By

Alan Charles Raul

22 January 2018

Movement on Section 702 of the Foreign Intelligence Surveillance Act (FISA)

Following months of intense debate, an attempted filibuster, and close votes in both the House and Senate, Congress last week finally extended Section 702 of the Foreign Intelligence Surveillance Act (FISA).

(more…)

SHARE
EmailPrintShare
19 January 2018

FCC and FTC Enter Memorandum of Understanding to Coordinate Regulation of ISPs

Following the recent adoption of the “Restoring Internet Freedom Order” by the Federal Communications Commission (FCC), the FCC and the Federal Trade Commission (FTC) have entered an agreement to coordinate their cooperation on the regulation of ISPs to protect consumer interest. (more…)

SHARE
EmailPrintShare
09 January 2018

Internet of Toys Enforcement: VTech Agrees to COPPA Settlement

On January 8, the FTC announced a settlement with VTech (a maker of electronic children’s toys) for violations of COPPA, adding to the regulatory activity mounting in the last few years around the Internet of Toys.  The company agreed to pay $650,000 to settle allegations that its Kid Connect app and its Learning Lodge platform collected personal information from almost 3,000,000 children without providing direct notice and obtaining their parent or guardian’s consent.  (more…)

SHARE
EmailPrintShare
02 January 2018

Privacy and Cybersecurity Top 10 for 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. We expect each of these trends to continue in 2018.

As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: (more…)

SHARE
EmailPrintShare
13 November 2017

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

On Oct. 18, 2017, the Consumer Financial Protection Bureau (CFPB) released a set of consumer protection principles (Principles) designed to protect consumer interests in the market for services built around consumer-approved use of financial information. The Principles are targeted to so-called “data aggregation” or “screen scraping” services that collect customer information in order to provide financial planning or other services. Over the past few years, data aggregation services and banks have struggled to develop the right model for sharing customer account data. The Principles issued by the CFPB seek to provide a potential data-sharing model for banks and data aggregation services while protecting consumer interests.

(more…)

SHARE
EmailPrintShare
30 October 2017

When And How Cos. Should Address Cyber Legal Compliance

*This post originally appeared in Law 360 on October 24, 2017.

We’ve seen it happen time and again. When a company experiences a major data breach or hacking incident, media attention turns to speculation or allegations about the company’s past history of underinvesting in cyber defenses, its supposed culture of cyber complacency, or its history of unaddressed (but, in retrospect, allegedly clear) vulnerabilities. New information may come to light indicating the victimized company suffered previous breaches months, or years, earlier. Rumors of cyber-inadequacy gain currency among current and former employees and, ultimately, regulators and plaintiffs. Sometimes (but not always), these rumors, allegations, supposition and speculation even turn out to be true. (more…)

SHARE
EmailPrintShare
24 August 2017

Eighth Circuit Rejects Implied Premise that a Hack Is Tantamount to Inadequate Information Security, Ruling Such “ ‘Naked Assertions’ … Cannot Survive a Motion to Dismiss.”

The Eighth Circuit held on August 21 that, in the absence of actual injury in a data breach case, “massive class action litigation should be based on more than allegations of worry and inconvenience.”  The Court found that no customers of the defendant securities brokerage firm had suffered fraud or identity theft resulting in financial loss from a 2013 data security incident.*  Kuhns v. Scottrade, Inc., Nos. 16-3426, 16-3542 (8th Cir. Aug. 21, 2017).

In a decision that is replete with great holdings and quotable language for defendants in data breach litigation, the Eighth Circuit demonstrated that even where constitutional standing is found, plaintiffs will not likely succeed if they can allege no real injury even years after the hack occurred. (more…)

SHARE
EmailPrintShare
23 August 2017

FTC Uber Settlement Mandates a Comprehensive Privacy Program, Sheds Light on “Reasonable Data Security” Expectations, and Underscores Importance of Insider Threat Prevention

On August 15, the FTC announced that it had reached an agreement with Uber to settle allegations that the company had made deceptive claims about its privacy and data security practices. The FTC’s settlement with Uber has important implications for privacy and data security measures that companies could take, and the representations they and their employees make in these areas. It also shed greater light on what the FTC means by “reasonable data security” measures that companies should implement, and underscores the importance of maintaining a robust insider threat prevention program. (more…)

SHARE
EmailPrintShare
19 May 2017

SEC Issues “WannaCry” Ransomware Alert to Broker-Dealers and Investment Companies

On May 17, 2017, the SEC’s Office of Compliance Inspections and Enforcement (OCIE) issued a cybersecurity alert to the securities firms it regulates. OCIE advised broker-dealers and investment companies to take certain actions in connection with the recent WannaCry and Wanna Decryptor ransomware attacks that affected numerous organizations in over one hundred countries.  Specifically, OCIE encouraged firms as follows: (more…)

SHARE
EmailPrintShare
15 May 2017

President Trump Signs Executive Order on Cybersecurity at Federal Agencies

On Thursday, May 11, President Trump signed an executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure.  The order is expected to prompt a broad examination of cybersecurity vulnerabilities at federal agencies and re-orient federal cybersecurity efforts toward modernization and shared services.  The order also reaffirms the previous administration’s approach to cybersecurity protections for critical infrastructure – with increased emphasis on the power grid – and seeks to promote the growth and sustainment of the nation’s cybersecurity workforce in the public and private sectors.  (more…)

SHARE
EmailPrintShare
1 2 3 7
XSLT Plugin by BMI Calculator