By Rebecca Yergin On May 16, 2017, Governor Jay Inslee signed into law H.B. 1493—Washington’s first statute governing how individuals and non-government entities collect, use, and retain “biometric identifiers,” as defined in the statute. The law prohibits any “person” from “enroll[ing] a biometric identifier in a database for a commercial purpose, without first providing notice, … Continue Reading
In a new post on the Covington Digital Health blog, our colleagues discuss a new European Cloud in Health Advisory Council whitepaper calling for a review of European healthcare data protection rules holding back greater adoption of cloud computing and AI; and for more discussion about the ethics and governance of re-use of patient data for research and planning. To read … Continue Reading
Among the many issues that can give rise to the initial uncertainty of responding to a significant cybersecurity incident is a failure by incident response team members to understand the perspectives and priorities of other stakeholders. But this complicating factor can readily be mitigated through cross-functional education and relationship building before an incident occurs. In … Continue Reading
By Denitsa Marinova On April 11, 2017, the Data Protection Commissioner of Ireland (DPC) published her annual report for 2016, highlighting key developments and activities for the past year and outlining priorities for 2017 and beyond. The report will be of interest to Irish entities and multinational organizations with a base in Ireland, including companies … Continue Reading
By Dan Cooper and Rosie Klement On April 2, 2017, the Information Commissioner’s Office (“ICO”) released a consultation paper for UK organizations to comment on how the new profiling provisions under the General Data Protection Regulation (“GDPR”) could be interpreted and applied when the GDPR comes into force in May 2018. The public consultation on … Continue Reading
By Stephen Kiehl Continuing their focus on drone privacy issues, Senator Edward J. Markey (D-Mass.) and Rep. Peter Welch (D-Vt.) introduced legislation in the House and Senate this month that would require drone operators to create policies covering data collection and retention and require warrants for law enforcement agencies to conduct surveillance by drone. The … Continue Reading
By Luca Tosoni and Dan Cooper On 2 February 2017, the Italian DPA (“Garante”) imposed a record fine of 5,880,000 Euros on a UK company operating in Italy for its violation of the data privacy consent rules contained in Italian law. This is the largest data privacy fine ever issued by a European data protection … Continue Reading
By Christopher Hanson On December 28, 2016, CDRH announced the publication of the final guidance “Postmarket Management of Cybersecurity in Medical Devices.” In a separate post, we reported on the January 22, 2016 draft version of this guidance document. The final guidance provides FDA’s recommendations on a risk-based framework for medical device manufacturers to assess and … Continue Reading
With 2016 in the rear-view mirror, we have been reflecting on the many data privacy and cybersecurity legal developments of the past year, both in the U.S. and internationally, as well as focusing on trends to watch in the new year. With best wishes for a Happy New Year from all of us at InsidePrivacy, … Continue Reading
By Tim Stratford and Yan Luo China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released seven draft national standards related to cybersecurity and data privacy for public comment on December 21, 2016. The public comment period … Continue Reading
We’re honored to announce that InsidePrivacy has been included in the American Bar Association’s Annual Blawg 100, the ABA’s annual list of 100 best law blogs, for 2016. In including InsidePrivacy in its tenth anniversary list of top blogs, the ABA noted: “Covington & Burling bloggers address the struggles of courts and governments around the … Continue Reading
Last week, the Federal Trade Commission (“FTC”) filed a petition for en banc (full court) review of a Ninth Circuit opinion dismissing the FTC’s lawsuit against AT&T for violating Section 5 of the FTC Act due to its throttling practices. As we previously reported, in October 2014, the FTC challenged AT&T’s practice of reducing—or “throttling”—the … Continue Reading
On October 11, 2016, the finance ministers and central bank governors of the Group of 7 (G-7) countries announced the publication of the Fundamental Elements of Cybersecurity for the Financial Sector, a non-binding guidance document for financial sector entities. The publication describes eight fundamental “elements” of effective cybersecurity risk management to guide public and private … Continue Reading
On October 12, 2016, the White House released a report entitled Preparing for the Future of Artificial Intelligence. The report surveys the current state of Artificial Intelligence (AI), its existing and potential applications, and the questions that progress in AI raises for society and public policy. The publication of the report follows a series of … Continue Reading
Today, our colleagues Susan Cassidy, Ashden Fein, and John Sorrenti posted an article on Inside Government Contracts about the Department of Defense (DoD) issuing a Final Rule implementing mandatory cyber incident reporting requirements for DoD contractors and subcontractors. The article can be read here.… Continue Reading
On September 22, 2016, Monika Kuschewsky, a senior lawyer in Covington’s global Data Protection and Cybersecurity practice, hosted a seminar on “The Latest Data Protection Developments Around the Globe”. The third edition of the multijurisdictional handbook Data Protection & Privacy, edited by Ms. Kuschewsky and published by Thomson Reuters in the Sweet & Maxwell International … Continue Reading
By Sari Sharoni On September 16, 2016, the Federal Trade Commission (“FTC”) hosted a workshop on the factors that may contribute to the effect disclosures have on consumer behavior. The workshop, “Putting Disclosures to the Test,” included speakers from a wide range of disciplines and industries, who remarked on aspects of disclosure such as consumer … Continue Reading
By Catlin Meade and Jenny Martin On August 31, 2016 the FTC posted a blog addressing whether compliance with the NIST Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”) necessarily constitutes compliance with FTC cybersecurity practices. The FTC answers this question with a resounding “No” and specifically states: “there’s really no such thing as ‘complying … Continue Reading
By Stephen Kiehl Welcome to the Drone Age. The Federal Aviation Administration’s (“FAA”) long-awaited rule on the commercial use of small unmanned aircraft systems (“UAS” or “drones”) took effect Monday, August 29, 2016, providing a comprehensive and generally applicable set of rules for anyone wishing to operate a small drone for commercial purposes.… Continue Reading
The EU-U.S. Privacy Shield’s recent introduction has created an efficient mechanism to ensure that trans-Atlantic personal data flows are lawful. With that in place, attention is now turning back to restrictions within the EU, particularly around hosting data in cloud computing services. European healthcare is particularly affected by such restrictions. This has motivated a significant … Continue Reading
By Ciarra Chavarria and Keir Gumbs On June 8, 2016, the Securities and Exchange Commission announced that Morgan Stanley Smith Barney LLC (“Morgan Stanley”) had agreed to pay $1 million as a penalty for charges relating to its “failures to protect customer information.” Morgan Stanley’s settlement with the SEC came several months after a federal … Continue Reading
Last week, our colleague Shruti Barker published an article on the Inside Medical Devices Blog, discussing eight data security principles that companies participating in the Precision Medicine Initiative should aim to meet. The Administration’s guidance document additionally recommends a basic framework that organizations collecting, storing, and sharing patient information should adopt as current best practices. The … Continue Reading
By Stephen Kiehl and Hannah Lepow Over the last year, the National Telecommunications and Information Administration, an arm of the Department of Commerce, has convened a series of meetings regarding voluntary best practices for privacy, accountability and transparency in the use of drones (“UAS”) by commercial and private users. A number of stakeholders have participated … Continue Reading
By Helena Marttila-Bridge and Monika Kuschewsky Today, the Article 29 Data Protection Working Party (“Working Party”), a group consisting of representatives from the European data protection authorities, the European Data Protection Supervisor, and the European Commission, published its opinion on the EU-U.S. Privacy Shield draft adequacy decision (“Opinion”) (see here). The Opinion is accompanied by … Continue Reading
