Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Category Archives: Policy and Regulatory Positioning

Subscribe to Policy and Regulatory Positioning RSS Feed

Telephone Surveillance Hang-Ups: Second Circuit Asks Parties in ACLU v. Clapper to Brief Whether the USA Freedom Act Moots Plaintiff’s Claims

Posted in Cyber and National Security, Policy and Regulatory Positioning

Not long after striking down the National Security Agency’s telephone surveillance program in ACLU v. Clapper, the Second Circuit is asking the parties to assess whether recently passed federal legislation has rendered the plaintiff’s claims moot.

On May 7 the Second Circuit Court of Appeals ruled that the NSA’s bulk telephone metadata collecti… Continue Reading

Nevada Expands PI Definition under Data Breach Law

Posted in Policy and Regulatory Positioning

Becomes the fifth state to amend its data breach statute since January 2015

The definition of “personal information” (“PI”) just got a little bit bigger in the Silver State.

On May 13, Nevada Governor Brian Sandoval signed A.B. 179 into law, approving an expansion of what constitutes PI under Nevada’s data breach law. The amendment keeps all of t… Continue Reading

Washington State Amends Data Breach Law

Posted in Policy and Regulatory Positioning

Passage of H.B. 1078 sets a 45-day notification deadline, adds additional notice requirements

Washington Governor Jay Inslee signed H.B. 1078 into law on April 23, revising the state’s data breach notification statute and imposing additional notification requirements on businesses that suffer an unauthorized disclosure of “personal informat… Continue Reading

Are Regulatory Fears Impeding Industry Cyber Sharing?

Posted in Cyber and National Security, Policy and Regulatory Positioning

Business leaders confess that concerns of adverse regulatory actions are impacting industry willingness to share cyberthreat information with authorities

They say that no good deed goes unpunished. And when it comes to cyber sharing, industry leaders are concerned that their only “reward” for helping the government identify and respond to cyber… Continue Reading

Has Your Website’s EU Safe Harbor Expired?

Posted in Global, Policy and Regulatory Positioning

FTC proposes twenty-year compliance program for two companies that have settled charges that they misrepresented that they are currently compliant with the US-EU Safe Harbor Framework.

Does your company rely on the US-EU Safe Harbor Framework in order to transfer personal consumer data about EU residents outside of Europe?  If so, you probably have a s… Continue Reading

Montana Tweaks Data Breach Statute

Posted in Data Protection, Policy and Regulatory Positioning

The Big Sky Country’s data breach statute is going to see some small changes come October.

On Feb. 27, 2015 Montana Governor Steve Bullock signed H.B. 74 into law, amending the state’s data breach notification statute.  Among its changes, H.B. 74 broadens the definition of personal information (“PI”) and requires entities giving notice to con… Continue Reading

Chairman Wheeler Says the FCC Didn’t Just Fall Off the Turnip Truck – It Has Experience with Protecting Consumer Privacy, Too

Posted in Communications/Media, Marketing and Consumer Privacy, Policy and Regulatory Positioning

Last night the Center for Democracy & Technology held its annual dinner (a.k.a. the “Tech Prom”) in Washington, D.C., where  FCC Chairman Tom Wheeler was featured as the keynote speaker.  Wheeler’s remarks came on the heels of the Commission’s vote to adopt new open Internet rules, which are expected to provide the agency with broader aut… Continue Reading

Chip-and-PIN (EMV) Transition: Transition Hampered …

Posted in Data Protection, Policy and Regulatory Positioning

A recent report from the Congressional Research Service (CRS) highlighted a number of factors that are delaying the transition to chip-and-PIN (EMV) cards before the credit card network imposed deadline of Oct. 1, 2015.  The CRS predicted four factors would slow chip-and-PIN adoption in the U.S. – the high cost to implement compatible point-of-sale … Continue Reading

White House Big Data Working Group Claims “Significant Progress” On Executive Branch Privacy Initiatives, But Blames Congress and Big Data Stakeholders for Delaying Important Privacy Legislation and Voluntary Actions

Posted in Cyber and National Security, Policy and Regulatory Positioning

On February 5 the White House big data and privacy working group released an “Interim Progress Report” (hereinafter “the Interim Report”) summarizing its “progress in furthering the majority of the recommendations made” in its May’s 2014 report, “Big Data: Seizing Opportunities, Preserving Values” (hereinafter “the Big Data R… Continue Reading

Farewell, Federal Cybersecurity Incentives?

