Tag:

Privacy & Security

Critical Infrastructure and Cybersecurity Legislation: America’s Cybersecurity Problem

Long gone are the days when cybersecurity concerns existed solely in the domain of technology teams. Various organizations, from schools to government entities (at every level), to private companies alike have fallen prey to cyberattacks. May 2021’s Colonial Pipeline attack caused chaos and a temporary gas frenzy that brought awareness of the vulnerabilities of the technology we rely on to even the least technically minded American. Cybersecurity, and more specifically, the security of critical infrastructure immediately became an issue that the U.S. Government is taking very seriously.

The First Cyber War: The Threat of Russian Cyberattacks has Thrust Cybersecurity Compliance into the Spotlight

The impact of Russia’s unprovoked attack on Ukraine on February 24, 2022 has not only caused a horrific human rights crisis but has also had a dramatic effect on how the world conducts business, felt well beyond the borders of Russia and Ukraine. Warnings of an imminent Russian cyberattack on critical United States infrastructure has small and large businesses alike brushing up their cybersecurity policies to ensure they are compliant with current best practices in the likely event of a Russian cyberattack and impending federal legislation.

Senate Brings Bipartisan Attempt to Update Health Privacy Regulations

On February 9, a group of senators led by Tammy Baldwin of Wisconsin and Bill Cassidy of Louisiana introduced a new bill, the Health Data Use and Privacy Commission Act (the “Act”),  in attempt to revitalize current legislation regarding the protection and use of health data. The bill also has the support of a number of representatives from within the healthcare industry, including Epic, IBM, and Teladoc Health, as well as a number of professional associations like the American College of Cardiology, the Association for Behavioral Health and Wellness, and the Association of Clinical Research Organizations.

Biden Administration Works with the EU to Develop New Data-Sharing Agreement

After the EU invalidated the previous data transfer agreement between the EU and the US in July of 2020, many big tech companies have been left unsure how to keep business flowing from Europe without the ability to store data within the US. To the relief of these companies, the Biden Administration has reached a preliminary agreement for a new deal with the EU. Coined the Trans-Atlantic Data Privacy Framework, this new agreement works to address concerns raised by the EU.

US Data Privacy Laws: Past, Present and Future

Despite the technology and data collection sectors rapidly growing over the past few decades, laws protecting consumers in these spaces have barely expanded, if at all. The first, and only, comprehensive federal data privacy regulation was passed in 1974, roughly ten years before the first Mac computer was invented. Since then, we’ve seen a few more federal laws put in place to protect consumer data and even some states take actions into their own hands, but we have yet to see another comprehensive law from the federal government. This begs the question, will the federal government finally enact new data privacy laws for the country as a whole to adhere to, or will they continue to let states take the reins forcing companies to comply with multiple laws at once?

2022: The Year of US Data Privacy Laws?

When you think of the most valuable commodity in the world today, you might automatically think of money, however, personal data has now become one of the most valuable forms of currency today. The vast amounts of personal data available have made it increasingly valuable to companies who know how to use it to their advantage. The means of receiving this data are sometimes questionable, and up until recently, often unregulated, leading to companies using unethical methods to get their hands on this valuable data. The US is starting to follow the rest of the world and develop extensive data privacy laws that cover more than just medical information to ensure that consumers are protected, but there’s still lots of disagreements surrounding how and what should be protected in the US.

America’s Fight Against Robocalls

Robocalls are an increasing threat to Americans across the country. In 2020, American consumers received nearly 4 billion robocalls per month. This number quickly increased in March 2021 when Americans received 4.9 billion robocalls. Although not all robocalls are illegal, illegal robocalls hurt Americans by spamming them to market a product. Americans have a choice to give their written consent, but the issue stems from robocalls marketing products without written consent. About 60 million Americans say they have been a victim to phone scams in the last year and have lost nearly $30 billion as a result. Unfortunately, despite the FCC and FTC increasingly targeting spammers and illegal robocalls, it is difficult to say when this problem will end.

2022: U.S. Privacy Chaos, Continued?

Conversation surrounding the hodgepodge of state data privacy legislation in the U.S. has long been a subject of frustration within the U.S. and abroad. 2021 saw a drastic uptick in awareness and a need for meaningful comprehensive consumer privacy laws. With both data privacy and cybersecurity repeatedly making front page news over the last year, and even becoming high priority within the Biden Administration, it has become one of the few issues on which people across the political spectrum can agree. But will 2022 be the year that comprehensive federal privacy legislation becomes a reality? Don’t count on it.

Robinhood Fined $65 Million for Misleading Customers

On December 17, 2020, the Securities and Exchange Commission (“SEC”) charged Robinhood Financial, LLC (“Robinhood”) with material misrepresentation and misleading its users about its revenue sources, specifically Robinhood’s receipt of payments from certain principal trading firms for routing its customer orders to them. The SEC charges against Robinhood also relate to certain statements about the execution quality Robinhood achieved for its customers’ orders and Robinhood’s failure to satisfy its duty of best execution. Robinhood agreed to pay $65 million to settle the charges.

Relax, After GDPR’s Schrems II, Some Companies Transferring Personal Data from the EU to the US May Actually Have Less Challenges Than You Thought

On December 12, 2020, the European Commission (the “EC”) issued a highly anticipated draft of newly revised standard contractual clauses (“new SCCs”) that may be used by European Union-based companies to safeguard data transfers of personal data to third countries, such as the US, in compliance with GDPR Art. 46(1). The release comes at a decidedly inopportune time as it follows on the heels of the Court of Justice of the European Union’s (CJEU) Data Protection Commissioner v. Facebook Ireland Limited and Maximillian Schrems (“Schrems II”) decision which casts serious doubt on the adequacy of SCCs alone to safeguard against the “high-risks” involved in EU to US data transfers. And for many data protection experts, the language of the revised SCCs only adds to the confusion, raising even more questions. But one question in particular seems to be prominent among others—for transfers to importers, directly subject to GDPR, are SCCs really necessary?