Jim Barbuto

Firm/Organization: Reed Smith LLP

Blogs: AdLaw By Request®, FinTech Update, Global Regulatory Enforcement Law Blog, Technology Law Dispatch, The Policyholder Perspective

Latest Articles

Technology Law Dispatch

The facial scan that launched a thousand laws: biometric privacy legislation trend continues to grow nationwide

By Kimberly Gold, Michael Galibois & Jim Barbuto on August 26, 2019

Many states are following in the footsteps of Illinois’ Biometric Information Privacy Act (BIPA), a law that has led to an increase in the volume of class action privacy litigation and highlighted the importance of enterprise-level management of biometric data (e.g., fingerprint, voiceprint, and retina, facial, or iris image). Organizations that collect and use biometric data for employee tracking or consumer-facing uses (including the collection and use of characteristics like heart rate or step counts)…

Technology Law Dispatch

Final guideline for Internet personal information protection published by Chinese Ministry of Public Security

By Xiaoyan Zhang, Amy Yin, Jim Barbuto & Catherine Jing on May 12, 2019

After soliciting public comments since last November, the Chinese Ministry of Public Security (MPS) published the finalized Guideline for Internet Personal Information Security Protection (Guideline) on April 10, 2019. The Guideline applies to Personal Information Holders, defined as entities or individuals that “control and process personal information” through their provision of services using the Internet, private networks, or offline. As China’s primary cybersecurity regulator under China’s Cybersecurity Law (CSL), MPS previously issued regulations specific to…

Technology Law Dispatch

Algorithmic Accountability Act proposed by U.S. lawmakers

By Stephanie Wilson, Jennifer Driscoll, Xiaoyan Zhang & Jim Barbuto on April 25, 2019

On April 10, U.S. lawmakers introduced the Algorithmic Accountability Act (the AAA). The AAA empowers the Federal Trade Commission (FTC) to promulgate regulations requiring covered entities to conduct impact assessments of algorithmic “automated decision systems” (including machine learning and artificial intelligence) to evaluate their “accuracy, fairness, bias, discrimination, privacy and security.” The bill is evocative of a significant trend and strategy to regulate technology and the use of personal data while reinforcing regulatory power at…

Technology Law Dispatch

In privacy we (anti)trust: Regulators worldwide consider competition law as tool for consumer protection

By Gerard Stegmaier, Jennifer Driscoll & Jim Barbuto on March 21, 2019

On February 26, 2019, the Federal Trade Commission’s (FTC) Bureau of Competition announced a new Technology Task Force, which will monitor anticompetitive conduct in U.S. technology markets “to ensure consumers benefit from free and fair competition.” With the consumer protection agency already a chief arbiter of privacy enforcement in the tech sector, the new task force increases the likelihood that the continued convergence between competition and consumer protection policy, which began in earnest at…

Technology Law Dispatch

Draft amendments to China’s personal information standards proposed

By Xiaoyan Zhang, Jim Barbuto, Trevor Satnick, Amy Yin & Catherine Jing on February 21, 2019

China’s National Information Security Standardization Technical Committee issued draft amendments (Amendments) to the standards that govern the protection of personal information, “Information Security Technology – Personal Information Security Specification” (Standards, effective May 1, 2018) on February 1, 2019. The Standards provide guidance on interpreting China’s Cybersecurity Law (CSL) and set out best practices for the collection and processing of personal information in China. If the Amendments pass, they would place the Standards among the other…

Technology Law Dispatch

Public comment for private matters: NTIA receives over 200 comments on proposed approach to protecting consumer privacy informed by GDPR, CCPA & more

By Samuel F. Cullari & Jim Barbuto on November 28, 2018

On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on the outcomes, goals, risks, and implementation of its proposed high-level framework for consumer privacy protection. The Administration’s framework articulated…

Global Regulatory Enforcement Law Blog

Recent SEC report on cybersecurity preparedness and response serves as warning of future enforcement

By Jennifer Achilles & Jim Barbuto on November 14, 2018

The U.S. Securities and Exchange Commission (“SEC”) recently provided issuers with a reminder of the potential for enforcement for insufficient cybersecurity. The SEC continues to emphasize the importance of measures such as up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system, and a recent Report of Investigation reflects that cybersecurity remains an enforcement priority. To learn more about the Report and the SEC’s recent enforcement actions, visit…

Technology Law Dispatch

Highlighting the “SEC” in cybersecurity: Continued regulatory focus on preparedness and response

By Jennifer Achilles & Jim Barbuto on November 12, 2018

In recent months, the U.S. Securities and Exchange Commission (“SEC”) has emphasized cybersecurity as both an enforcement priority and corporate responsibility, demonstrating its continued focus on the need for issuers to have sufficient measures in place, including up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system. The SEC recently issued a Report of Investigation pursuant to Section 21(a) of the Securities Exchange Act (the “Report”) that advised…

Technology Law Dispatch

Being first isn’t always best: SEC settles for $35 million fine for failure to disclose data breach to investors

By Mark S. Melodia, Gerard Stegmaier, Paul Bond, Kimberly Chow & Jim Barbuto on April 30, 2018

Company response to major data breach results in first-of-its-kind fine for improper disclosure to investors On April 24, 2018, U.S. Securities and Exchange Commission (SEC) and Altaba Inc., (formerly known as Yahoo! Inc.) agreed to settle SEC Division of Enforcement charges stemming from the compromise of 3 billion Yahoo accounts that occurred in 2013 and 2014, but were not disclosed until 2016.[1] The 2014 incident was attributed to Russian hackers by the U.S. government…

Technology Law Dispatch

Keys to the City: Recent developments in New York City address cybersecurity risks

By Jim Barbuto on April 13, 2018

In the wake of recent cyberattacks, cities and states are taking a stand. On March 29, New York City (the City) Mayor Bill de Blasio announced NYC Secure, an initiative that will include a suspicious activity alert app for residents and security upgrades to the City’s public Wi-Fi networks.[1]The initiative is intended as a citywide effort to better protect citizens and mitigate systemic-level cyber threats to citizens or City infrastructure, not unlike the…

Jim Barbuto

The facial scan that launched a thousand laws: biometric privacy legislation trend continues to grow nationwide

Final guideline for Internet personal information protection published by Chinese Ministry of Public Security

Algorithmic Accountability Act proposed by U.S. lawmakers

In privacy we (anti)trust: Regulators worldwide consider competition law as tool for consumer protection

Draft amendments to China’s personal information standards proposed

Public comment for private matters: NTIA receives over 200 comments on proposed approach to protecting consumer privacy informed by GDPR, CCPA & more

Recent SEC report on cybersecurity preparedness and response serves as warning of future enforcement

Highlighting the “SEC” in cybersecurity: Continued regulatory focus on preparedness and response

Being first isn’t always best: SEC settles for $35 million fine for failure to disclose data breach to investors

Keys to the City: Recent developments in New York City address cybersecurity risks

Company

Support

New to the Network