Last week, President Trump nominated four new commissioners to the Federal Trade Commission (“FTC”):  Joseph J. Simons, an antitrust attorney, as Chairman; Noah Joshua Phillips, chief counsel for Senate Majority Whip John Cornyn (R-Texas), for the second Republican seat; Christine Wilson, an executive for Delta Air Lines, for the third Republican seat; and Rohit Chopra, a senior fellow at the Consumer Federation of America, for a Democratic seat.  By statute, no more than three commissioners may be members of the same political party.  The fifth spot on the Commission would remain vacant pending an additional nomination by the President.

If confirmed by the Senate, these four nominees would establish a Republican majority at the FTC.  Since early last year, the agency has been operating with just one Commissioner from each party – Acting Chairman Maureen Ohlhausen and Democratic Commissioner Terrell McSweeny.  Earlier in the week, President Trump also announced his intent to nominate Acting Chairman Ohlhausen for a seat on the U.S. Court of Federal Claims.  Therefore, these new nominations would completely change the composition of the Commission.


Continue Reading President Trump Nominates Four New Commissioners to FTC

The White House released on November 15, 2017 the Vulnerabilities Equities Policy and Process for the United States Government (“VEP”) — the process by which the Government determines whether to disseminate or restrict information about new, nonpublic vulnerabilities that it discovers.  This release was motivated by criticism following the allegations that significant cyber-attacks have exploited

Last week, the Office of Management and Budget issued an updated breach response policy for federal agencies, replacing a policy last updated in 2007.  The policy, set forth in memorandum M-17-12, provides minimum standards for federal agencies in preparing for and responding to breaches of personally identifiable information (PII).   In addition to setting forth

Yesterday, the White House announced a series of workshops and an interagency working group devoted to the benefits and risks of artificial intelligence (AI).  The announcement cited the growing influence of AI, and specifically its potential applications in healthcare, education, and transportation.  On the other hand, the announcement noted the potential risks and policy challenges of AI, such as the potential for job losses and the challenges of predicting and controlling AI technology.
Continue Reading White House Announces Artificial Intelligence Workshops and Working Group

Following the announcement of the President’s Cybersecurity National Action Plan (CNAP), an initiative designed to “enhance cybersecurity capabilities within the Federal Government and across the country,” the White House has released a fact sheet outlining the different components of the CNAP.  The announcement of the CNAP follows the President’s request for $19 billion in funding for cybersecurity initiatives in fiscal year 2017, an increase of 35% over the previous year’s request.  The CNAP includes a mixture of near-term measures and long-term objectives, with the ultimate goal of enhancing the federal government’s cybersecurity posture while encouraging private citizens and businesses to do the same.  Some of the most significant aspects of the CNAP, discussed further below, include:

  • The launch of a cybersecurity awareness campaign to promote the use of multi-factor authentication;
  • A “systematic” review by the White House to identify areas where the federal government can reduce the use of Social Security Numbers as individual identifiers;
  • Plans for the development of a Cybersecurity Assurance Program to test and certify connected devices against certain security standards;
  • The creation of a Chief Information Security Officer (CISO) position within the federal government, coupled with a $3.1 billion initiative to modernize federal agencies’ IT systems and applications;
  • The establishment of a commission of private sector cybersecurity experts to offer recommendations on cybersecurity initiatives; and
  • The establishment of a Federal Privacy Council, composed of representatives from various key federal agencies, to coordinate guidelines for the federal government’s collection and storage of data.


Continue Reading White House’s Cybersecurity National Action Plan (CNAP) Includes Cybersecurity Awareness Campaign, Creation of Federal Privacy Council

By Caleb Skeath

As we reported yesterday, the Congressional Privacy Bill has been released, following the release of the White House’s proposal for a privacy bill in late February.  The bill contains the Commercial Privacy Rights Act of 2015, the Congressional counterpart to the White House’s proposal, along with data breach notification provisions and the “Do Not Track Kids Act of 2015,” which proposes substantial revisions to the Children’s Online Privacy Protection Act (COPPA).  As with the White House proposal, the Privacy Rights Act would implement a comprehensive regime of substantive privacy requirements.  Our analysis of the Commercial Privacy Rights Act is below, and we will separately post further analysis of the data breach provisions as well as the Do Not Track Kids Act.
Continue Reading Congressional Privacy Bill: Commercial Privacy Rights Act of 2015

As we reported earlier today, the long-awaited White House draft of privacy and data security legislation has been released. While the United States does not today have a comprehensive privacy and data security law, the proposed Consumer Privacy Bill of Rights would impose a suite of substantive privacy and data security obligations across sectors and industries. Our sense is that it would be uphill battle for this sort of sweeping privacy legislation to gain traction in Congress over the next two years.

We have answered your key questions about this proposed legislation below, including:

Who would the bill apply to?

How is “personal data” defined under the bill?

What are the substantive obligations?

Are there any safe harbors?

How would the bill be enforced?

Does the bill preempt state laws?


Continue Reading White House Privacy Bill: A Deeper Dive

The White House’s much anticipated draft privacy legislation has now been released.   We are digesting its content now and will post an update with some additional comments shortly.

The draft appears to include an expansive definition of “personal data.”  In addition, early press reports note that the draft bill would require companies to inform consumers