Archives: United States

Subscribe to United States RSS Feed

Release of Cybersecurity EO May Have Notable Impact in Communications, Energy, and Defense Industrial Base Critical Infrastructure Sectors

The Trump Administration appears likely to release an Executive Order on Cybersecurity.  The most recent draft suggests this Executive Order may have notable impact in the Communications, Energy, and Defense Industrial Base sectors.  However, it remains unclear if and when the current draft will be signed. President Trump originally was scheduled to sign an Executive … Continue Reading

FTC Comments on NTIA’s Cybersecurity Vulnerability Disclosure Template

The FTC released public comments yesterday on the National Telecommunications and Information Administration’s (NTIA) draft “Early Stage” Coordinated Vulnerability Disclosure Template released in December 2016.  The draft template was released by the NTIA Safety Working Group as part of a multistakeholder process that convened security researchers and software and system developers and owners to address … Continue Reading

Senators Seek Answers from DHS on Privacy Aspects of Trump Order, Including Privacy Shield

On February 9, 2017, six Democratic senators wrote to DHS Secretary John Kelly about their concerns over a Trump executive order that would remove Privacy Act protections for non-U.S. citizens and lawful permanent residents. Senators Ed Markey (MA), Ron Wyden (OR), Jeff Merkley (OR), Al Franken (MN), Chris Coons (DE), and Mazie Hirono (HI) wrote … Continue Reading

European Commission Dismisses Privacy Shield Concerns Over Trump Executive Order

On January 25, 2017, President Trump signed a new Executive Order on Enhancing Public Safety in the Interior of the U.S.  Among other elements, the Executive Order directs U.S. government agencies to “ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy … Continue Reading

FTC Releases Cross-Device Tracking Report

The Federal Trade Commission yesterday released its report on cross-device tracking.  The report, which follows the Commission’s November 2015 Cross-Device Tracking Workshop, describes some of the current approaches to track consumers across multiple connected devices, discusses industry self-regulatory approaches to protect consumer privacy, and offers recommendations for how to apply longstanding FTC principles like transparency, … Continue Reading

Commerce Releases Green Paper on Approach to Supporting IoT, Seeks Public Comment

The Department of Commerce released a “green paper” earlier this month proposing steps the Department can take to advance and support the Internet of Things (“IoT”).  The report includes recommendations based on comments submitted to the Department in response to an April 2016 Request for Comment as well as feedback from a September 2016 IoT … Continue Reading

Switzerland and US Announce New Commercial Data Transfer Framework

On January 12, 2017, the U.S. Federal Trade Commission announced the adoption of a Swiss-U.S. Privacy Shield, to replace the existing Swiss-U.S. Safe Harbor Agreement.  Companies have a three month grace period to switch from the old to the new regime. The Swiss version of the Privacy Shield had to be negotiated following the invalidation … Continue Reading

U.S. Supreme Court Denies Cert In VPPA Case

Yesterday, the Supreme Court denied certiorari in In re Nickelodeon Consumer Privacy Litigation, a case addressing whether static digital identifiers like internet protocol (IP) addresses qualify as personally identifiable information (PII) under the Video Privacy Protection Act (VPPA).  As a result, the Third Circuit’s June 27, 2016 decision in the case—which held that IP addresses … Continue Reading

House Members Reintroduce Email Privacy Act

On January 9, 2017, Representatives Kevin Yoder (R-Kan.) and Jared Polis (D-Colo.) reintroduced the Email Privacy Act.  According to Rep. Yoder’s spokesman, the text of the bill is similar to the version the House of Representatives unanimously approved last April, but which did not pass the Senate.  As we previously reported, the proposed changes would … Continue Reading

Reports Suggest New York DFS to Revise Proposed Cyber Regulations and Delay Implementation

Based on reports citing New York Department of Financial Services (“DFS”) sources (see here and here), DFS may propose a revised version of its first-in-the-nation cybersecurity regulations on December 28, 2016.  That revision would be followed by a new 30-day comment period, with the revised regulations scheduled to take effect on March 1, 2017. This … Continue Reading

Industry Reacts to New York’s Proposed Cybersecurity Regulation for Financial Services Institutions

On December 19, 2016, the New York State Assembly Standing Committee on Banks heard testimony about a proposed regulation introduced by the New York State Department of Financial Services that would require financial services companies to develop and implement cybersecurity programs to defend against cyber-attacks.  As we covered when Governor Andrew Cuomo announced this first-in-the-nation … Continue Reading

