Inside Privacy

Subscribe to all posts by Inside Privacy

Washington Becomes the Third State with a Biometric Law

By Rebecca Yergin On May 16, 2017, Governor Jay Inslee signed into law H.B. 1493—Washington’s first statute governing how individuals and non-government entities collect, use, and retain “biometric identifiers,” as defined in the statute.  The law prohibits any “person” from “enroll[ing] a biometric identifier in a database for a commercial purpose, without first providing notice, … Continue Reading

European Cloud in Health Advisory Council Calls For Review of eHealth Rules and Ethics of Medical Data Re-Use

In a new post on the Covington Digital Health blog, our colleagues discuss a new European Cloud in Health Advisory Council whitepaper calling for a review of European healthcare data protection rules holding back greater adoption of cloud computing and AI; and for more discussion about the ethics and governance of re-use of patient data for research and planning.  To read … Continue Reading

Working Effectively with Forensic Firms

Among the many issues that can give rise to the initial uncertainty of responding to a significant cybersecurity incident is a failure by incident response team members to understand the perspectives and priorities of other stakeholders. But this complicating factor can readily be mitigated through cross-functional education and relationship building before an incident occurs. In … Continue Reading

Irish Data Protection Commissioner Releases 2016 Annual Report

By Denitsa Marinova On April 11, 2017, the Data Protection Commissioner of Ireland (DPC) published her annual report for 2016, highlighting key developments and activities for the past year and outlining priorities for 2017 and beyond.  The report will be of interest to Irish entities and multinational organizations with a base in Ireland, including companies … Continue Reading

The Information Commissioner’s Office Publishes a Consultation Paper on Profiling and Automated Decision-Making under the GDPR

By Dan Cooper and Rosie Klement On April 2, 2017, the Information Commissioner’s Office (“ICO”) released a consultation paper for UK organizations to comment on how the new profiling provisions under the General Data Protection Regulation (“GDPR”) could be interpreted and applied when the GDPR comes into force in May 2018. The public consultation on … Continue Reading

Legislation Introduced in House and Senate to Establish Drone Privacy Rules

By Stephen Kiehl Continuing their focus on drone privacy issues, Senator Edward J. Markey (D-Mass.) and Rep. Peter Welch (D-Vt.) introduced legislation in the House and Senate this month that would require drone operators to create policies covering data collection and retention and require warrants for law enforcement agencies to conduct surveillance by drone. The … Continue Reading

Italian DPA Issues Record Data Privacy Fine

By Luca Tosoni and Dan Cooper On 2 February 2017, the Italian DPA (“Garante”) imposed a record fine of 5,880,000 Euros on a UK company operating in Italy for its violation of the data privacy consent rules contained in Italian law.  This is the largest data privacy fine ever issued by a European data protection … Continue Reading

CDRH Releases Postmarket Cybersecurity Final Guidance

By Christopher Hanson On December 28, 2016, CDRH announced the publication of the final guidance “Postmarket Management of Cybersecurity in Medical Devices.”  In a separate post, we reported on the January 22, 2016 draft version of this guidance document.  The final guidance provides FDA’s recommendations on a risk-based framework for medical device manufacturers to assess and … Continue Reading

China Seeks Comment on Seven Draft Cybersecurity and Data Privacy National Standards

By Tim Stratford and Yan Luo China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released seven draft national standards related to cybersecurity and data privacy for public comment on December 21, 2016.  The public comment period … Continue Reading

Inside Privacy Named to ABA Blawg 100

We’re honored to announce that InsidePrivacy has been included in the American Bar Association’s Annual Blawg 100, the ABA’s annual list of 100 best law blogs, for 2016.  In including InsidePrivacy in its tenth anniversary list of top blogs, the ABA noted:  “Covington & Burling bloggers address the struggles of courts and governments around the … Continue Reading

FTC Seeks Rehearing of Ninth Circuit Dismissal of Throttling Suit

Last week, the Federal Trade Commission (“FTC”) filed a petition for en banc (full court) review of a Ninth Circuit opinion dismissing the FTC’s lawsuit against AT&T for violating Section 5 of the FTC Act due to its throttling practices. As we previously reported, in October 2014, the FTC challenged AT&T’s practice of reducing—or “throttling”—the … Continue Reading

