By

Colleen Theresa Brown

09 January 2018

Internet of Toys Enforcement: VTech Agrees to COPPA Settlement

On January 8, the FTC announced a settlement with VTech (a maker of electronic children’s toys) for violations of COPPA, adding to the regulatory activity mounting in the last few years around the Internet of Toys.  The company agreed to pay $650,000 to settle allegations that its Kid Connect app and its Learning Lodge platform collected personal information from almost 3,000,000 children without providing direct notice and obtaining their parent or guardian’s consent.  (more…)

SHARE
EmailPrintShare
02 January 2018

Privacy and Cybersecurity Top 10 for 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. We expect each of these trends to continue in 2018.

As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: (more…)

SHARE
EmailPrintShare
18 December 2017

DFARS Cyber Compliance And Potential For FCA Risk

*This article first appeared in Law360 on December 18, 2017.

For well over a year, defense contractors have had New Year’s Eve 2017 circled on their calendars, and not because they love the “auld lang syne” and a good glass of champagne. (Or at least not only for those reasons.) Dec. 31, 2017, is the deadline for when covered contractors must comply with the U.S. Department of Defense’s new Defense Federal Acquisition Regulation Supplement (DFARS) cybersecurity requirements. This holiday season contractors are thus making their lists and checking them twice in order to ensure that they will be compliant by the end of the year. And this intense focus is well warranted. The DOD is deeply committed to protecting its information, and the requirements are an important step in that regard.

But for all of the focus on Dec. 31, contractors must also remember that the focus on compliance must remain into the New Year — and beyond. New technologies will emerge. Contractors will buy new systems and hire new employees. And all the while, internal security teams will be trying to stay a step ahead of hackers and “white hat” security researchers. In short, despite contractors’ best efforts, gaps may be identified at any time. Moreover, these gaps may carry with them real consequences — not only the possibility of contract termination, but also the risk of costly and disruptive False Claims Act investigations and lawsuits, with the specter of treble damages, and the possibility of suspension and debarment, lurking. It is thus crucial that contractors continue to be vigilant about the regulations, and take steps to enable them to demonstrate their vigilance and compliance, in order to best position themselves to avoid liability.

Read More

SHARE
EmailPrintShare
07 December 2017

U.S. Treasury Expresses National Perspective In Response to NAIC Insurance Data Security Model Law

On October 26, 2017, the U.S. Department of Treasury released a 176-page Report examining the current regulatory framework for asset management and insurance industries.  The Report, titled A Financial System That Creates Economic Opportunities: Asset Management and Insurance, identifies laws and regulations that are inconsistent with the Trump Administration’s Core Principles for financial regulation as set forth in Executive Order 13772 (Feb. 3, 2017), and makes recommendations to ensure alignment.  For data privacy and security, the Report commented on the Insurance Data Security Model Law (the “Model Law”) adopted by the National Association of Insurance Commissioners’ (the “NAIC”) on October 24, 2017 (for more information on the development of the Model Law, see our prior coverage).  The Model Law attempts to set a baseline for cybersecurity, although it depends on legislative action on the state level. (more…)

SHARE
EmailPrintShare
13 November 2017

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

On Oct. 18, 2017, the Consumer Financial Protection Bureau (CFPB) released a set of consumer protection principles (Principles) designed to protect consumer interests in the market for services built around consumer-approved use of financial information. The Principles are targeted to so-called “data aggregation” or “screen scraping” services that collect customer information in order to provide financial planning or other services. Over the past few years, data aggregation services and banks have struggled to develop the right model for sharing customer account data. The Principles issued by the CFPB seek to provide a potential data-sharing model for banks and data aggregation services while protecting consumer interests.

(more…)

SHARE
EmailPrintShare
24 October 2017

NIST’s Digital Identity Guidelines Favor the User

With the continued rise of data breaches rooted in a compromise of user credentials, interest has continued to build in more secure form of digital identities for authentication.  Supporting controls for federal agencies as well as innovation in the market, the National Institute of Standards and Technology (“NIST”) published its four-volume Digital Identity Guidelines earlier this year on June 22, 2017. The Guidelines encourage online service providers (“OSPs”) to adopt design practices that promise to reduce unnecessary user frustration with password and identity verification systems, while at the same time increasing security.  The primary purpose of the Guidelines is to promulgate technical requirements for federal agencies, businesses, however, could use the Guidelines as a baseline for their own cybersecurity systems—both to establish credibility and enhance the user experience. (more…)

SHARE
EmailPrintShare
02 October 2017

Illinois’ Governor Vetoes the Geolocation Privacy Bill

On September 22, 2017, Illinois Governor Bruce Rauner vetoed the proposed Geolocation Privacy Protection Act, which sought to limit the collection, use, retention, or disclosure of precise geolocation data from a mobile device without a person’s prior express and written consent.  The General Assembly originally passed the bill on June 27, 2017.  (For more background on the bill, see Illinois Becomes the First State to Pass a Geolocation Privacy Protection Bill (July 5, 2017)). (more…)

SHARE
EmailPrintShare
31 August 2017

Delaware Expands Data Breach Notification Statute

Governor John Carney signed Delaware’s updated breach notification law on August 17, 2017.  The revised law, which will come into force on April 14, 2018, includes key changes to the definition of personal information, introduces credit monitoring obligations, and heightens notice requirements. The law will also create new general information security requirements. (more…)

SHARE
EmailPrintShare
14 August 2017

State Privacy Laws: New Jersey Passes Consumer Privacy Act

State laws governing the collection and use of personal information continue to proliferate. The latest comes from New Jersey, which on July 21, 2017, signed into law legislation that restricts a merchant’s ability to collect personal data of shoppers and share such data with third parties.  New Jersey’s Personal Information Privacy and Protection Act permits retailers to scan an identification card only for certain purposes—such as verifying the consumer’s identity—and requires retailers to store such data securely.  Further, a retailer may not share the data with a third party unless the retailer discloses its data-sharing practices to the consumer. (more…)

SHARE
EmailPrintShare
03 August 2017

House Panel Advances Bill to Ease Safety Restrictions on Autonomous Vehicles

Federal legislation on the regulation of self-driving cars may be gaining traction.  The House Energy and Commerce Committee approved a bipartisan bill that would ease safety restrictions on self-driving cars and preempt state laws banning “highly automated systems” or self-driving vehicles to allow designers to test and deploy cars on the road.  The Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution Act (the “SELF DRIVE Act”) bill passed the House Committee with a 54-0 vote.  It would facilitate the release by automakers of 25,000 automated vehicles in the first year and up to 100,000 automated vehicles annually, starting in the third year after the bill’s effective date.  (more…)

SHARE
EmailPrintShare
1 2 3 7
XSLT Plugin by BMI Calculator