Consumer Protection Connection

Consumer Protection
Connection

Tag Archives: data security

FDA Issues Final Guidance on Interoperable Medical Devices

Posted in Connected Products, Product Safety
The U.S. Food and Drug Administration (FDA) finalized its recommendations on September 6, 2017 on how to secure interoperable medical devices’ interactions with other devices and information systems. The FDA’s initial guidance, drafted in January 2016, was designed to help manufacturers develop safe, secure information exchange systems in connected medical devices. The updated guidance incorporates… Continue Reading

Are Your Security Tools Up to Date?

Posted in Cybersecurity, Data Security, Privacy
The effects of the massive cyberattack using ransomware known as “Wanna Cry” are still being felt all over the world. Tens of thousands of organizations have been infected, including the UK’s National Health Service, which ran some services on an emergency-only basis the day the attack began in earnest. Some security experts surmise that the… Continue Reading

NIST Issues New Update to Cybersecurity Framework

Posted in Cybersecurity
On January 10, 2017, the National Institute of Standards and Technology (NIST) released an update to its Cybersecurity Framework, first issued in 2014. The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The new draft provides details on managing cyber supply… Continue Reading

NTIA Steps into IoT Debate

Posted in Cybersecurity, Privacy
Continuing its tradition of active involvement in digital economy questions, the Department of Commerce’s (DOC) National Telecommunications and Information Administration (NTIA) issued a request for public comment on questions posed by the growth of the Internet of Things (IoT). The explosive growth of connected products, anticipated to reach 25 billion by 2020, is one reason… Continue Reading

Appeals Court Agrees That Health Solutions Provider’s Insurance Requires Defense in Data Disclosure Class Action

Posted in Data Security, Litigation, Privacy
Availability of insurance is often among the first questions that arises when a company encounters a data breach or other Internet-related problem involving company records, even where the company lacks a cyberinsurance policy. The federal Fourth Circuit Court of Appeals recently affirmed a ruling by a District Court that required insurance coverage for an inadvertent… Continue Reading

The FCC Continues Privacy Push with Draft Proposal Regulating ISP Customers’ Data

Posted in Data Security, Privacy, Regulations
On the heels of the Open Internet Order adopted by the Federal Communications Commission (FCC) last year, FCC Chairman Tom Wheeler has circulated a Notice of Proposed Rulemaking (NPRM) to fellow Commissioners that would apply the privacy protections of the Communications Act to broadband Internet access services. Wheeler’s proposal will be voted on at the… Continue Reading

New Year, New Cyber Law

Posted in Cybersecurity
In the rush of holidays and storms around the country (and weirdly warm weather here in D.C.), it was easy to miss that Congress finally approved the Cybersecurity Information Sharing Act (CISA).  The bill was included in the middle of its omnibus spending package, the Consolidated Appropriations Act, 2016, Pub. L. 114–113 (Dec. 18, 2015),… Continue Reading

Life After the U.S.–EU Safe Harbor

Posted in Data Security, Privacy
We’ve written about the ground-breaking and panic-inducing ruling of the European Court of Justice (ECJ) invalidating the U.S.–EU Safe Harbor framework as an adequate data transfer mechanism, and ruling that national authorities are not bound by Commission approvals. Click here for our September 23, 2015 blog post, and here for a related October 16, 2015… Continue Reading

Article 29 WP Says Safe Harbor Transfers Illegal; Model Clauses and BCRs Under Review

Posted in Data Security, Litigation, Privacy
The Article 29 Working Party (WP) issued a press release on October 16, 2015 announcing the outcome of the meeting to discuss coordinated action after the Court of Justice of the European Union (ECJ) decision in the matter of Schrems v. Data Protection Commissioner (C-362-14), which invalidated the U.S.-EU Safe Harbor Agreement. While calling for… Continue Reading

EU Official Calls for Invalidation of EU–U.S. Safe Harbor Pact

Posted in Data Security, Privacy
A European Court of Justice (ECJ) advocate general, Yves Bot, has called for the European Union–U.S. Safe Harbor Agreement to be invalidated due to concerns over U.S. surveillance practices (press release here, opinion here). The ECJ has discretion to reject the recommendation, but such opinions are generally followed. A final decision on the issue is… Continue Reading

In Commission Win, Appeals Court Agrees that FTC Can Regulate Business Data Security Practices Under Unfairness Authority

Posted in Cybersecurity, Data Security, Privacy
In a closely watched case where the Federal Trade Commission (FTC) pursued Wyndham Worldwide Corporation for several data breaches that led to millions of dollars in fraudulent charges on customers’ payment cards, the U.S. Court of Appeals for the Third Circuit on Monday agreed with the Commission’s broad interpretation of its “unfairness” authority (opinion here).… Continue Reading

FTC Issues Data Security Guidance

Posted in Cybersecurity, Data Security
The U.S. Federal Trade Commission (FTC) issued new data security guidance for businesses on June 30, 2015. The publication, Start With Security: A Guide for Business, consolidates other guidance from the FTC that reflects its position that security by design, much as privacy by design, should be integrated into business processes. The guidance isn’t new,… Continue Reading

High Court to Decide If Congress Can Let Consumers Sue Over Publication of Inaccurate Personal Information Without Concrete Damages

Posted in Cybersecurity, Data Security, Litigation, Privacy
The Supreme Court of the United States granted certiorari late last month in a case with important implications for consumer privacy and for the ability of Congress generally to create wholly new protections for consumers. Plaintiffs must always show that they have standing – a legally-protected interest that allegedly has been violated – before a federal… Continue Reading

Third Circuit Says Privacy Class Action Members are “Ascertainable” in Suit Against Aaron’s Stores Because There are Records

Posted in Data Security, Privacy
Every class action lawsuit always involves the question of how to identify, or “ascertain”, who is a member of the class.  Consumers keep expensive products or at least keep records related to their purchase.  Inexpensive or transitory products are generally gone by the time litigation commences and no records of the purchase exist.  In such… Continue Reading

House Passes Cyber Information Sharing Bills

Posted in Cybersecurity, Data Security, Privacy
This week, the U.S. House of Representatives passed two cybersecurity information sharing bills that gained qualified support from the Obama Administration.  Together, the bills (the Protect Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement Act (NCPAA)) would authorize companies to share cyber threat information and defensive measures with each other and the government,… Continue Reading

Managing “Cyber” – A New Guide for Companies on Cybersecurity and Addressing Cyberthreats and Cybercrime

Posted in Cybersecurity, Data Security
The Paris-based International Chamber of Commerce (ICC) today released a new guide to help companies manage their cybersecurity, including how to address cyberthreats and how to prevent cybercrime. The ICC Cyber security guide for business, prepared by the ICC’s Commission on the Digital Economy, was written to help companies address the new types of risks… Continue Reading

Data Breaches: Not Just for States and the FTC Anymore

Posted in Cybersecurity, Data Security, Privacy
The Federal Communications Commission (FCC) announced today that AT&T Services, Inc., will pay $25 million to resolve an investigation into whether the company violated Sections 201(b) and 222 of the Communications Act relating to consumer privacy at AT&T call centers in Mexico, Colombia, and the Philippines. According to the FCC’s order and consent decree, call… Continue Reading

Tips for Preventing Privacy and Data Breach Suits

Posted in Privacy, Product Safety
As we discussed in the Privacy Class Action Claims on the Rise post from December 17, 2014, the number of privacy class action claims is trending upwards, along with all things privacy-related.  Some of the breaches and other big media stories could have been avoided, while others were unavoidable for the businesses at issue.  Either… Continue Reading
.
Consumer Protection Connection