On January 12, 2017, The Federal Trade Commission (FTC) held its second PrivacyCon conference. PrivacyCon brings together researchers, academics, industry representatives, consumer advocates, and government regulators, to discuss the latest research and trends related to consumer privacy and data security. This year’s PrivacyCon featured presentations from academics and technology researchers covering the following five main areas: (1) the Internet of Things (IoT) and Big Data; (2) mobile privacy; (3) consumer privacy expectations; (4) online behavioral advertising; and (5) information security. FTC Chairwoman Edith Ramirez, who is stepping down effective February 10, 2017, opened the conference with the myriad of ways consumer data is collected, asking if the risks associated with data collection outweigh the benefits.
What’s the News?
Following recent updates, merchants and retailers will soon become subject to the updated Payment Card Information Data Security Standard (PCI DSS), the security standard that organizations need to follow if they handle credit and debit cards from major card companies, such as Visa, MasterCard and American Express. This round of changes will be known as version 3.2 of PCI DSS, and include significant guidance and updates on hot topics such as encryption and strong credentials. Compliance with the changes is important because companies that are subject to PCI DSS but fail to comply face exclusion from processing credit card payments and/or hefty fines. Sometimes, noncompliance could mean leaving open the doors to your cardholder data environment, thereby allowing hackers and malicious entities to enter.
Companies transferring data from Switzerland to the US should take note: the Swiss-US Privacy Shield has arrived!
Why Should You Care?
Global companies that transfer personal information—specifically, the transfer of Swiss individuals’ personal information, from Switzerland to the US—must have a legal mechanism in place for doing so. The Privacy Shield provides an enforceable mechanism that the EU and Swiss governments have deemed adequate. The Swiss-US Privacy Shield complements the EU-US Privacy Shield, which applies only to European Economic Area (EEA) member countries.
What’s the News?
On January 9, 2017, Presence Health agreed to settle with the U.S. Department of Health and Human Services (HHS) potential violations under the Breach Notification Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This is HHS’ first enforcement action against a covered entity that reported a breach, but did not do so timely.
Interactive gaming, innovative app development, mobile expansion, new dimensions in AR and VR, and strides in your company's marketing strategy can press the boundaries of the current legal landscape. “Level Up” with Arent Fox as we discuss the legal issues in an intimate discussion that will address three areas that have the most play: advertising, intellectual property, and privacy interests.
The panelists include:
What’s the News?
The Federal Trade Commission (FTC) recently issued guidance for both businesses and consumers on defending against ransomware, both of which are based on lessons learned from the FTC’s recent ransomware workshop, with panelists that included security researchers, technologists, law enforcers, and business leaders. Ransomware is a form of malicious software that infiltrates computer systems or networks. Typically, ransomware involves encrypting the victim’s data or denying access to the victim’s data, to hold data “hostage” until the victim pays a ransom. It has become one of the most serious online threats facing businesses.
In case you missed it, the California Office of the Attorney General (CA OAG) recently released an online tool that empowers consumers to report websites, mobile applications, and other online services that are in violation of the California Online Privacy Protection Act (CalOPPA), a California law that requires website operators that collect personal information from consumers in California to post privacy policies to notify users about their online privacy practices. Given the fact that most online services collect information from California residents, the law has widespread impact.
The constant slew of innovations and advancements in smart cars has so far left regulators struggling to define new rules to govern this space. The overlapping jurisdictions of three different agencies - the National Highway Traffic Safety Administration (NHTSA), the Federal Trade Commission (FTC), and the Federal Communications Commission (FCC) – with different priorities have only added to the complexity.
Cybersecurity & Data Protection practice group leader Sarah Bruno will be a featured speaker at the upcoming California Lawyer Cyber Boot Camp: Data Security at the Intersection of Law and Business in Los Angeles. She will address “Incident Response Comes of Age: Not Your Father’s Data Breach Response Playbook,” answering questions such as:
ABOUT ARENT FOX LLP
Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.