Cybersecurity Archives - OF DIGITAL INTEREST

Cybersecurity

Upcoming FTC Workshop on Informational Harm | Next Brushstrokes on the FTC’s Consumer Privacy and Security Enforcement Canvas

by McDermott Will & Emery and Bernadette M. Broccolo | Oct 25, 2017 | Consumer Protection, Cybersecurity, Data Privacy, Telehealth

On September 29, the Federal Trade Commission (FTC) formally announced a December 12th workshop on informational injury—the injury a consumer suffers when information about them is misused. The workshop will address questions such as, how to characterize and measure such injury and what factors businesses and consumers should consider the benefits and risks of collecting, using and providing personal information so as to gain further perspective for how the FTC should apply its legal framework for privacy and security enforcement under 15 USC § 45 (Section 5). In her September 19th remarks to the Federal Communications Bar Association, Commissioner Maureen Ohlhausen, the Acting Chairman of the FTC, metaphorically characterized the workshop’s purpose as providing the next brushstrokes on the unfinished enforcement landscape the FTC is painting on its legal framework canvas. The full list of specific questions to be addressed may be accessed here.

Background. The FTC views itself as the primary US enforcer of data privacy and security, a role it recently assumed. While the FTC’s enforcement against practices causing informational injury through administrative proceedings goes back as far as 2002, its ability to pursue corporate liability for data security and privacy practices under its Section 5 “unfair or deceptive trade practices” jurisdiction was only ratified in 2015 by the US Court of Appeals for the Third Circuit in FTC v. Wyndham Worldwide Corporation. The FTC has actively invoked its enforcement authority but, in doing so, has been selective in determining which consumer informational injuries to pursue by questioning the strength of evidence connecting problematic practices with the injury, examining the magnitude of the injury and inquiring as to whether the injury is imminent or has been realized. (more…)

China Data Protection Enforcement Update – A Focus on Platform Content

by Eileen Li and Jared T. Nelson | Oct 19, 2017 | Cybersecurity, General Interest

Following the first enforcement actions by local authorities in Shantou and Chongqing for violations of the new Network Security Law that came into effect this year, authorities in China have recently shown a clear initial focus with several new cases targeting provisions of the law that require monitoring of platform content. As of the start of October 2017, enforcement actions by authorities in China have targeted platform content violations in nearly 70 percent of all actions under the new provisions of the data protection rules.

(more…)

Irish Court Casts Serious Doubt on EU Model Clauses

by Amy C. Pimentel, Katherine F. Froelicher, Michael G. Morgan, Mark E. Schreiber and Romain Perray | Oct 17, 2017 | Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield

The validity of Model Clauses for EU personal data transfer to the United States is now in real doubt as a result of a new Irish High Court judgment stating that there are “well founded grounds” to find the Model Clauses invalid. The issue of Model Clauses as a legitimate data transfer mechanism will now be adjudicated by the European Court of Justice (ECJ), the same court that previously overturned the Safe Harbor arrangement. EU and US companies will need to consider various strategies in anticipation of this decision.

The Department of Transportation Helps Clear the Road for Autonomous Vehicles

by Amy C. Pimentel, Michael G. Morgan and William M. Friedman | Sep 27, 2017 | Cybersecurity, Data Privacy, General Interest

The US Department of Transportation’s National Highway Traffic Safety Administration recently released A Vision for Safety 2.0, an update to its prior guidance on automated driving systems. The new guidance adopts a voluntary, flexible approach to regulation of automated driving systems and clarifies that it alone, and not the states, is responsible for regulating the safety design and performance aspects of such systems.

Continue Reading

New York’s Cybersecurity Requirements Pose Multi-Year Compliance Challenges

by McDermott Will & Emery, Michael G. Morgan, Mark E. Schreiber and Scott Weinstein | Sep 20, 2017 | Cybersecurity, Data Privacy

New cybersecurity regulations issued by the NYDFS define the nonpublic information they regulate in exceptionally broad terms. This expanded definition of Nonpublic Information will create major challenges for regulated companies and their third-party service providers that will likely ripple through other ancillary industries.

Artificial Intelligence in Health Care: Framework Needed

by McDermott Will & Emery and Dale C. Van Demark | Sep 15, 2017 | Advertising & Marketing, Cybersecurity, Data Privacy, General Interest, Telehealth

Although the incorporation of technology into human endeavours—commercial, political and personal—is a normal component of technological innovation, the advent of artificial intelligence technology is producing significant challenges we have not felt or understood with earlier innovations. For many years, for example, there has been speculation, research and public debate about the impact of the internet, the functioning of search engines, and online advertising techniques on commercial and political decisions.

