Photo of James Yoon

James Yoon is an associate in the firm’s Data Privacy and Cybersecurity Practice Group. Prior to joining the firm, he served as a law clerk to Judge J. Clifford Wallace on the U.S. Court of Appeals for the Ninth Circuit and Judge Barbara M.G. Lynn on the U.S. District Court for the Northern District of Texas.

James is a member of the Bar of California. District of Columbia bar application pending; supervised by principals of the firm.

Introduction

In this update, we detail the key legislative developments in the second quarter of 2021 related to artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and federal privacy legislation.  As we recently covered on May 12,  President Biden signed an Executive Order to strengthen the federal government’s ability to respond to and prevent cybersecurity threats, including by removing obstacles to sharing threat information between private sector entities and federal agencies and modernizing federal systems.  On the hill, lawmakers have introduced a number of proposals to regulate AI, IoT, CAVs, and privacy.
Continue Reading U.S. AI, IoT, CAV, and Privacy Legislative Update – Second Quarter 2021

On September 30, 2020, the Cybersecurity and Infrastructure Security Agency (“CISA”) and the Multi-State Information Sharing and Analysis Center (“MS-ISAC”) released a joint guide synthesizing best practices to prevent and respond to ransomware.  This guide was published the day before OFAC and FinCEN released their coordinated guidance on ransomware attacks that we previously summarized here.

Ransomware is malware that encrypts data on a victim’s device, thus rendering the data inaccessible, until a ransom is paid in exchange for decryption.  Both the nature and scope of ransomware incidents have become “more destructive and impactful” in recent years.  In particular, tactics of malicious actors include threatening to release stolen data or publicly naming victims as part of the extortion.  Accordingly, the guide encourages organizations to take proactive efforts to manage risks posed by ransomware and recommends a coordinated response to mitigate its impact.
Continue Reading CISA and MS-ISAC Release Joint Guide on Ransomware

In a new post on the Covington Inside Tech Media Blog, our colleagues discuss the National Institute of Standards and Technology’s draft of the Four Principles of Explainable Artificial Intelligence (NISTIR 8312), which seeks to define the principles that capture the fundamental properties of explainable AI systems.  Comments on the draft will be accepted

On January 6, 2020, the Federal Trade Commission (FTC) sued a California-based mortgage broker for allegedly disclosing the personal information of customers who left negative Yelp reviews, and filed a settlement of the claims.

According to the complaint, Ramon Walker is the owner and operator of Mortgage Solutions FCS, Inc., a broker connecting residential mortgage lenders with prospective borrowers.  In providing its services, Mortgage Solutions allegedly obtains personal information directly from its customers and from their credit reports.

In response to negative customer reviews on Yelp, Walker allegedly posted comments that disclosed many reviewers’ personal information.  The complaint explains that Walker’s comments, publicly available on Yelp, discussed the reviewers’ “sources of income, debt-to-income ratios, credit history, taxes, family relationships, and health.”  For example, one comment disclosed a reviewer’s missed and late payments to banks, and publicly stated, “[a]ll of these late payments are having an enormous negative impact on your credit score.”
Continue Reading FTC Settles with Broker Who Allegedly Disclosed Personal Information of Yelp Reviewers

On December 18, 2019, staffers on the House Energy and Commerce Committee circulated a draft of a bipartisan privacy bill.  The draft is currently unnamed and unfinished, but it lays out a comprehensive framework that expands both individuals’ rights to their data and the FTC’s enforcement role over digital privacy.  Rep. Cathy McMorris-Rodgers (R-Wash.) and Rep. Jan Schakowsky (D-Ill.) have been particularly involved in working on the bill.

“We welcome input from all interested stakeholders and look forward to working with them going forward,” an Energy and Commerce spokesperson told The Hill.  “This draft seeks to protect consumers while also giving data collectors clear rules of the road.  It reflects many months of hard work and close collaboration between Democratic and Republican Committee staff.”

The draft bill echoes many of the provisions in the Consumer Online Privacy Rights Act (COPRA) introduced last month by Democratic senators.  However, unlike COPRA, the bill is silent on two notable issues: whether individuals have a private right of action to assert violations and whether the bill would preempt state laws. 
Continue Reading House Energy and Commerce Committee Circulates Draft Privacy Bill Expanding FTC Authority

On November 26, 2019, a group of Democratic senators introduced the Consumer Online Privacy Rights Act (COPRA).  This comprehensive privacy bill—sponsored by Senators Maria Cantwell (D-WA), Brian Schatz (D-HI), Amy Klobuchar (D-MN), and Ed Markey (D-MA)—would grant individuals broad control over their data, impose new obligations on data processing, and expand the FTC’s enforcement role over digital privacy.

“In the growing online world, consumers deserve two things: privacy rights and a strong law to enforce them,” Senator Cantwell explained. “They should be like your Miranda rights—clear as a bell as to what they are and what constitutes a violation.”

Here are some key elements of the bill:
Continue Reading Democratic Senators Introduce the Consumer Online Privacy Rights Act