Today, Alston & Bird issued a Privacy and Security ADVISORY on Russia’s new Data Localization Law will take effect in September, 2015. Penalties for non-compliance can be severe, including suspension of offending websites. Our Privacy & Data Security Group gives details on the law, the compliance challenges facing U.S. companies, and the solutions available to them. […]
Data Security
The FTC Announces It Will Host a “Start with Security” Initiative in September
On May 13, 2015, Federal Trade Commission Chairwoman Edith Ramirez announced that the FTC will host an initiative for its “Start with Security” program in September. The FTC unveiled the “Start with Security” program in March at the IAPP Global Privacy Summit. During the unveiling, FTC Bureau of Consumer Protection Director Jessica Rich stated that […]
Nevada Expands Definition of Personal Information In Data Security Statute
On May 13, Nevada Governor Brian Sandoval signed Assembly Bill 179, which expands the definition of personal information for purposes of Nevada’s data breach notification and data security law. Effective July 1, 2015, personal information will include an individual’s medical identification number or health insurance identification number and a user name, unique identifier or email […]
NAIC Publishes Principles for Effective Cybersecurity
The National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force adopted Principles for Effective Cybersecurity Insurance Regulatory Guidance on April 16, 2015. The document identifies types of safeguards regulators expect insurers to have in place to protect consumers from cybersecurity breaches. The guiding principles are intended to establish insurance regulatory guidance that promotes coordination and […]
FCC Adopts Consent Order with AT&T Over Alleged Data Security Violations
The Federal Communications Commission (FCC) announced on April 8 that it had adopted a consent decree between its Enforcement Bureau and AT&T Services, Inc. (AT&T), including a civil penalty of $25 million and a requirement to adopt a comprehensive compliance plan, among other actions. The consent decree alleges that AT&T “failed to protect the confidentiality” […]