Third Circuit Affirms FTC’s Authority to Regulate Data Security

Written by
On August 24, 2015, the Third Circuit affirmed U.S. District Court Judge Esther Salas’ April 2014 ruling in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) that the FTC has the authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act. (Prior blog posts on this case can be found here and here).  In this highly anticipated precedential opinion, the Court decided that Wyndham’s cybersecurity practices as alleged by the FTC fit the definition of “unfair” when compared with its stated security policies.  In doing so, the Court rejected Wyndham’s [...] Read more

Illinois Governor Vetoes Data Protection Bill; Suggests Revisions

Written by
Illinois Governor Bruce Rauner vetoed a bill amending the state’s data breach notification law on August 21, 2015, saying in a letter to the General Assembly that the bill “goes too far, imposing duplicative and burdensome requirements that are out-of-step with other states.”  The bill, S.B. 1833, would have amended Illinois’ Personal Information Protection Act (“PIPA”).  Gov. Rauner took issue only with a few specific provisions and promised to sign the bill if the issues were addressed by the General Assembly. In particular, the Governor disagreed with the addition of “consumer [...] Read more

Alston & Bird Privacy Attorneys Named to The Best Lawyers in America 2016 List

Written by
Jim Harvey, David Keating, and Dominique Shelton, partners in Alston & Bird’s Privacy & Data Security Group, have been named to the 2016 edition of The Best Lawyers in America. First published in 1983, Best Lawyers is based on a peer-review survey in which more than 50,000 leading attorneys cast more than 5.5 million votes on the legal abilities of other lawyers in their practice areas. Best Lawyers lists are re-published in top-tier business and legal publications such as The Washington Post, The Wall Street Journal, The New York Times and The American Lawyer. To see the full list [...] Read more

Dominique Shelton Named to “Most Influential Lawyers in White Collar & Cyber Crimes Law” by LA Business Journal

Written by
Dominique Shelton, partner in Alston & Bird’s Privacy & Data Security Group, was named to the Los Angeles Business Journal’s “Most Influential Lawyers in White Collar & Cyber Crimes Law” of 2015. Described by the publication as “one of the top practitioners dealing with privacy and cyber law, with particular focus on the media and entertainment industry,”  Shelton is one of only 25 attorneys in Los Angeles County to be honored for having demonstrated outstanding leadership in their fields. In 2014, Shelton was named one of the “Most Influential Lawyers: Digital [...] Read more

FCC Corrects July 10, 2015 TCPA Order

Written by
This week, the FCC issued the following correction of its July 10, 2015 Order on the Telephone Consumer Protection Act (“TCPA”): In Paragraph 100, the fourth sentence is corrected to read as follows: “It follows that the rule applies per call and that telemarketers should not rely on a consumer’s written consent obtained before the current rule took effect if that consent does not satisfy the current rule.”  The paragraph had previously stated, incorrectly, “if that consent does satisfy the current rule.” The message in the correction is clear: Any caller must have obtained [...] Read more

Swire on the Declining Half-Life of Secrets

Written by
On Friday, Peter Swire released his new paper titled “The Declining Half-Life of Secrets.” In this paper, Swire examines the challenges faced by the national security and signals intelligence communities in maintaining secrets. Swire’s paper explains why intelligence operations will continue to face ‘leaks’ given the pervasiveness and power of modern computing and the internet, the libertarian ethos of many information technology workers, and the changing nature of signals intelligence work. Within this context, Swire recommends that policy should focus on the ‘when’ (and not the [...] Read more

Amended Washington Data Breach Law Requires Attorney General Notification, Imposes 45-Day Notice Time Limit

Written by
Earlier this year, Washington passed an amended version of its data breach notification law, which goes into effect Friday July 24, 2015.  Washington’s updated breach notification statute will now, among other things, require compromised entities to notify the state Attorney General (AG) in some circumstances, and require notification to both consumers and, as applicable, the state AG within 45 days of discovering a breach.  Washington’s amended statute adds to the chorus of states that have updated their breach notification laws in 2015, including Connecticut, Montana, Nevada, North Dakota, [...] Read more

PCI Security Standards Council Issues New Supplementary Compliance Requirements for the Data Security Standard

Written by
The Payment Card Industry (“PCI”) Security Standards Council (“SSC”) recently published a supplement to the PCI Data Security Standard (“DSS”) that will require certain Designated Entities to comply with an additional set of compliance-based requirements.  The additional requirements, called the “Designated Entities Supplemental Validation,” or DESV, are designed to “help organizations make payment security part of everyday business practice” and are “intended to provide greater assurance that PCI DSS controls are maintained effectively and on a continuous basis through validation [...] Read more

Canadian Parliament Amends PIPEDA with the Digital Privacy Act

Written by
On June 18, 2015, the Canadian Parliament passed into law the Digital Privacy Act (the “Act”), which amends Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA applies to businesses in every Canadian province except British Columbia, Alberta and Quebec; however, businesses in those provinces may become subject to PIPEDA if they operate in federally-regulated sectors or if personal information that originated in their province crosses provincial borders.  Although many of the Act’s provisions will come into force on [...] Read more

FCC TCPA Order has Harsh Impact on Businesses

Written by
On July 10, 2015, the FCC entered its long awaited Order on 21 petitions seeking clarification on a number of issues related to the federal Telephone Consumer Protection Act (“TCPA”).  A copy of the complete Order is available here https://www.fcc.gov/document/tcpa-omnibus-declaratory-ruling-and-order.  The Order is consistent with comments that the FCC made during its open hearing on June 18, 2015.  For businesses that place autodialed calls or calls that use an artificial or prerecorded voice, be it for telemarketing or other purposes, the key takeaways from the new Order are as follows: First, [...] Read more