FCC Advisory Group Issues Cyber Risk Management Report

Written by
On March 18, the Federal Communications Commission (“FCC”) approved the Final Report on cybersecurity risk management and best practices issued by Working Group 4 (“WG4”) of its Communications, Security, Reliability, and Interoperability Council (“CSRIC”).  The CSRIC, currently in its fourth assembly, is an advisory committee tasked with providing recommendations to the FCC to achieve “among other things, optimal security and reliability of communications systems…”  The report was created in response to WG4’s mission to “develop voluntary mechanisms to provide macro-level [...] Read more

FTC Finalizes Order With TRUSTe On Privacy Seal Program

Written by
The Federal Trade Commission (FTC) has issued its final decision and order arising from its previously-disclosed settlement with TRUSTe stemming from the FTC’s complaint alleging that TRUSTe failed to conduct promised annual recertification of companies participating in its privacy seal program more than 1,000 times between 2006 and 2013. The complaint also alleged that TRUSTe misrepresented its status as a non-profit entity. The decision and order was finalized after a four-month public comment period. The decision and order was finalized without any changes from the settlement proposed in [...] Read more

California Health Care Facility Breach Statute Updated: Changes Effective Now

Written by
As a result of recent breaches – including breaches of health information and information held by health insurers – a great deal of attention has recently been focused on state data breach notification requirements. Most States have general data breach notification requirements that apply to all data breaches, including those involving health information. A few States have specific data breach laws applicable to health information or to certain types of entities in the health care/health insurance industry. California is one of such States – and it has made several significant revisions to [...] Read more

Montana Broadens Data Breach Notification Law

Written by
Montana has amended the state’s data breach notification law to both broaden the definition of “personal information” that triggers individual notice and to require notice to the state’s attorney general. The changes become effective on October 1, 2015. Montana has joined several other states, including California and Florida, that include medical-related information in the definition of personal information. Montana’s statute specifies that the medical information that would trigger individual notice, in combination with an individual’s full name or first initial and last name, [...] Read more

Third Circuit Questions FTC’s Data Security Authority

Written by
On March 3, 2015, the Third Circuit heard oral argument in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) on the issue of whether the FTC has the authority to regulate private companies’ data security under Section 5 of the FTC Act. This appeal arises out of the District Court’s holding that the unfairness prong of Section 5 provides the FTC with the authority to regulate data security in the private sector.  (Previously reported here).  In its appellate briefs and at oral argument, the FTC argued that the district court got it right, noting that the FTC Act’s legislative history [...] Read more

White House Releases Consumer Privacy Bill of Rights

Written by
On February 27, 2015, the Obama Administration released a discussion draft of the Consumer Privacy Bill of Rights Act of 2015 (the “Privacy Act”), holding true to President Barack Obama’s commitment in 2012 to introduce legislation to put the Privacy Act’s principles into law.  The Privacy Act is intended to “establish baseline protections for individual privacy in the commercial arena and to foster timely, flexible implementation of [the] protections through enforceable codes of conduct.” The Privacy Act seeks to regulate a broad variety of covered entities, which are persons that [...] Read more

White House Releases Report on Big Data and Differential Pricing

Written by
The White House Council of Economic Advisors recently released a report titled “Big Data and Differential Pricing.” “Differential pricing” refers to the practice of charging different prices to different groups of people for the same (or similar) products or services. The White House report explores the uses of big data for differential pricing, including the potential benefits or harms to consumers. The report follows the release of an earlier 2014 report on big data by the White House. Reviewing the economics of differential pricing, the recent report points out that many forms of [...] Read more

Peter Swire Honored with IAPP Privacy Leadership Award

Written by
Peter Swire, Georgia Institute of Technology Scheller College of Business professor and senior counsel in Alston & Bird’s Privacy & Data Security Group, was honored with the 2015 Privacy Leadership Award from The International Association of Privacy Professionals (IAPP). Swire is recognized for his commitment to the privacy field in tackling emerging privacy and security issues in public policy, academia and industry. The annual IAPP Privacy Leadership Award recognizes a leader in the field of privacy and data protection who has demonstrated an ongoing commitment to furthering [...] Read more

Webinar: Advising the C-Suite and Boards of Directors on Cybersecurity

Written by
On February 11, 2015, Alston & Bird hosted a webinar entitled “Advising the C-Suite and Boards of Directors on Cybersecurity.” Panelists included Alston & Bird attorneys Jessica Corley, Scott Ortwein and Kim Peretti, with Jim Harvey as the moderator. The cybersecurity legal landscape is rapidly unfolding due to the mass number of companies whose systems, data, and assets are networked and connected to the internet, as well as the surge of unprecedented attacks. Cybersecurity is no longer solely a concern for a company’s CIO or CISO, but also a concern for all members of the c-suite [...] Read more

Alston & Bird Privacy Program: An Interactive Discussion on How EU Data Laws are Undergoing Profound Changes

Written by
On February 4, Alston & Bird’s Los Angeles office hosted a presentation on EU data laws and US data laws with two leading experts from Olswang LLP, Ross McKean and Andreas Splittgerber. Alston’s Dominique Shelton moderated while McKean and Splittgerber shared their views on the profound changes occurring in EU data protection laws. It was a lively discussion that included the ramifications of the Google Spain decision and looked ahead to the upcoming EU Data Protection Regulation. The discussion provided a valuable opportunity to consider how U.S. companies can comply with the relevant [...] Read more