Data Protection and Cybersecurity practice, hosted a seminar on “The Latest Data Protection Developments Around the Globe”.  The third edition of the multijurisdictional handbook Data Protection & Privacy, edited by Ms. Kuschewsky and published by Thomson Reuters in the Sweet & Maxwell International … Continue Reading
LexBlog