On July 19, the Federal Energy Regulatory Commission (“FERC” or “Commission”), pursuant to its authority under section 215 of the Federal Power Act, issued a final rule directing the North American Electric Reliability Corporation (“NERC”) to develop modifications to NERC’s Reliability Standards as they relate to cyber security incidents. Issuance of the final rule is timely. A recent news article described hackers’ successful infiltration of the control rooms of multiple electric utilities.… More
Partner Colin Zick will join Naomi Leach, Senior Associate, Data Protection at Stephenson Harwood, and Lana Gladstein, Vice President and General Counsel at Brammer Bio, for a MassBio program on July 31 entitled The Era of GDPR Data Privacy, Two Months In: Do you have a Data Transfer Agreement handy?
The GDPR Data Privacy Law has been in effect since May 25,… More
The California Consumer Privacy Act of 2018 (the “CCPA”) was signed into law on June 28, 2018. Although it is a state law, it has national and international ramifications. Here are some key aspects to be aware of.
1. Effective date
The law is slated to go into effect on January 1, 2020. However, the California State Legislature has the option of offering amendments to alter the law between now and its effective date,… More
We posted earlier this year about increased scrutiny of cryptocurrency advertising, especially the promotion of Initial Coin Offerings, or ICOs. The key takeaway from that post was that the frenzy around cryptocurrencies – including as an investment opportunity for individuals who aren’t otherwise active investors – has led to a number of efforts to curtail cryptocurrency promotion, from both regulators and industry stakeholders.… More
As if having to deal with all the EU’s Data Protection Authorities wasn’t challenge enough for companies trying to comply with GDPR, the FTC has now asserted that it has a role in GDPR enforcement. In particular, the FTC says it has a role in making sure that US companies live up to the GDPR-related promises that they make. This position came to fruition in a proposed FTC settlement with California-based employment training company,… More
The EU-US Privacy Shield, a framework that allows companies to transfer personal data from the EU to the US in compliance with the GDPR, has been under fire for not providing adequate protection to EU citizens. As Foley noted in 2017, the EU’s Article 29 Working Party (now the European Data Protection Board) identified “a number of significant concerns” with the Privacy Shield in the Working Party’s First Annual Joint Review,… More
With legislative activity last month in Louisiana, South Carolina, Vermont, and Colorado adding to activity in South Dakota, Arizona, Oregon, and Alabama earlier in the year, it appears that 2018 could be a significant year for state information privacy law reform. Much has been predicted in this area following the enactment in 2017 of significant regulations in New York and the passage of substantial amendments to a statute in Illinois both of which were aimed at protecting against data breaches.… More
It was my pleasure yesterday to speak at MedInnovation Boston 2018, and deliver a presentation on “The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability“. With constantly evolving technology and the new GDPR legal framework. achieving interoperability seems harder than ever. More
The Washington Post recently reported that the Chinese Ministry of State Security stole a trove of sensitive defense information from a U.S. Navy contractor working for the Naval Undersea Warfare Center. According to the Post, the information included plans to develop a supersonic anti-ship missile for U.S. submarines, along with “signals and sensor data, submarine radio room information relating to cryptographic systems, and Navy submarine development unit’s electronic warfare library.”
It is no secret that the Chinese government has been building its capacity to project military power in the Pacific ocean for many years,… More
On June 7, 2018, the French Data Protection Authority (the CNIL) published a decision (issued one month earlier) in which it imposed a record 250,000 euros fine on Optical Center (which, although its name does not indicate, is a French company) for having insufficiently secured the personal data of its customers.
The CNIL noted that customers could access more than 300,000 documents (mainly invoices) of other customers on Optical Center’s website site rather easily,… More