David Krone

Firm/Organization: Reed Smith LLP

Blogs: Financial Regulatory Report, FinTech Update, Life Sciences Legal Update, Technology Law Dispatch

Latest Articles

FDA revamps cybersecurity guidance for marketed medical devices

By Kevin Madagan, Mildred Segura, Gerard Stegmaier, Maryanne Woo, Wendell Bartnick, Christopher Butler & David Krone on November 7, 2018

The Food and Drug Administration (FDA) published a draft update to its premarket cybersecurity guidance for device makers on October 18, 2018. The expanded draft guidance includes recommendations on tiered classification of cybersecurity risk, trustworthiness, cybersecurity bill materials, and device cybersecurity labeling that are specific enough to be helpful to manufacturers while at the same time keeping the guidance sufficiently flexible to comply with an industry filled with advancing devices that pose greater and more…

Technology Law Dispatch

California pursues IoT data security regulations with new legislation

By Gerard Stegmaier, Wendell Bartnick & David Krone on October 25, 2018

California enacted Internet of Things (IoT) legislation intended to help protect consumer privacy and safety from potential hacking of connected devices. Under the state legislation that may apply to any connected devices sold in California, manufacturers of connected devices are required to equip the devices with security options suitable to the nature of the device and the information processed by the device. The objective of the legislation is to protect consumers, yet adapt to different…

Life Sciences Legal Update

FDA to implement OIG suggestions on IoT cybersecurity

By Mildred Segura, Kevin Madagan, Gerard Stegmaier, Maryanne Woo, Wendell Bartnick, Christopher Butler & David Krone on October 24, 2018

The Office of the Inspector General (OIG) published a report in September 2018 after a review of the Food and Drug Administration’s (FDA) policies, procedures, and guidance relating to cybersecurity reviews of networked medical1 devices. In its findings, covered in our recent client alert, the OIG determined that while the FDA has started to include cybersecurity concerns in its review process, the FDA should take steps to ensure their cybersecurity review is systematic and…

Technology Law Dispatch

FTC report looks to improve mobile device security for businesses

By Gerard Stegmaier, Mark H. Francis & David Krone on March 20, 2018

On February 28, 2018, the Federal Trade Commission (FTC) released a report about security update practices for businesses providing mobile phones and other connected devices. The report recommends that manufacturers and carriers provide security updates that are consistent with consumer expectations, provide better information regarding their security practices and educate consumers on their role in the update process. While the report is framed as offering recommendations, businesses should keep in mind that such reports often…

Technology Law Dispatch

DHS and DOC Report on Botnets and IoT Security Recommends Increased Collaboration between Stakeholders in Private Industry and Government

By David Krone on January 19, 2018

On Jan. 5, 2018, the Department of Homeland Security (DHS) and the Department of Commerce (DOC) released their joint draft report on “Enhancing the Resilience of the Internet and Communications Ecosystem against Botnets and Other Automated, Distributed Threats” for public comment. The report provides a series of recommendations for addressing the threats presented by botnets as well as improving security for Internet-connected devices or the Internet of Things (IoT). Chief among these was a call…

Technology Law Dispatch

Delaware Amends Data Breach Notification Law to Require Reasonable Data Security and Expand the Scope of Personal Information Requiring Notice

By David Krone on August 28, 2017

On August 17, 2017, Delaware Governor John Carney signed into law House Substitute 1 for House Bill 180, making the first significant amendment to Delaware’s data breach notification law since 2005. The bill, scheduled to go into effect April 14, 2018, requires private organizations to maintain reasonable security policies and procedures; expands the definition of “personal information” to include medical information, biometric identifiers, and electronic signatures; and adds additional breach notification and credit monitoring…

Technology Law Dispatch

President Trump Signs Executive Order on Cybersecurity Focusing on Critical Infrastructure, Federal Networks and Public Cybersecurity Policy

By David Krone on May 17, 2017

On Monday, May 11, 2017, President Donald Trump signed an Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” The Executive Order comes after Trump had postponed signing a similar executive order on cybersecurity on Feb. 1, and another draft executive order had been circulated Feb. 10. The final Executive Order aligns with the preceding Executive Order 13636, “Improving Critical Infrastructure Security,” signed by the Obama administration on Feb.…

FinTech Update

Proposed 2017-2018 New York Budget Covers Current Exempt FinTech Companies

By Kari Larsen & David Krone on February 27, 2017

Lender license requirements recently included in the New York governor’s proposed 2017-2018 budget would expand the jurisdiction of the New York State Department of Financial Services (NYDFS) to cover many financial technology (FinTech) credit-lending companies that are currently exempt from license requirements. The proposed budget would prohibit businesses that are not registered as licensed lenders from making personal loans with a principal of $25,000 or less, and commercial loans of $50,000 or less, regardless of…

Financial Regulatory Report

NY Proposed Budget Would Expand NYDFS Authority over FinTech Lending Companies

By Kari Larsen & David Krone on February 24, 2017

Technology Law Dispatch

NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems

By David Krone on January 11, 2017

On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.” The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems. In the blog post accompanying the release, NIST notes that the report is intended to address the absence…

David Krone

FDA revamps cybersecurity guidance for marketed medical devices

California pursues IoT data security regulations with new legislation

FDA to implement OIG suggestions on IoT cybersecurity

FTC report looks to improve mobile device security for businesses

DHS and DOC Report on Botnets and IoT Security Recommends Increased Collaboration between Stakeholders in Private Industry and Government

Delaware Amends Data Breach Notification Law to Require Reasonable Data Security and Expand the Scope of Personal Information Requiring Notice

President Trump Signs Executive Order on Cybersecurity Focusing on Critical Infrastructure, Federal Networks and Public Cybersecurity Policy

Proposed 2017-2018 New York Budget Covers Current Exempt FinTech Companies

NY Proposed Budget Would Expand NYDFS Authority over FinTech Lending Companies

NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems

Company

Support

New to the Network