Posted in Cyber and National Security, Policy and Regulatory Positioning

Administration Takes Private Sector Incentives Off the Table, While Obama Calls for $14 Billion in FY 2016 Budget to Strengthen Government’s Cybersecurity Efforts

The White House’s Cybersecurity Coordinator Michael Daniel announced on Monday that the government will not offer incentives for private sector businesses to adopt… Continue Reading

Law360 Talks to Christopher Avery About New York’s Data Security Proposal

Posted in Data Protection, Policy and Regulatory Positioning

Last week we summarized the four must-know things regarding the New York Attorney General’s new data security proposal. Commentary still surrounds the proposal and has wide appeal. Christopher Avery offered the following insights to Law 360:

“The 47 state breach notification laws are reactive…But the New York proposal, instead of being rea… Continue Reading

New FTC Report on IoT Maintains Need for Baseline Privacy Legislation and Begins to Recognize Limitations of FIPPS in a Connected World

Posted in Policy and Regulatory Positioning

The Federal Trade Commission released its long awaited staff report on privacy and security issues presented by the emerging market for connected devices, also known as, the Internet of Things (“IoT”) (the “Report”) this morning.  The report follows up on the Workshop held in November 2013 and defines the IoT as “devices or sensors – other t… Continue Reading

Congress Funds Cybersecurity: Spending Bill Allocates over $1 Billion to Cybersecurity

Posted in Cyber and National Security, Policy and Regulatory Positioning

The final spending bill of the 113th Congress, which keeps the government doors open until September 30th of 2015, was passed by the House on December 11th, the Senate on the 13th, and signed by the President on December 16th. It is a $1.1 trillion omnibus spending bill that will direct well over $1 billion toward cybersecurity. Among other things, it will pro… Continue Reading

Congress Confirms NIST’s Role in Cybersecurity – and the Continuation of the Cybersecurity Framework

Posted in Cyber and National Security, Policy and Regulatory Positioning

The Cybersecurity Enhancement Act of 2014 (CEA) was passed by the House and the Senate on December 11th, and signed by the President on the 18th. The bill formalizes the role of the National Institute for Standards and Technology (NIST) in continuing to develop the voluntary Cybersecurity Framework. Through five “titles,” the bill includes provisio… Continue Reading

Congress Passes Cybersecurity Workforce Legislation

Posted in Cyber and National Security, Policy and Regulatory Positioning

The Border Patrol Agent Pay Reform Act of 2014 was passed by the Senate on September 18th, by the House on December 10th, and signed by the President on December 18th. It contains provisions from the Cybersecurity Workforce Recruitment and Retention Act of 2014, which allows the Secretary of the Department of Homeland Security (DHS) to establish cybersecu… Continue Reading

Congress Passes The Federal Information Security Modernization Act of 2014: Bringing Federal Agency Information Security into the New Millennium

Posted in Cyber and National Security, Policy and Regulatory Positioning

The Federal Information Security Modernization Act of 2014 (FISMA) was passed by the Senate on December 8th, by the House on December 10th, and by the President on December 18th. It is a comprehensive bill intended to bring federal agency information security practices into the new millennium – to better respond to evolving cybersecurity threats. FISM… Continue Reading

Congress Passes the National Cybersecurity Protection Act: Codifies National Cybersecurity Center & Creates Federal Agency Data Breach Notification Law

Posted in Cyber and National Security, Policy and Regulatory Positioning

The National Cybersecurity Protection Act of 2014 (NCPA) was passed by the House on December 8th, by the Senate on December 10th, and signed by the President on December 18th. Senate Committee on Homeland Security and Governmental Affairs Chairman Tom Carper (D-Del.) issued the following statement regarding the NCPA: “Cybersecurity is one of the … Continue Reading

Cybersecurity Legislation Focuses on Federal Government Initiatives – Leaves Private Sector Reforms for 2015

Posted in Cyber and National Security, Policy and Regulatory Positioning

One of the few things the parties in Congress can agree upon these days is cybersecurity – at least when it comes to directing the federal government’s cyber activities.  In its final days, the 113th Congress reached agreement on several major pieces of legislation intended to improve the nation’s cybersecurity: the National Cybersecurity ProteContinue Reading

FCC Reaffirms Fax Ads Sent With Recipients’ Prior Permission Require Opt-Out Notice

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

But Grants Retroactive Waivers to Petitioners Who Sent Permission-Based Faxes Without Opt-Out Notices

The Federal Communications Commission has issued an Order sustaining its rule that even ads faxed with the permission of the recipient must include a notice with instructions for how to opt out of future faxes. The Order responds to a passel of petition… Continue Reading

Second Circuit Adopts FCC’s Narrow Construction of “Implied” Express Consent for Autodialed Calls to Cell Phones

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

This updates our report last summer on a Federal Communications Commission (FCC) letter brief filed at the invitation of the U.S. Court of Appeals for the Second Circuit in Nigro v. Mercantile Adjustment Bureau, which observed the FCC taking a noticeably less generous view of its then-recent declaratory rulings on whether consumer provision of a cell num… Continue Reading

Chip-and-PIN is Coming…To the US Government

Posted in Data Protection, Policy and Regulatory Positioning

Last Friday, in the wake of numerous data breaches, President Obama signed a new Executive Order that will change how federal agencies use payment cards and allow access to certain government portals.  Those changes include the adoption of chip-and-PIN (also known as EMV) payment terminals and cards, and the implementation of multi-factor authenticaContinue Reading