The alleged “hacking” of the 2016 US presidential election, and the concerns about such activities in the 2017 European elections, will only heighten the interweaving discussions on free speech, national sovereignty, cyber security and the nature of privacy.

The use of artificial intelligence and machine-learning technologies has only added to the list of issues and areas of concern. The consequences of automobile accidents involving “self-driving” technologies, the “flash crashes” on securities markets due to algorithmic trading, and bias in systems designed to determine benefit eligibility, are requiring us to consider what happens when we defer judgment to machines, and highlighting the importance of quality in data sets and sensors.

Read Full International News, Fall 2017

New Cybersecurity Report Asks the Private Sector to Join Forces with the Government

by Michael G. Morgan | Sep 13, 2017 | Cybersecurity, Data breach, Data Privacy, General Interest

The government is continuing to ask for more help from the private sector to defend against cyber attacks. The National Infrastructure Advisory Council (NIAC) recently published a report discussing current cyber threats and urging private companies and executives to join forces with the government to better address those threats. The report proposes “public-private and company-to-company information sharing of cyber threats at network speed,” among other things discussed here.

Continue Reading

UK Government Issues Cybersecurity Guidance for Connected and Automated Vehicles

by Michael G. Morgan | Sep 13, 2017 | Cloud, Consumer Protection, Cybersecurity, Data Privacy, General Interest

On 6 August 2017, the UK government released ‘The Key Principles of Vehicle Cyber Security for Connected and Automated Vehicles’, guidance aimed at ensuring minimum cybersecurity protections for consumers in the manufacture and operation of connected and automated vehicles.

Connected and automated vehicles fall into the category of so-called ‘smart cars’. Connected vehicles have gained, and will continue to gain, adoption in the market and, indeed, are expected to make up more than half of new vehicles by 2020. Such cars have the ability through the use of various technologies to communicate with the driver, other cars, application providers, traffic infrastructure and the Cloud. Automated vehicles, also known as autonomous vehicles, include self-driving features that allow the vehicle to control key functions–like observing the vehicle’s environment, steering, acceleration, parking, and lane changes–that traditionally have been performed by a human driver. Consumers in certain markets have been able to purchase vehicles with certain autonomous driving features for the past few years, and vehicle manufacturers have announced plans to enable vehicles to be fully self-driving under certain conditions, in the near future.

(more…)

Regulating the Internet of Toys

by Amy C. Pimentel | Jul 28, 2017 | Consumer Protection, Cybersecurity, Data Privacy, General Interest

New technologies and the expansion of the Internet of Things have allowed children of this generation to experience seamless interactive technologies through microphones, GPS devices, speech recognition, sensors, cameras and other technological capabilities. These advancements create new markets for entertainment and education alike and, in the process, collect endless amounts of data from children–from their names and locations to their likes/dislikes and innermost thoughts.

The collection of data through this Internet of Toys is on the tongues of regulators and law enforcement, who are warning parents to be wary when purchasing internet-connected toys and other devices for children. These warnings also extend to connected toy makers, urging companies to comply with children’s privacy rules and signaling that focused enforcement is forthcoming.

Federal Trade Commission Makes Clear That Connected Toy Makers Must Comply with COPPA

On June 21 2017, the Federal Trade Commission (FTC) updated its guidance for companies required to comply with the Children’s Online Privacy and Protection Act (COPPA) to ensure those companies implement key protections with respect to Internet-connected toys and associated services. While the FTC’s Six Step Compliance Plan for COPPA compliance is not entirely new, there are a few key updates that reflect developments in the Internet of Toys marketplace. (more…)

China’s Network Security Law Comes into Effect: What It Means for Your Company

by Jared T. Nelson and Jenny Z.N. Chen | Jun 1, 2017 | Cybersecurity, General Interest

Today, China’s much anticipated Network Security Law comes into effect after two years of review, revisions over three drafts and a public commenting process. The law is a historical development for China’s legislative coverage of information security and data protections. It also represents one of the strictest approaches in any jurisdiction worldwide, and a continuation of a broader effort at demonstrating the government’s cyber-sovereignty goals through control and regulation of data and the internet.

Overview of the Network Security Law

Commonly referred to as the “Cybersecurity Law,” the new piece of legislation has a broad scope and covers a range of issues related to data privacy, security and cross-border transfers, including:

Increasing security measures and strengthening data security through a variety of specific obligations
Ensuring consent for collection of personal information through the principles of legality, proper justification and necessity
Screening equipment and products for security testing and certification
Ensuring real-name registration for users
Strengthening requirements to cooperate with government agencies during criminal investigations or to protect national security
Requiring personal information to be stored in China under some circumstances
Increasing confidentiality measures for user information
Setting up a complaint and reporting platform for network security

(more…)