Category

Policy

24 May 2018

GDPR Day is Here!

Whether you are marking today with a glass of champagne, a shot of whiskey, or a hot cup of tea, today marks a significant day for privacy professionals world-wide.

Here’s to all of the privacy professionals who have put in so many hours to prepare for the GDPR, fully effective as of Friday May 25, 2018 at midnight in Brussels; that is 6 PM eastern on Thursday, May 24th for toasting purposes.

For business executives, policymakers, and consumers who have become aware of the GDPR in recent weeks and are interested in learning more, visit our GDPR resource page here.

EmailPrintShare
23 May 2018

FCC Asks for Input After ACA International v. FCC

The Telephone Consumer Protection Act (TCPA) bar has been reeling ever since the U.S. Court of Appeals for the D.C. Circuit overturned a couple of key Federal Communications Commission (FCC) rules in ACA International v. FCC, including the FCC’s overbroad interpretation of the definition of an autodialer. However, the ruling still left several key provisions in place that facilitate the potential for significant liability and sow uncertainty for everyday business and compliance operations. Now the commission has issued a public notice seeking input about how it should interpret the TCPA. Comments are due June 13, 2018, with replies due June 28. (more…)

EmailPrintShare
22 May 2018

Supreme Court Finds Expectation of Privacy for Rental Car Driver

In its preview of hot privacy and cybersecurity topics for 2018, Data Matters noted that this year the Supreme Court was scheduled to decide a number of cases with potentially substantial privacy implications.  This past week, the Court issued its opinion in one such case, Byrd v. United States, a case concerning “whether a driver has a reasonable expectation of privacy in a rental car when he or she is not listed as an authorized driver on the rental agreement.”  Concluding that a driver does have such an expectation, the Court issued a narrow and unanimous opinion that, as laid out below, could have implications for commercial privacy expectations in other contexts. (more…)

EmailPrintShare
17 May 2018

Georgia Governor Vetoes Broad-Reaching Computer Crime Bill, Highlighting Debate Around Bug Bounty Programs

On May 8, Georgia Governor Nathan Deal announced that he was vetoing Senate Bill 315 (“SB 315” or “the bill”), cybersecurity legislation that would have expanded the criminalization of “unauthorized computer access” to capture, in addition to traditional hacking, activity that opponents warned is necessary to robust private and public sector cyber defense.  In his veto statement, Governor Deal commented that parts of SB 315 “have led to concerns regarding national security implications and other potential ramifications” that caused him to conclude that “while intending to protect against online breaches and hacks, SB 315 may inadvertently hinder the ability of government and private industries to do so.” (more…)

EmailPrintShare
15 May 2018

DFAR Cybersecurity FAQs Provide Practical Guidance Highlighting Expansive Scope of Contractor Requirements

For defense contractors, January 1, 2018 brought with it not only a new year, but also a new era – an era in which contractors must comply with the entire set of more detailed cybersecurity requirements under Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012.  As we have flagged before on Data Matters, this DFRAS provision applies to all Department of Defense (DOD) contracts (except for those involving commercial, off-the-shelf items) and places a number of substantial obligations on contractors, including that they comply with the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, “Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations,” and report certain cyber incidents to DOD. (more…)

EmailPrintShare
25 April 2018

Sidley Austin Embraces ABA Privacy Law Specialist Accreditation Opportunity; You Can, Too

*This Article Recently appeared in the IAPP’s The Privacy Advisor on April 24th, 2018

The IAPP’s Privacy Advisor recently published the below article on the ABA’s Privacy Law Specialist designation, describing how to apply and receive the designation, and highlighting how Sidley Austin is the first law firm to embrace the accreditation broadly.  Read the full article written by the IAPP’s Molly Hulefeld here.

EmailPrintShare
23 April 2018

An Approach to Cybersecurity Risk Oversight for Corporate Directors

*This article first appeared in In-House Defense Quarterly on April 3, 2018

The growing volume and severity of cyber-attacks directed against public companies has caught the attention of federal regulators and investors. Recent guidance from the Securities and Exchange Commission (SEC) on disclosure and enforcement actions by the Federal Trade Commission (FTC) make clear that cybersecurity is no longer a niche topic, but a concern significant enough to warrant the oversight of corporate boards of directors. A high-profile cyber incident may cause substantial financial and reputational losses to an organization, including the disruption of corporate business processes, destruction or theft of critical data assets, loss of goodwill, and shareholder and consumer litigation. More and more, directors are viewing cyber-risk under the broader umbrella of corporate strategy and searching for ways to help mitigate that risk. Increasingly, thought leaders, professional organizations, and government agencies are beginning to provide answers. (more…)

EmailPrintShare
18 April 2018

NIST Updates Cybersecurity Framework

*This article first appeared on Law360 on April 17, 2018

On April 17, the National Institute for Standards and Technology (NIST) released an updated version of its standard-setting Cybersecurity Framework.  Commerce Secretary Wilbur Ross announced the new release with a statement saying the “Cybersecurity Framework should be every company’s first line of defense” and “adopting version 1.1 is a must do for all CEO’s.”  Version 1.1 is dated April 16, 2018, and is available at: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf(more…)

EmailPrintShare
16 April 2018

Hong Kong Issues EU Data Privacy Law Guidance on the upcoming GDPR

The Hong Kong Office of the Privacy Commissioner for Personal Data (the “Hong Kong Data Privacy Commissioner”) has recently published compliance guidance on the upcoming GDPR to raise awareness in Hong Kong companies about the potential effects and reforms needed in order to comply with the new GDPR requirements. (more…)

EmailPrintShare
1 2 3 5
XSLT Plugin by BMI Calculator