Global Privacy & Security Compliance Law Blog

Tag Archives: Security Mandates

Anonymous or Not: Court of Justice Issues Ruling on IP Addresses

By Gail Crawford and Ulrich Wuermeling On October 19, 2016, the Court of Justice of the European Union (CJEU) issued a ruling on the question of whether IP addresses constitute personal data. The ruling has direct implications on the general question of when data can be regarded as anonymous and, thus, fall outside the scope of data … Continue Reading

FCC Imposes Record Penalty for Data Breach

On Wednesday, April 8, the Federal Communications Commission (FCC) entered a consent decree and levied a $25 million civil penalty against AT&T to settle a data breach that exposed the information of nearly 280,000 customers.  This order comes on the heels of other recent FCC enforcement actions for privacy violations, demonstrating an invigorated effort by … Continue Reading

SEC Issues Regulation SCI Upping Information Security Requirements for Key Market Participants

The SEC today published in the Federal Register its Regulation SCI (Regulation Systems Compliance and Integrity), which requires key market participants to have and implement written policies and procedures reasonably designed to ensure the availability, confidentiality and integrity of their systems as necessary to assure the fair and orderly operation of the markets.  Among the … Continue Reading

California’s Privacy Laws on the Move

The State of California, long the most proactive U.S. state in enacting data privacy laws, has again modified its breach notification and data protection laws.  This week, Governor Jerry Brown signed two privacy bills into law:  SOPIPA (SB 1177), aimed at regulating the use of student data, and AB 1710, targeting data protection more broadly.  … Continue Reading

Data Security Compliance and APTs: New Insights from “Putter Panda”

By Kevin Boyle and Alex Stout On Monday, the data security firm CrowdStrike released a new report pointing a digital finger at the Chinese Army for cyber espionage against western technology companies. It has long been known that some of the most serious cyber challenges stem from state-sponsored attacks using encryption, customized tools that anti-virus … Continue Reading

FDA Issues Draft Guidance on “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”

By Elizabeth Richards and Kevin Boyle On June 14, 2013, the Food and Drug Administration (“FDA”) issued a draft guidance entitled, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” (“Guidance”). The Guidance was issued in response to growing concerns about IT vulnerabilities due to the increased use of wireless, Internet and network-connected … Continue Reading

HHS Publishes Omnibus HIPAA/HITECH Final Rule

By Susan Ambler Ebersole HHS today published the long-awaited HIPAA/HITECH omnibus final rule.  A pre-publication version of the Rule was released on January 17.  The Rule is effective March 26, 2013, but covered entities and business associates have until September 23, 2013 to comply.  While Latham & Watkins is still engaged in a comprehensive review … Continue Reading

Compliance and Enforcement in the Hospitality Industry Webinar Available

An August 2 webcast on Compliance and Enforcement in the Hospitality Industry  looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.) Some … Continue Reading

FCC Examining Privacy, Security Issues Raised by Stored Customer Information on Mobile Devices

By Brian Murray The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as … Continue Reading

SEC Guidance on Cybersecurity Disclosures

By Kevin Boyle and Kee-Min Ngiam The SEC’s Staff of the Division of Corporation Finance recently issued guidance to help clarify public reporting companies’ disclosure obligations in the area of cybersecurity risks and cyber incidents. The guidance, which does not change existing disclosure obligations for public companies, should help company officers responsible for security, privacy, … Continue Reading

Cyber Security: Getting the Board on Board?

By Gail Crawford and Amy Taylor At the end of 2010, the UK Government raised the national threat level for cyber security risk to Tier One (the same tier as the terrorism threat) and announced it was allocating £650 million (around US $1 billion) to governmental cyber security measures and resilience developments. A recent report … Continue Reading

Unified Approach to US Breach Notification?

As part of its cyber security legislative proposal unveiled on May 12, the Obama administration sent to Congress a proposed Data Breach Notification bill that would supersede similar state laws.  If enacted, the bill would dramatically simplify response to data breaches involving residents from multiple states—a process that is now a maze of requirements, often … Continue Reading

Commerce Department Speaks on Privacy

Following in the wake of the FTC’s report on online tracking, the Commerce Department has issued its “green paper” on privacy. The report is part of the Department’s ongoing review of privacy practices begun in April this year. While it avoids making many specific policy recommendations, the report does recommend the development of Fair Information … Continue Reading

Budget Season Help: More Evidence That Data Protection Spending Cuts Costs

The Ponemon Institute is out with a new Intel-sponsored study concluding, among other things, that lost laptops cost U.S. organizations in excess of $2 billion a year. Yet, two-thirds of companies surveyed still do not take basic security precautions to protect laptops. A look at prior Ponemon work cited in the report suggests failing to … Continue Reading

FTC Issues Long Anticipated Privacy Report

In a long anticipated report entitled Protecting Consumer Privacy in an Era of Rapid Change, a divided U.S. Federal Trade Commission focused on raising consumer awareness and soliciting industry feedback on online tracking and behavioral advertising. Industry is portrayed as “too slow” to improve privacy practices in this arena. The report proposes a normative framework … Continue Reading

Reding Announces Plans for Privacy Reform in Europe

On 4 November 2010, Viviane Reding, Vice-President of the European Commission, presented the plans for a reform of the existing European data privacy legislation. Reding demands strengthened rights for data subjects, a better harmonization of the internal market, a revision of the rulings concerning police cooperation and judicial cooperation, a guarantee for a high level … Continue Reading
LexBlog