Twenty-First Century Cures Act Includes HIPAA Provisions

A new post over on Covington’s eHealth blog discusses HIPAA-related provisions in the Twenty-First Century Cures Act, signed by President Obama on December 13.   These provisions direct HHS to consider HIPAA’s effects on mental health treatment and the availability of health data for research purposes.  Read the full post here.… Continue Reading

White House Issues Report on Artificial Intelligence and the Economy

On December 20, 2016, the White House released a report examining the potential economic effects of artificial intelligence (“AI”).  This report follows closely on the heels of another released by the White House only two months ago that explored more broadly the questions raised for society and public policy by progress in AI. The December … Continue Reading

Data Breach Allegations Sufficient for Standing After Spokeo, Court Says

On Monday, the U.S. District Court for the District of Kansas ruled that the named plaintiff for a putative class of CareCentrix employees whose personal information was compromised had alleged enough harm for standing under Spokeo, Inc. v. Robins.  The case is Hapka v. CareCentrix, Inc. In early 2016, a phishing attack compromised defendant CareCentrix’s systems, … Continue Reading

Ashley Madison Settles Data Security and Deception Charges

The FTC announced today that it has reached a settlement with the operators of AshleyMadison.com (Ashley Madison) for alleged data security deficiencies and deceptive trade practices.  According to the FTC, Ashley Madison, a dating website for married individuals, was hacked in July 2015, leading to the release of 36 million users’ account and profile information.  … Continue Reading

Inside Privacy Named to ABA Blawg 100

We’re honored to announce that InsidePrivacy has been included in the American Bar Association’s Annual Blawg 100, the ABA’s annual list of 100 best law blogs, for 2016.  In including InsidePrivacy in its tenth anniversary list of top blogs, the ABA noted:  “Covington & Burling bloggers address the struggles of courts and governments around the … Continue Reading

The Commission on Enhancing National Cybersecurity Releases Its Report on Securing and Growing the Digital Economy

On December 1, 2016, the Commission on Enhancing National Cybersecurity released its Report on Securing and Growing the Digital Economy. In its Report, the Commission, established in February 2016 by President Obama, provided detailed short- and long-term recommendations to strengthen cybersecurity in the public and private sectors. The Commission took a multi-stakeholder approach, emphasizing the … Continue Reading

European Parliament Approves EU-U.S. Umbrella Agreement

Yesterday, the European Parliament voted to approve the EU-U.S. Umbrella Agreement, a framework for the exchange of personal data for law-enforcement (including anti-terrorism) purposes between the EU and U.S.  As we previously explained, negotiations on this Agreement have been underway for quite some time, with the European Parliament first calling for it back in March … Continue Reading

FTC Releases Privacy Disclosure Staff Summary

On November 30, the FTC released a staff summary of its September 15, 2016 public workshop, Putting Disclosures to the Test.  Numerous goods and services, from home appliances to financial services, make use of disclosures to inform users of their privacy practices.  These disclosures—whether delivered offline or online, via text, video, or audio—are a key … Continue Reading

Appellate Court Stays Enforcement of FTC’s LabMD Order

In an order released last week, the Eleventh Circuit temporarily delayed enforcement of the Federal Trade Commission’s (FTC) order in the LabMD case.  As we reported earlier, the FTC ruled in July that LabMD’s data security practices violated the FTC Act, clarifying and expanding upon the FTC’s authority to regulate corporate data security practices.  After … Continue Reading

California Judge Upholds CPUC Order to Share Confidential Subscriber Data, But Subject to Adequate Protective Order

On November 3, Judge Vince Chhabria of the U.S. District Court of the Northern District of California held that federal law does not bar the California Public Utilities Commission (CPUC) from requiring telecommunications companies to hand over, under an adequate protective order, confidential subscriber data to The Utility Reform Network (TURN) as part of an … Continue Reading

FTC Issues Guidance for Responding to Data Breaches

On Tuesday, the FTC issued new guidance for businesses on responding to data breaches, along with an accompanying blog post and video.  The data breach response guidance follows the issuance of the FTC’s “Start with Security” data security guidance last year and builds upon recent FTC education and outreach initiatives on data security and cybersecurity … Continue Reading
LexBlog