G-7 Publishes Fundamental Elements of Cybersecurity for the Financial Sector

On October 11, 2016, the finance ministers and central bank governors of the Group of 7 (G-7) countries announced the publication of the Fundamental Elements of Cybersecurity for the Financial Sector, a non-binding guidance document for financial sector entities.  The publication  describes eight fundamental “elements” of effective cybersecurity risk management to guide public and private … Continue Reading

White House Releases Report on the Future of Artificial Intelligence

On October 12, 2016, the White House released a report entitled Preparing for the Future of Artificial Intelligence.  The report surveys the current state of Artificial Intelligence (AI), its existing and potential applications, and the questions that progress in AI raises for society and public policy.  The publication of the report follows a series of … Continue Reading

Launch of the Third Edition of Data Protection & Privacy, edited by Covington’s Monika Kuschewsky

On September 22, 2016, Monika Kuschewsky, a senior lawyer in Covington’s global Data Protection and Cybersecurity practice, hosted a seminar on “The Latest Data Protection Developments Around the Globe”.  The third edition of the multijurisdictional handbook Data Protection & Privacy, edited by Ms. Kuschewsky and published by Thomson Reuters in the Sweet & Maxwell International … Continue Reading

FTC Hosts “Putting Disclosures to the Test” Workshop

By Sari Sharoni On September 16, 2016, the Federal Trade Commission (“FTC”) hosted a workshop on the factors that may contribute to the effect disclosures have on consumer behavior. The workshop, “Putting Disclosures to the Test,” included speakers from a wide range of disciplines and industries, who remarked on aspects of disclosure such as consumer … Continue Reading

FTC Maps Its Cybersecurity Requirements to NIST Cybersecurity Framework Core Functions

By Catlin Meade and Jenny Martin On August 31, 2016 the FTC posted a blog addressing whether compliance with the NIST Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”) necessarily constitutes compliance with FTC cybersecurity practices. The FTC answers this question with a resounding “No” and specifically states:  “there’s really no such thing as ‘complying … Continue Reading

FAA Drone Rules Take Effect; Commercial Use of Drones Permitted with Certain Conditions

By Stephen Kiehl Welcome to the Drone Age. The Federal Aviation Administration’s (“FAA”) long-awaited rule on the commercial use of small unmanned aircraft systems (“UAS” or “drones”) took effect Monday, August 29, 2016, providing a comprehensive and generally applicable set of rules for anyone wishing to operate a small drone for commercial purposes.… Continue Reading

EU Organizations Call for More Support for Cloud Computing in Healthcare

The EU-U.S. Privacy Shield’s recent introduction has created an efficient mechanism to ensure that trans-Atlantic personal data flows are lawful.  With that in place, attention is now turning back to restrictions within the EU, particularly around hosting data in cloud computing services. European healthcare is particularly affected by such restrictions.  This has motivated a significant … Continue Reading

Morgan Stanley to Pay $1 Million Penalty in SEC Cybersecurity Settlement

By Ciarra Chavarria and Keir Gumbs On June 8, 2016, the Securities and Exchange Commission announced that Morgan Stanley Smith Barney LLC (“Morgan Stanley”) had agreed to pay $1 million as a penalty for charges relating to its “failures to protect customer information.” Morgan Stanley’s settlement with the SEC came several months after a federal … Continue Reading

Obama Administration Releases Final Data Security Policy Principles and Framework for Its Precision Medicine Initiative

Last week, our colleague Shruti Barker published an article on the Inside Medical Devices Blog, discussing eight data security principles that companies participating in the Precision Medicine Initiative should aim to meet.  The Administration’s guidance document additionally recommends a basic framework that organizations collecting, storing, and sharing patient information should adopt as current best practices.  The … Continue Reading

NTIA Multistakeholder Group Reaches Consensus on Best Practices for Drone Privacy

By Stephen Kiehl and Hannah Lepow Over the last year, the National Telecommunications and Information Administration, an arm of the Department of Commerce, has convened a series of meetings regarding voluntary best practices for privacy, accountability and transparency in the use of drones (“UAS”) by commercial and private users.  A number of stakeholders have participated … Continue Reading

EU Data Protection Authorities Call For Further Clarifications on the EU-U.S. Privacy Shield and Raise Some Concerns

By Helena Marttila-Bridge and Monika Kuschewsky Today, the Article 29 Data Protection Working Party (“Working Party”), a group consisting of representatives from the European data protection authorities, the European Data Protection Supervisor, and the European Commission, published its opinion on the EU-U.S. Privacy Shield draft adequacy decision (“Opinion”) (see here). The Opinion is accompanied by … Continue Reading
LexBlog