The United States and the European Union announced in February their intent to launch negotiations this year on a far-reaching trade and investment partnership agreement. Negotiations on the treaty, known as “TTIP”, should commence in June following a Congressional and public consultation period in the United States, and a parallel process in the EU whereby the European Commission will obtain a formal mandate from the 27 EU member states. Differences in data privacy and protection between the US and EU have already arisen as an issue of contention as governments labor to construct a bilateral negotiating agenda.

Senior U.S. officials, including outgoing U.S. Trade Representative Ron Kirk and Deputy National Security Adviser Michael Froman have both commented publicly that rules on cross-border data flows should be up for negotiation in the TTIP, responding to interest from US industry to liberalize data flows not only across the Atlantic Ocean, but also between various EU member state markets.

Read More

Last evening, President Obama announced in his televised State of the Union Address to Congress that he had signed an Executive Order earlier in the day to direct federal departments and agencies to adopt and implement new cybersecurity initiatives for the purpose of protecting our nation’s critical infrastructure. A legislative response from Congress is anticipated as early as today and we will provide subsequent updates. Please see our Cyber Alert for additional information on the Executive Order in the format of responses to frequently asked questions. Additionally, the White House issued a Presidential Policy Directive (PPD) on Critical Infrastructure Security and Resilience (which updates HSPD 7) to complement the Order. The press release on the Order and a fact sheet on the new PPD are linked below:

• White House Cybersecurity Executive Order - Press Release
• White House Cybersecurity Presidential Policy Directive - Fact Sheet

Written by Paul Martino and Todd McClelland, Partners, Security Incident Management & Response Team| Alston & Bird LLP

Chief executives of each of the Fortune 500 companies will soon receive a letter from Senator John D. Rockefeller IV (D-W.Va.) asking them to describe how their companies address computer network security, or “cybersecurity.” In the letter, Senator Rockefeller explains that he is addressing Fortune 500 companies directly because of the recent stalling of the Cybersecurity Act (S. 3414) in the U.S. Senate.

Read More

This afternoon, Senators John McCain (R-AZ), Kay Bailey Hutchison (R-TX), Chuck Grassley (R-IA), Saxby Chambliss (R-GA), Lisa Murkowski (R-AK), Dan Coats (R-IN), Ron Johnson (R-WI), and Richard Burr (R-NC) reintroduced the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act, which now bears the number S. 3342.

Read More

Today the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “The Need for Privacy Protections: Perspectives from the Administration and the Federal Trade Commission.” The hearing examined the need for privacy legislation and the recent privacy reports from the White House and the Federal Trade Commission. Testifying on behalf of the federal government were Cameron Kerry, General Counsel at the Department of Commerce, Jon Leibowitz, Chairman of the Federal Trade Commission (FTC), and Maureen Ohlhausen, FTC Commissioner. The witness statements and an archive of the hearing webcast may be found here.

Written by Paul Martino, Partner | Alston & Bird LLP

Today the Obama Administration issued a Statement of Administration Policy (SAP) opposing the principal House cybersecurity bill, HR 3523, CISPA (Rogers-Ruppersberger). It states (in its final sentence) that, “if HR 3523 were presented to the President, his senior advisors would recommend he veto the bill.” As much discussed and pointed out in today’s House Rules Committee meeting, this language is not as strong as language that could have been inserted in the SAP to the effect that the President “will veto” the bill if it passes Congress. The bill is scheduled to be taken up on the House floor as early as tomorrow afternoon (with actual timing subject to when the Rules Committee issues a rule on amendments that will be in order). The vote on the amendments and bill are expected to conclude by Friday of this week, before the House begins a week-long recess next week.

Written by Paul Martino, Partner | Alston & Bird LLP

The House will be considering on the floor this week (dubbed “Cyber Week”), the following four cybersecurity bills, as described by Speaker Boehner in a press release last Friday:

• Cyber Intelligence Sharing and Protection Act (H.R. 3523), introduced by Intelligence Committee Chairman Mike Rogers (R-MI), will help private sector job creators defend themselves from attacks from countries like China and Russia by allowing the government to provide the intelligence information needed to protect their networks and their customers’ privacy. The bill also provides positive authority to private-sector entities to defend their own networks and to those of their customers, and to share cyber threat information with others in the private sector, as well as with the federal government on a purely voluntary basis.

Read More

This afternoon the House Republican Cybersecurity Task Force announced a report containing its recommendations on federal cybersecurity legislation pursuant to a request by the House Republican leadership to examine four critical areas: critical infrastructure and incentives, information sharing and public-private partnerships, existing cybersecurity laws, and legal authorities.

Read More

Today the White House released its cybersecurity legislative proposal as required in the Cyberspace Policy Review and in response to a request from Senate Majority Leader Harry Reid (D-Nev.) and six other committee chairs. The fact sheets on the proposal may be found here and here.  Secretary of State Hilary Clinton's remarks may be found here and Attorney General Eric Holder's statement may be found here.

The preeminent privacy issue facing the House Energy and Commerce Committee, Senate Commerce Committee, Federal Trade Commission (“FTC”) and Department of Commerce during the 112th Congress will be defining the proper role of the federal government in setting and regulating consumer privacy standards for all businesses operating in the United States. At the forefront of this issue is whether Congress and Obama Administration departments and agencies can agree upon a general framework and legislative language to regulate the collection, use and disclosure of consumer data by businesses, whether they are operating exclusively online, exclusively offline or in both environments. “Every business that sells to consumers likely collects some data on them that they use to enhance their future product and service offerings in order to grow their revenue and expand their customer base. Over the past two years, Congress has been considering legislation that would establish new rules to regulate this important customer relationship, making consumer privacy legislation in the next Congress one of the key issues with broad applicability to businesses, and one issue to which executives will want to pay close attention,” observed former Senate Majority Leader Bob Dole.

Read More

In light of the significant changes taking place with the new Obama Administration and the new Congress, this advisory outlines some of the key legislative issues the Alston & Bird Legislative and Public Policy Group expects to be considered over the next two years.

The advisory is provided in PDF on the Alston & Bird web site: http://www.alston.com/legislative_advisory_post_election