Archives: Policy and Regulatory Positioning

Subscribe to Policy and Regulatory Positioning RSS Feed

Fact-Checking the FCC’s Fact Sheet on Broadband Consumer Privacy

Last Thursday, the FCC released a Fact Sheet announcing Chairman Wheeler had circulated to his fellow Commissioners a proposed Order with new privacy rules for ISPs, along with some high-level details of his proposal.  At the same time, the Chairman posted a blog titled “Protecting the Privacy of Broadband Customers” – a title that implies there i… Continue Reading

Is Your Business Ready to Wield the Privacy Shield?

Beginning August 1, U.S.-based companies that self-certify their compliance with the EU-U.S. Privacy Shield will be able to import data under the new data transfer framework. But how can your company best prepare?

Companies in the United States may be excited that the EU-U.S. Privacy Shield – the new trans-Atlantic data transfer compact approved by th… Continue Reading

What if Apple and the FBI went to SCOTUS?

Davis Wright attorneys Robert Corn-Revere and Ronald London recently argued the privacy and First Amendment interests in a “moot Supreme Court” session at the Newseum that sought to approximate appellate review of the issues arising out of the FBI’s effort to access the smart phones of the suspects in the San Bernardino shootings.

In the original r… Continue Reading

Nebraska and Illinois Update Breach Notice Requirements

The data breach notification laws for Nebraska and Illinois have been updated  to expand the definition of “personal information” to include usernames and email addresses in combination with a password or security question and answer allowing access to an online user account.

In addition to expanding the scope of covered information, Nebraska… Continue Reading

Top Takeaways from IAPP

The world of privacy grows every day as more data goes through the cloud. The new trends and weekly data breaches make conferences like the Global Privacy Summit all the more relevant.

Earlier this month we went to IAPP’s annual event and networked with many professionals in the privacy sphere. Here were some of our key takeaways:

1. Connect with your FBI Continue Reading

Open Internet Webinar


Keeping up with the Latest Happenings at the FCC, Capitol Hill, and Beyond
Tuesday, April 26, 2016
2:00 – 3:00 p.m. EDT

As the Obama Administration winds down, the FCC has moved forward with a series of Internet-related initiatives in quick succession including new rules impacting Lifeline and Open Internet and proposed privacy rules. Please join us as w… Continue Reading

FTC Delays Decision on Proposal Under COPPA Rule

Parents and companies will have to wait a few more weeks before learning whether facial recognition technology can be used to verify parental consent under the Children’s Online Privacy Protection Act (COPPA).

The Federal Trade Commission announced on October 23 that it will delay until November 18 its decision on whether to approve a new verifiable pa… Continue Reading

States Try to Make the Grade with Student Data Privacy Efforts


Eight states passed substantive bills during the 2015 legislative session requiring education-focused Internet service, websites and mobile app providers to take measures to protect student data

With students around the country back in school, it’s time for educators and education-focused technology (“EdTech”) service providers to pick up … Continue Reading

Chip-and-PIN (EMV) Credit Card Liability Shift is Oct. 1: Are You Ready?


October 1 is right around the corner. Merchants, retailers, hotels and restaurants: are you ready for what’s in your customers’ wallets?

Starting next month, the payment card industry’s transition to chip-and-PIN (also known as EMV) payment cards will take effect. As part of this transition, merchants, retailers, and all other businesses that a… Continue Reading

DoD New Cyber Security Reporting Rules for Contractors


In a move that highlights the changing winds of federal cybersecurity policy, the Department of Defense (“DoD”) has issued an interim Rule (“Rule”) that imposes new security and reporting requirements on federal contractors, and new requirements for DoD cloud computing contracts.

The Rule requires federal contractors to report cyber incide… Continue Reading

Getting More Personal: California Amends Data Security Law

secuirty w group

California’s data security statute will get a little more “personal” as of January 1, thanks to a recently-passed amendment revising the definition of covered personal information.

On July 14 California expanded the definition of “personal information” under its data security statute with the enactment of A.B. 1541 effective January, 201… Continue Reading

What are the Federal Privacy Laws for Businesses?

Video 1

Does your new business collect personal information about customers or employees?  Do you want to increase your revenues through targeted or behavioral marketing?  Do you want to minimize the risk of personal information being stolen,  and the costly after-effects?

If you answered yes to any of those questions, you need to know the rules of the ro… Continue Reading

Commerce Dept. Reviewing Stakeholder’s Cybersecurity Comments

data breach

Stakeholders praise task force’s efforts to develop stakeholder processes to confront cybersecurity issues where regulations might not be effective, but caution against mandatory requirements

The U.S. Department of Commerce’s Internet Policy Task Force (IPTF) is currently reviewing feedback collected in response to a Request for Public CommContinue Reading

FCC’s TCPA Order Offers Little Clarity or Relief for Businesses

Two People Texting

In potentially its most significant action under the Telephone Consumer Protection Act (TCPA) since 2003, the Federal Communications Commission released its previously-adopted Declaratory Ruling and Order on July 10th in which it resolved 19 petitions seeking declaratory rulings. As we foreshadowed upon the Order’s adoption, it does little to pr… Continue Reading

Connecticut Imposes New Data Security Obligations


New law will require consumer breach notice within 90 days, identity theft protection for consumers,“kill switch” for smartphones, and implementation of data security programs for certain health providers, state agencies and contractors

And Connecticut makes eight.

On the heels of the largest health care insurance and government data breaches … Continue Reading

2015 Data Breach Legislation Six Month Review: Many Proposals, Few Changes


The heat of summer may be upon us, but in Congress and in many state legislatures the attitude toward passing major data breach legislation has considerably cooled.

We predicted some months ago that 2015 might be the year that Congress finally passed national data breach notification legislation, given what appeared to be ample bipartisan support. The ne… Continue Reading

Telephone Surveillance Hang-Ups: Second Circuit Asks Parties in ACLU v. Clapper to Brief Whether the USA Freedom Act Moots Plaintiff’s Claims

Phone call

Not long after striking down the National Security Agency’s telephone surveillance program in ACLU v. Clapper, the Second Circuit is asking the parties to assess whether recently passed federal legislation has rendered the plaintiff’s claims moot.

On May 7 the Second Circuit Court of Appeals ruled that the NSA’s bulk telephone metadata collecti… Continue Reading

Nevada Expands PI Definition under Data Breach Law

Las Vegas

Becomes the fifth state to amend its data breach statute since January 2015

The definition of “personal information” (“PI”) just got a little bit bigger in the Silver State.

On May 13, Nevada Governor Brian Sandoval signed A.B. 179 into law, approving an expansion of what constitutes PI under Nevada’s data breach law. The amendment keeps all of t… Continue Reading