FTC Releases New Data Security Guidance for Businesses, Announces Conference Series

Written by
The Federal Trade Commission has released new guidance, called “Start with Security,” intended to assist businesses to improve their data security practices based on lessons learned from its 53 data security cases to date.  Issued on June 30, 2015, the guidance “distill[s] the facts of those cases down to their essence” in ten “lessons to learn that touch on vulnerabilities that could affect your company.” The ten lessons are as follows: Start with security.  The FTC advises businesses to factor security into its business processes from the beginning.  It also reminds businesses [...] Read more

Alston & Bird Issues an International Trade & Regulatory/Cybersecurity Advisory on Proposed New Export Requirements for Cybersecurity Products and Technologies

Written by
Alston & Bird recently issued an Advisory on a new regulation proposed by the Department of Commerce’s Bureau of Industry Security (BIS), which would require certain developers, manufacturers, and users of cybersecurity intrusion and surveillance items to obtain export licenses before conducting business and performing their work—even when working with their affiliated companies or with business partners in the most closely allied countries.  The new requirement is being implemented pursuant to the United States’ commitments under the Wassenaar Arrangement on Export Controls for Conventional [...] Read more

Alston & Bird Attorneys Honored with 2015 Burton Award

Written by
Partners Kimberly Peretti and Jessica Corley, Senior Associate Kelley Barnaby, and Associate Lauren Tapson were honored with a 2015 Burton Award for Legal Achievement for their analysis of the corporate governance risks associated with cyber-attacks and the critical role played by boards of directors in addressing those risks. William Burton, author of Burton’s Legal Thesaurus, started the Burton Awards in 1999 to honor clarity, knowledge, and innovation demonstrated in a published legal article.  The winners are chosen from entries submitted by the nation's 1,000 largest and most prestigious [...] Read more

Visa & MasterCard: Issuers May Release Identity of Breached Merchants

Written by
In two letters sent to Diana Dykstra, the President and CEO of the California and Nevada Credit Union Leagues, both MasterCard and Visa have confirmed that, under their network rules, card issuers are permitted to disclose the identities of merchants involved in data breaches in certain circumstances. In MasterCard’s letter dated June 3, 2015, Eileen S. Simon, the Chief Franchise Integrity Officer at MasterCard, stated, “[N]othing in our contracts or network rules prohibits a financial institution from identifying a breached merchant when reissuing a payment card to a customer . . . [s]hould [...] Read more

Kim Peretti and Jason Wool co-author CIO Insight article on Cyber-Risk Management

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, and Jason Wool, an associate in the firm’s Technology and Privacy Group and Security Incident Management & Response Team, along with Kiersten Todt and Roger Cressey of Liberty Group Ventures, LLC, coauthored the CIO Insight article, “Five Steps to Strengthening Cyber-Defenses.” In the article, Peretti et al discuss five risk management steps that companies can take to better manage cyber-risk and reduce their liability exposure after a breach occurs.  These steps include changing corporate culture [...] Read more

European Data Protection Supervisor Releases Opinion on Mobile Health

Written by
The European Data Protection Supervisor (“EDPS”), Giovanni Buttarelli, has published an opinion on Mobile Health (“mHealth”); a rapidly evolving sector that stems from the convergence of healthcare and information communication technology.  mHealth includes mobile applications designed to provide health-related services through smart devices by processing personal information about an individual’s health, well-being, and lifestyle. The opinion discusses the growing ubiquity of mHealth, which in large part is due to the proliferation of smartphones and wearable computing devices.  [...] Read more

FCC’s TCPA Ruling Delivers Blow To Businesses

Written by and
The FCC today approved a Declaratory Ruling and Order resolving approximately 20 pending petitions seeking clarification of a variety of items relating to the federal Telephone Consumer Protection Act (TCPA). The Commission’s Order expands consumer rights and protections at the expense of legitimate businesses that use modern technologies responsibly to reach consumers. At today’s Open Commission Meeting, the FCC confirmed adoption of proposals that Chairman Tom Wheeler outlined at the end of March. In particular, the FCC ruled that: Carriers and service providers may implement call [...] Read more

Oregon Updates and Expands Data Breach Statute

Written by
Oregon has updated its data breach notification statute to broaden the definition of personal information that will trigger notice to individuals and add the requirement to notify the state’s Attorney General of certain breaches. Oregon Governor Kate Brown signed into law SB601 on June 10, and it was enrolled on June 15. The bill updates the Oregon Consumer Identity Theft Protection Act of 2007 (the “Act”). The changes to the Act become effective on January 1, 2016 and apply only to data breaches that occur on or after that date. The expanded definition of “personal information” that [...] Read more

Alston & Bird partners Teri McMahon and Dominique Shelton discuss updates to M&A and privacy & data security practice areas at ACC Israel Annual Event

Written by
On June 16, 2015, Alston & Bird partners Teri McMahon and Dominique Shelton made presentations on current issues of the M&A and privacy and data security practice areas at the ACC Israel Annual Event. The event, attended by over 200 attorneys from Israel and around the world, focused on trending global mergers & acquisitions issues. Teri McMahon discussed trends in M&A with a particular focus on rep and warranty insurance, and Dominique Shelton explained today’s privacy and data security regulatory and litigation landscape and how it affects companies engaging in M&A [...] Read more

Connecticut Passes Bill to Require Identity Theft Protection Services In Certain Breaches

Written by
On June 11, Connecticut SB949 became a Public Act, after being passed by both chambers of the state legislature. Governor Dannel Malloy can now either sign the bill or take no action for it to become law. SB949 will, among other provisions, require companies that experience a security breach requiring notice to individuals under Connecticut law and involving the individual’s Social Security Number to offer “applicable identity theft prevention services, and, if applicable, identity theft mitigation services” at no cost for at least twelve months. This requirement will take effect on October [...] Read more