With the European Commission’s (“EC”) approval of the U.S.-EU Privacy Shield Framework (“Privacy Shield) on July 12, 2016, many companies are rushing to self-certify to the new compliance mechanism for personal data transfers from Europe to the United States. By certifying in the first two months – by September 30, 2016 – organizations can take advantage of a nine-month grace period from the date they certify to bring their existing commercial relationships and agreements with third parties into conformity with the Accountability for Onward Transfer Principle.

A key European Union committee with responsibility for privacy determinations today approved the new EU-US Privacy Shield. With that approval, formal adoption by the European Commission is expected next week.

Over the past two decades, the Department of Transportation and the automotive industry have worked together to develop a framework identifying the types of services and devices that are integral to the development of a connected and intelligent transportation system. Such services include collision avoidance systems to reduce motor vehicle accidents, and automated electronic payment systems to facilitate the payment of tolls and gas.

In Spokeo, Inc. v. Robins, the Supreme Court confirmed the power of the word “and.” In a six to two decision, the Court confirmed that to satisfy the “injury-in-fact” prong of the three-part test to establish Article III standing, plaintiffs must show that the injury was both “concrete” and “particularized.”

Yesterday, the Federal Trade Commission (“FTC” or the “Commission”) accepted, subject to final approval, a consent agreement to settle charges that a hand-held vaporizer manufacturer misrepresented its participation in the Asia-Pacific Economic Cooperation (“APEC”) Cross Border Privacy Rules (“CBPR”) system.

Yesterday, in a 3-2 party-line vote, the Federal Communications Commission (“FCC”) adopted a Notice of Proposed Rulemaking (“NPRM”) proposing new rules to regulate how broadband Internet service providers (“ISPs”) collect, use, and protect personal information about their customers.

On March 2, the Consumer Financial Protection Bureau (the “Bureau”) announced enforcement action against online payment processor, Dwolla Inc. (“Dwolla”). This is the Bureau’s first enforcement action related to data security pursuant to its authority to prohibit unfair, deceptive, and abusive acts and practices (“UDAAP”).

Companies around the globe increasingly are collecting ever-greater volumes of sensitive personal information from their customers for business and competitive purposes. If improperly stored, used, stolen, or shared, this information can have devastating reputational and financial consequences. This makes privacy, cybersecurity, and data management critical issues for senior management, board members, and general counsel to understand in order to effectively manage risk.

Congress has taken a critical step in implementing its obligations under the recently announced EU-U.S. Privacy Shield through Wednesday night’s passage of the Judicial Redress Act in the House of Representatives.