The recent showdown over renewal of certain provisions of the USA Patriot Act (often called simply the Patriot Act) and the subsequent enactment of the USA Freedom Act have raised a number of questions about the ongoing impact of these laws on data traversing or being stored in the United States. While the new law takes the NSA out of the direct business of maintaining metadata (which includes phone number called, the time and duration of the call, and location
Kevin Boyle
Kevin Boyle advises clients on security and privacy issues arising in connection with a broad array of transactions as well as in responding to security incidents and dealing with promotion and marketing issues. Working with enterprises large, small and in between, he guides clients in developing practical solutions to privacy and security compliance issues that reduce both risk and cost. Kevin’s approach is guided by his role as chair of Latham’s global security and privacy compliance program where he “enjoys” a client’s perspective of many of the issues that face privacy and security professionals. With the firm since 1987, Kevin has nearly 15 years of experience in dealing with privacy and security issues.
SEC Issues Regulation SCI Upping Information Security Requirements for Key Market Participants
The SEC today published in the Federal Register its Regulation SCI (Regulation Systems Compliance and Integrity), which requires key market participants to have and implement written policies and procedures reasonably designed to ensure the availability, confidentiality and integrity of their systems as necessary to assure the fair and orderly operation of the markets. Among the specific requirements are periodic testing, annual systems review and disclosure of “SCI events” – including both functional and security issues. In addition to security issues,…
California’s Privacy Laws on the Move
The State of California, long the most proactive U.S. state in enacting data privacy laws, has again modified its breach notification and data protection laws. This week, Governor Jerry Brown signed two privacy bills into law: SOPIPA (SB 1177), aimed at regulating the use of student data, and AB 1710, targeting data protection more broadly. Taken together, these bills highlight the continuing compliance challenges facing American businesses which must conform not only to state-specific privacy standards, but also monitor…
Cookie Compliance Check Results Announced by Hong Kong Data Privacy Commissioner
The Office of Hong Kong’s Privacy Commissioner for Personal Data (PCPD) recently announced the results of compliance checks on the collection of “cookies” by local banks in response to earlier media reports and a survey by the Hong Kong Monetary Authority (HKMA).
According to media reports from September 2010, some local banks in Hong Kong required their customers to accept cookies for use of Internet banking services without informing customers of the type of data to…
Compliance and Enforcement in the Hospitality Industry Webinar Available
An August 2 webcast on Compliance and Enforcement in the Hospitality Industry looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.)
Some of the key points covered in the discussion include:
- While attackers can be persistent and use sophisticated tools, most breaches result from the failure
…
California AG’s Office Establishes Privacy Enforcement Unit
By Jennifer Archie, Kevin Boyle and Ghaith Mahmood
As the home of the largest online and mobile businesses and platforms, and no doubt seeking to maintain the reputation of her state as one of those leading the nation in enactment and enforcement of privacy laws and regulations, California Attorney General Kamala D. Harris on Thursday announced the formation of a Privacy Enforcement and Protection Unit within the Office of the Attorney General.
The unit is intended to enforce laws related to…
NTIA Announces First Privacy Multistakeholder Meeting Pursuant to Obama Administration Privacy Blueprint
Focus on Mobile App Transparency
Pursuant to the Obama Administration’s blueprint for consumer privacy released in February (and in accord with a request for comments published in March), the National Telecommunications and Information Administration (NTIA) has issued a notice setting July 12, 2012, as the date for the first meeting in its privacy multistakeholder process. Mobile app transparency will be the focus of the first meeting.
The process “will encourage stakeholders to develop a code of conduct that promotes transparent disclosures…
SEC Guidance on Cybersecurity Disclosures
By Kevin Boyle and Kee-Min Ngiam
The SEC’s Staff of the Division of Corporation Finance recently issued guidance to help clarify public reporting companies’ disclosure obligations in the area of cybersecurity risks and cyber incidents. The guidance, which does not change existing disclosure obligations for public companies, should help company officers responsible for security, privacy, or securities compliance, as well as securities law practitioners, better understand the Staff’s expectations on disclosure in this area. Our recent Client Alert reviews the…
Unfair Software Design: Lessons from the FTC’s Proposed Frostwire Consent Judgment
A recent proposed FTC consent judgment sends a warning to avoid default program settings that compromise privacy when setup routines create the impression they do not. The FTC’s underlying complaint against Frostwire LLC, developer of P2P file-sharing applications, alleged that the firm’s software for the Android platform “was likely to cause a significant number of consumers installing and running it to unwittingly share personal files stored on their mobile computing devices with the public.” It’s desktop software allegedly “conveyed a…
Commerce Department Speaks on Privacy
Following in the wake of the FTC’s report on online tracking, the Commerce Department has issued its “green paper” on privacy. The report is part of the Department’s ongoing review of privacy practices begun in April this year. While it avoids making many specific policy recommendations, the report does recommend the development of Fair Information Privacy Principles, creation of a privacy office within the Department, and consideration of a national data security breach notification law. The themes are…