Archives: Policy and Regulatory Positioning

Subscribe to Policy and Regulatory Positioning RSS Feed

Fourth Circuit Denies BMG request for Panel and En Banc Rehearing

The Fourth Circuit Tuesday denied BMG’s Petition for Rehearing by the panel and the full court. The panel’s opinion, issued February 1, reversed BMG’s $25 million contributory infringement verdict. Next up would be a petition for certiorari seeking Supreme Court review, or going back to the district court in Alexandria, Virginia for a new trial.… Continue Reading

Ninth Circuit Upholds FTC Authority Over Non-Carrier Activities of Common Carriers

On February 26, 2018, a unanimous 11-judge en banc panel of the Ninth Circuit upheld the authority of the Federal Trade Commission (“FTC”) over the non “carrier” activities of a company with common carrier lines of business that are exempt from FTC jurisdiction. Although the ruling allows the FTC to pursue deceptive practices claims against … Continue Reading

Reinstated CPNI Regulations Require Providers to File Annual FCC CPNI Certification by March 1, 2018

As we previously advised, the Federal Communications Commission (FCC) reinstated its customer proprietary network information (“CPNI”) rules governing the privacy obligations of telecommunications and VoIP service providers under Section 222. As a result, the annual certification for calendar year 2017 must be filed with the FCC by March Continue Reading

ICYMI in Cybersecurity and Data Breach

NC Data Breach Legislation Accounts for Ransomware Attacks

“Following an increase in reported state data breaches in 2017, North Carolina’s attorney general and a state representative introduced data breach legislation to better protect individuals,” HealthIT Security reports.


World Economic Forum: Cyber-Attacks Third Most Likely Continue Reading

Webinar | TCPA Update 2018: Current Compliance Challenges for Companies

Marc Roth and Ronnie London will be featured speakers on PLI’s upcoming one-hour briefing “TCPA Update 2018: Current Compliance Challenges for Companies” on February 6, 2018 from 1-2pm ET.

This important and timely presentation will provide a detailed analysis of how courts are interpreting the key aspects of the FCC’s July 2015 Decla… Continue Reading

FTC Issues Staff Report on Consumer Recognition of Paid Advertising

The Federal Trade Commission delivered the advertising industry an early holiday present in mid-December in the form of a staff report entitled “Blurred Lines: An Exploration of Consumers’ Advertising Recognition in the Contexts of Search Engines and Native Advertising.” The report is a summary of research conducted by the agency from 2014 to 20… Continue Reading

ICYMI: PrivSec’s Weekly News Picks


  1. Trump signs executive order to boost broadband internet development in rural US

Tech Republic reports that “the executive order may help bring internet to previously hard to reach areas, something several ISPs have been working towards.”  “A more connected country”, author Olivia Krauth reports, “could have several business impli… Continue Reading

Don’t Miss Out: The Health Care Cloud Coalition Monthly Meeting With Guest Speaker Linda Sanches From the Office for Civil Rights

The Health Care Cloud Coalition is kicking off it’s 2018 Monthly Meeting Series next Thursday, January 18th at 1:00 p.m. Eastern with a presentation from Linda Sanches, the Senior Advisor for Health IT and Privacy Policy from the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”).

Ms. Sanches will provide an update on OCR ac… Continue Reading

Jan 12th Update on FCC’s Internet Freedom Order

On December 14, 2017, the Commission voted 3-2 as expected along party lines to adopt the Internet Freedom Order that had been circulated as a draft on November 22, 2017. When effective, the new order will reverse the Commission’s 2015 Open Internet Order. Based on the Commissioners’ comments at the open meeting the new order should be substantially th… Continue Reading

2018 Predictions in Privacy & Security

GDPR – all year, all the time

Next year will be full of growing pains as both the public and private sector interpret, implement, and refine their efforts to comply with the GDPR. Large, multinational companies with a presence in the EU (and who are at the greatest risk of EU enforcement actions) will put pressure on their vendors across the globe to adopt pra… Continue Reading

PrivSec Blog Year in Review: Top 10 PrivSec Blog Posts in 2017

As we close out 2017, check out our most read privacy & security blogs of the year!


1. 42 C.F.R. Part 2 Final Rule Is Officially Delayed … Can Comments to HHS and OMB Fix It?

On January 18, 2017, the U.S. Department of Health and Human Services (HHS) published a final rule amending the Confidentiality of Substance Use Disorder Patient Records rule a… Continue Reading

ICYMI: PrivSec’s Weekly News Picks

Interactive Advertising Bureau Releases Technical Standard to Facilitate Disclosure and Consent in Digital Advertising

IAB Europe reported that it “presented a new technical standard to support the digital advertising ecosystem in meeting requirements relating to user consent under the General Data Protection Regulation (GDPR).”


