Alston & Bird Attorneys Honored with 2015 Burton Award

Written by
Partners Kimberly Peretti and Jessica Corley, Senior Associate Kelley Barnaby, and Associate Lauren Tapson were honored with a 2015 Burton Award for Legal Achievement for their analysis of the corporate governance risks associated with cyber-attacks and the critical role played by boards of directors in addressing those risks. William Burton, author of Burton’s Legal Thesaurus, started the Burton Awards in 1999 to honor clarity, knowledge, and innovation demonstrated in a published legal article.  The winners are chosen from entries submitted by the nation's 1,000 largest and most prestigious [...] Read more

Visa & MasterCard: Issuers May Release Identity of Breached Merchants

Written by
In two letters sent to Diana Dykstra, the President and CEO of the California and Nevada Credit Union Leagues, both MasterCard and Visa have confirmed that, under their network rules, card issuers are permitted to disclose the identities of merchants involved in data breaches in certain circumstances. In MasterCard’s letter dated June 3, 2015, Eileen S. Simon, the Chief Franchise Integrity Officer at MasterCard, stated, “[N]othing in our contracts or network rules prohibits a financial institution from identifying a breached merchant when reissuing a payment card to a customer . . . [s]hould [...] Read more

Kim Peretti and Jason Wool co-author CIO Insight article on Cyber-Risk Management

Written by
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, and Jason Wool, an associate in the firm’s Technology and Privacy Group and Security Incident Management & Response Team, along with Kiersten Todt and Roger Cressey of Liberty Group Ventures, LLC, coauthored the CIO Insight article, “Five Steps to Strengthening Cyber-Defenses.” In the article, Peretti et al discuss five risk management steps that companies can take to better manage cyber-risk and reduce their liability exposure after a breach occurs.  These steps include changing corporate culture [...] Read more

European Data Protection Supervisor Releases Opinion on Mobile Health

Written by
The European Data Protection Supervisor (“EDPS”), Giovanni Buttarelli, has published an opinion on Mobile Health (“mHealth”); a rapidly evolving sector that stems from the convergence of healthcare and information communication technology.  mHealth includes mobile applications designed to provide health-related services through smart devices by processing personal information about an individual’s health, well-being, and lifestyle. The opinion discusses the growing ubiquity of mHealth, which in large part is due to the proliferation of smartphones and wearable computing devices.  [...] Read more

FCC’s TCPA Ruling Delivers Blow To Businesses

Written by and
The FCC today approved a Declaratory Ruling and Order resolving approximately 20 pending petitions seeking clarification of a variety of items relating to the federal Telephone Consumer Protection Act (TCPA). The Commission’s Order expands consumer rights and protections at the expense of legitimate businesses that use modern technologies responsibly to reach consumers. At today’s Open Commission Meeting, the FCC confirmed adoption of proposals that Chairman Tom Wheeler outlined at the end of March. In particular, the FCC ruled that: Carriers and service providers may implement call [...] Read more

Oregon Updates and Expands Data Breach Statute

Written by
Oregon has updated its data breach notification statute to broaden the definition of personal information that will trigger notice to individuals and add the requirement to notify the state’s Attorney General of certain breaches. Oregon Governor Kate Brown signed into law SB601 on June 10, and it was enrolled on June 15. The bill updates the Oregon Consumer Identity Theft Protection Act of 2007 (the “Act”). The changes to the Act become effective on January 1, 2016 and apply only to data breaches that occur on or after that date. The expanded definition of “personal information” that [...] Read more

Alston & Bird partners Teri McMahon and Dominique Shelton discuss updates to M&A and privacy & data security practice areas at ACC Israel Annual Event

Written by
On June 16, 2015, Alston & Bird partners Teri McMahon and Dominique Shelton made presentations on current issues of the M&A and privacy and data security practice areas at the ACC Israel Annual Event. The event, attended by over 200 attorneys from Israel and around the world, focused on trending global mergers & acquisitions issues. Teri McMahon discussed trends in M&A with a particular focus on rep and warranty insurance, and Dominique Shelton explained today’s privacy and data security regulatory and litigation landscape and how it affects companies engaging in M&A [...] Read more

Connecticut Passes Bill to Require Identity Theft Protection Services In Certain Breaches

Written by
On June 11, Connecticut SB949 became a Public Act, after being passed by both chambers of the state legislature. Governor Dannel Malloy can now either sign the bill or take no action for it to become law. SB949 will, among other provisions, require companies that experience a security breach requiring notice to individuals under Connecticut law and involving the individual’s Social Security Number to offer “applicable identity theft prevention services, and, if applicable, identity theft mitigation services” at no cost for at least twelve months. This requirement will take effect on October [...] Read more

The Digital Single Market Strategy and EU Data Security Policies

Written by
The landscape of data security regulation within the European Union will likely change drastically over the next few years.  In just the latest indicator of this regulatory revolution, the European Commission adopted on May 6, 2015 the heavily anticipated Digital Single Market (DSM) strategy, a multifaceted package of initiatives aimed at reducing or eliminating barriers to online commerce within the EU.  The DSM strategy includes components explicitly directed towards data security, as security concerns could undermine parts of its core mission. The DSM strategy consists of 16 initiatives [...] Read more

Peter Swire on Passage of USA FREEDOM Act

Written by
In an article published yesterday, Peter Swire reviews the recent passage of the USA FREEDOM Act. Perhaps most notably, the Act eliminates the bulk collection of telephone metadata by the National Security Agency. Swire calls the Act, “the biggest pro-privacy change to U.S. intelligence law since the original enactment of the Foreign Intelligence Surveillance Act in 1978.” As one of five members of President Obama’s Review Group on Intelligence and Communications Technology formed in the wake of the Edward Snowden revelations, Swire identifies the “close fit between Review Group recommendations [...] Read more