PH Privacy

72-Hour Cyberattack Reporting Rule for Federal Government Contractors Finalized
The Department of Defense has promulgated a new rule, effective November 3, 2016, that requires federal defense contractors and subcontractors to report within 72 hours any cyber incidents “that result in an actual or potentially adverse effect on a covered contractor information system” (or “covered defense information residing therein”), or that affect “a contractor’s ability to provide operationally critical support.” The rule also establishes eligibility criteria for participation in the DoD’s voluntary Defense Industrial Base Cyber Security Program for sharing cyber threat information and cybersecurity best practices with program participants.
Clarifying Two Areas of Confusion on Privacy Shield: September 30, 2016, Deadline & Effect on Swiss Safe Harbor
With the European Commission’s (“EC”) approval of the U.S.-EU Privacy Shield Framework (“Privacy Shield) on July 12, 2016, many companies are rushing to self-certify to the new compliance mechanism for personal data transfers from Europe to the United States. By certifying in the first two months – by September 30, 2016 – organizations can take advantage of a nine-month grace period from the date they certify to bring their existing commercial relationships and agreements with third parties into conformity with the Accountability for Onward Transfer Principle.
Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification
On July 8, 2016, the EU Member States approved the EU-U.S. Privacy Shield, and the European Commission subsequently adopted it on July 12, 2016. With the U.S. Department of Commerce accepting certifications starting August 1, 2016, Privacy Shield will replace Safe Harbor as a compliance mechanism for personal data transfers from Europe to the United States (or a key component of a global data transfer strategy).
Privacy Shield Set For Formal Adoption Next Week: Beyond That, The Future Is Cloudy
A key European Union committee with responsibility for privacy determinations today approved the new EU-US Privacy Shield. With that approval, formal adoption by the European Commission is expected next week.
Public Interest Group Asks FCC to Pause Connected Car Spectrum Usage over Privacy and Cybersecurity Concerns
Over the past two decades, the Department of Transportation and the automotive industry have worked together to develop a framework identifying the types of services and devices that are integral to the development of a connected and intelligent transportation system. Such services include collision avoidance systems to reduce motor vehicle accidents, and automated electronic payment systems to facilitate the payment of tolls and gas.
No Safe Harbor In Germany—First Fines Imposed For Relying On Safe Harbor For Data Transfers
The Safe Harbor provision has finally set sail. On Monday, the Hamburg Data Protection Authority (“Hamburg DPA”) announced that it has fined three companies an aggregate total of €28,000 ($31,928) for continuing to operate under the U.S.-E.U. Safe Harbor Framework. This is the first enforcement action by any European country since the European Court of Justice (“CJEU”) invalidated the Safe Harbor last October.
Spokeo and Article III Standing: You May Be Particularized But Are You Concrete?
In Spokeo, Inc. v. Robins, the Supreme Court confirmed the power of the word “and.” In a six to two decision, the Court confirmed that to satisfy the “injury-in-fact” prong of the three-part test to establish Article III standing, plaintiffs must show that the injury was both “concrete” and “particularized.”
FTC’s First Foray into APEC Cross-Border Privacy Rules: Settlement Reached
Yesterday, the Federal Trade Commission (“FTC” or the “Commission”) accepted, subject to final approval, a consent agreement to settle charges that a hand-held vaporizer manufacturer misrepresented its participation in the Asia-Pacific Economic Cooperation (“APEC”) Cross Border Privacy Rules (“CBPR”) system.
FCC Seeks Comments on New Privacy Rules for Broadband ISPs
Yesterday, in a 3-2 party-line vote, the Federal Communications Commission (“FCC”) adopted a Notice of Proposed Rulemaking (“NPRM”) proposing new rules to regulate how broadband Internet service providers (“ISPs”) collect, use, and protect personal information about their customers.
CFPB’s First Foray Into Data Security Makes $100,000 Splash
On March 2, the Consumer Financial Protection Bureau (the “Bureau”) announced enforcement action against online payment processor, Dwolla Inc. (“Dwolla”). This is the Bureau’s first enforcement action related to data security pursuant to its authority to prohibit unfair, deceptive, and abusive acts and practices (“UDAAP”).
1 2 3 4 5 6 7 8