WorContinue Reading

FCC Reverses Course, Shifts ISP Customer Privacy Back to FTC

The wheel that is U.S. policy on “net neutrality” has taken another turn with the release of the FCC’s draft Internet Freedom Order, which, when effective, will reverse the Commission’s 2015 Open Internet Order (the “Title II Order”). As a reminder, the Title II Order moved broadband internet access service, or “BIAS,” from an informati… Continue Reading

FCC Targets “Robocalls” By Enabling Voice Providers to Block Inherently Suspect Phone Numbers

The Federal Communications Commission (FCC) has adopted rules aimed at reducing the incidence of “robocalls” by allowing voice service providers to block, before they reach consumers, calls that originate from phone numbers that strongly suggest the call is illicit. Such autodialed, usually prerecorded calls, the FCC says, often involve scams t… Continue Reading

Employer-Sponsored Health Plan HIPAA Compliance Checklist

The administrative simplification provision of the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA) impose obligations on employer-sponsored group health plans. Given recent high-profile HIPAA enforcement actions, employers should understand their compliance obligations. This checklist is inten… Continue Reading

Time to Update Your Privacy Statement for GDPR

Although the EU General Data Protection Regulation comes into force in May 2018, European regulators are still producing guidance and member states are still adopting legislation to accommodate national differences. Put simply, it is unclear how to prepare for the GDPR in relation to some issues. For other issues, however, companies can confidently ac… Continue Reading

China Prohibits Unverified Internet Users to Post Online Comments

On August 25, 2017, the Cyberspace Administration of China (“CAC”) issued the Administrative Provisions for Services concerning Internet Comment Posting (the “Internet Comment Posting Provisions”) and the Administrative Provisions for Services concerning Internet Forums and Communities (the “Internet Forum and Community Services P… Continue Reading

Draft Cybersecurity Legislation Would Impose Substantial New Obligations on Vendors Selling Interconnected Devices to the U.S. Government

On Tuesday, August 1, 2017, a bipartisan group of four Senators from the Senate Cybersecurity Caucus introduced legislation designed to improve the cybersecurity of devices purchased by the U.S. government and – albeit indirectly – sold anywhere in the U.S. or the world.

The legislation – the “Internet of Things (IoT) Cybersecurity Improvemen… Continue Reading

How to Use the GDPR as Your Competitive Advantage: Focus on the Carrot, Not the Stick

How to use the GDPR as Your Competitive Advantage: Focus on the Carrot, Not the Stick

Ample bandwidth has been eaten by panicky commentary over the fines possible under the EU’s upcoming General Data Protection Regulation (GDPR). Sure, the GDPR arms EU data protection authorities with a hefty compliance stick. Yet the focus on exorbitant fines seems a bi… Continue Reading

The Chinese Government Issues Draft Cybersecurity Regulations to Protect Critical Information Infrastructure

On June 10, 2017, the Cyberspace Administration of China (the “CAC”) released the Draft Regulations on the Security Protection of Critical Information Infrastructure (the “Draft Regulations” 《关键信息基础设施安全保护条例(征求意见稿)》). The CAC is seeking public comments with a deadline of August 10, 201… Continue Reading

FCC Proposes New Systems to Reduce Illegal Robocalls and Announces Fine Against Autodialing Platform

The Federal Communications Commission (FCC) marked another step in its effort to curtail illegal robocalls. During its recent Open Meeting, the FCC approved Notices of Inquiry (NOIs) into Call Authentication methods and into Advanced Methods to Target Unlawful Robocalls that, respectively, seek input on efforts to institute a caller ID-based “Tru… Continue Reading

(Connected) Toy Story: The FTC Updates the COPPA Compliance Plan

The Federal Trade Commission (“FTC”) recently issued an updated “Six-Step Compliance Plan for Businesses” (“Compliance Plan”) for entities subject to the Federal Children’s Online Privacy Protection Act (“COPPA”), 15 U.S.C. §§ 6501-6506, to “reflect developments in the marketplace—for example, the introduction of int… Continue Reading

Data-Driven Marketing and the GDPR: the Data Brokers’ Conundrum

The digital marketing industry is powered by information about individuals (“personal data”) that pulses through a supply web. As this FTC infographic shows, some industries such as retail, energy, financial services, and health care, have direct relationships with those individuals. Other industries, such as data marketing, generally are at l… Continue Reading

FCC Reinstates CPNI Privacy Regulations (and Compliance Filing Obligations) for Telecom and VoIP Service Providers

In a recent order, the FCC has reinstated its customer proprietary network information (“CPNI”) rules governing the privacy obligations of voice service providers under Section 222. This action follows the Congressional repeal of the FCC’s 2016 Privacy Order that had extended CPNI regulations to broadband internet access services. As a result… Continue Reading