By

Alan Charles Raul

10 October 2018

California and Preemption

As one of the epicenters of the Information Age and largest state in the Nation, California’s regulatory decisions can have an outsize impact on the data economy.  Recently, the State has tried to use this pride of place to stamp its imprint on two important public debates.  First, on September 30, 2018, Governor Brown signed into law the California Internet Consumer Protection and Net Neutrality Act of 2018 (Senate Bill 822), which seeks to impose, as a matter of state law, net neutrality regulation even more restrictive than the federal regime the Federal Communications Commission (FCC) repealed earlier this year.  Second, earlier this year, California enacted (and then subsequently amended) the California Consumer Privacy of 2018, the broadest privacy law in the United States.  As laid out below, these enactments have sparked legal and policy debates over whether California should be able to set rules that could become de facto national standards or whether federal rules do or should preempt California’s efforts.  (more…)

EmailShare
02 October 2018

The Trump Administration’s Approach to Data Privacy, and Next Steps

* This article originally appeared in Law360 on September 27, 2018.

On Sept. 25, 2018, the Trump administration proposed an approach and initiated a process to modernize U.S. data privacy policy.  The administration’s approach is “risk-based” rather than rule-based, and, as such, signals a willingness to move away from a privacy model of mandated notice and choice that has “resulted primarily in long, legal, regulator-focused privacy policies and check boxes.” Rather, the administration is proposing that U.S. privacy policy “refocus” on achieving desirable privacy “outcomes,” such as ensuring that users are “reasonably informed” and can “meaningfully express” their privacy preferences, while providing organizations with the flexibility to continuing innovating with cutting-edge business models and technologies.

(more…)

EmailShare
28 September 2018

Senate Hearing on Federal Privacy Law: Question is Not Whether But What Form

On September 26, the Senate Commerce Committee invited tech and telecom companies to the Hill to discuss safeguards for consumer data privacy. “The question,” noted Chairman John Thune, “is no longer whether we need a federal law to protect consumers’ privacy. The question is what shape that law should take.” The Senators and testifying witnesses expressed strong support for a comprehensive federal privacy law. (more…)

EmailShare
25 September 2018

Movement Towards a Comprehensive U.S. Federal Privacy Law: Witnesses Prepare to Testify in Senate Hearing

The last six months have been busy ones for privacy watchers, with the entry into force of the GDPR and the enactment and amendment of the California Consumer Privacy Act.

An increasing number of eyes are now turning to the U.S. Congress to see how it will react to these developments, and Data Matters – and the privacy community generally – will thus be closely watching the Senate Committee on Commerce, Science, and Transportation on Wednesday, September 26, 2018, when it hosts a hearing titled “Examining Safeguards for Consumer Data Privacy.” (more…)

EmailShare
05 September 2018

Clean-Up Bill Advances to Amend the New California Consumer Privacy Act

On Friday, August 31, the California legislature unanimously passed a host of “clean-up” amendments to the new California Consumer Privacy Act (CCPA), AB 375, as it set about addressing flaws and other concerns in the state’s groundbreaking data privacy law. These amendments are now awaiting Governor Brown’s signature. (more…)

EmailShare
16 July 2018

Privacy as a “Fundamental Right” Clouds Smart Regulation

*Originally Published July 12, 2018 by Chambers and Partners Data Protection & Cyber Security 2018

There is a lot going on with privacy around the world. As discussed in the chapters of this book, significant new laws are being adopted or taking effect, important judicial decisions are being decided to interpret existing legal requirements, and citizens are contending with their own expectations about confounding new technologies and business models. It is not clear, however, that the public policy being developed in any country is a thoughtful reaction to the promises and perils of today’s digital economy, rather than a knee-jerk over-reaction to imagined harms and a handful of high-profile incidents. (more…)

EmailShare
29 June 2018

California Enacts Broad Privacy Laws Modeled on GDPR

On June 28, 2018, California Gov. Jerry Brown signed into law the California Consumer Privacy Act of 2018 (AB 375). According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. It is intended to give consumers more transparency regarding and control over their data and establishes highly detailed requirements for what companies that collect personal data about California residents must disclose.    (more…)

EmailShare
12 June 2018

11th Circuit Vacates LabMD Enforcement Order; Casts Doubt on Decades of FTC Cybersecurity Enforcement Practices

In recent years, the Federal Trade Commission has increasingly exercised its enforcement authority to target deceptive and unfair information security practices.  During this time, enforcement actions have targeted companies for failing to honor their promises to implement “reasonable” or “industry standard” security practices, defend against well-known security threats, put in place basic security measures, or take many other basic data security steps.  And despite challengers arguing that the FTC provided insufficient notice before pursuing these actions or that the actions otherwise exceeded the FTC’s Section 5 enforcement authority, the Commission generally has a track record of successfully defending its prerogatives.     (more…)

EmailShare
18 April 2018

NIST Updates Cybersecurity Framework

*This article first appeared on Law360 on April 17, 2018

On April 17, the National Institute for Standards and Technology (NIST) released an updated version of its standard-setting Cybersecurity Framework.  Commerce Secretary Wilbur Ross announced the new release with a statement saying the “Cybersecurity Framework should be every company’s first line of defense” and “adopting version 1.1 is a must do for all CEO’s.”  Version 1.1 is dated April 16, 2018, and is available at: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf(more…)

EmailShare
02 March 2018

SEC Issues New Guidance on Cybersecurity Disclosure Requirements

On February 21, 2018, the U.S. Securities and Exchange Commission issued interpretive guidance (the Guidance) to assist public companies in drafting their cybersecuritydisclosures in SEC filings. See 83 FR 8166 (Feb. 26, 2018). In his public statement accompanying the issuance of this guidance, SEC Chairman Jay Clayton said he believed that “providing the Commission’s views on these matters will promote clearer and more robust disclosure by companies about cybersecurity risks and incidents, resulting in more complete information being available to investors.”1 In this new guidance, the SEC is likely intending to signal how it may focus future enforcement concerning the cybersecurity disclosure obligations of public companies, and their underlying disclosure controls, procedures and certifications. (more…)

EmailShare
1 2 3 8
XSLT Plugin by BMI Calculator