Latest Articles

After soliciting public comments since last November, the Chinese Ministry of Public Security (MPS) published the finalized Guideline for Internet Personal Information Security Protection (Guideline) on April 10, 2019. The Guideline applies to Personal Information Holders, defined as entities or individuals that “control and process personal information” through their provision of services using the Internet, private networks, or offline. As China’s primary cybersecurity regulator under China’s Cybersecurity Law (CSL), MPS previously issued regulations specific to…
On April 10, U.S. lawmakers introduced the Algorithmic Accountability Act (the AAA). The AAA empowers the Federal Trade Commission (FTC) to promulgate regulations requiring covered entities to conduct impact assessments of algorithmic “automated decision systems” (including machine learning and artificial intelligence) to evaluate their “accuracy, fairness, bias, discrimination, privacy and security.” The bill is evocative of a significant trend and strategy to regulate technology and the use of personal data while reinforcing regulatory power at…
On February 26, 2019, the Federal Trade Commission’s (FTC) Bureau of Competition announced a new Technology Task Force, which will monitor anticompetitive conduct in U.S. technology markets “to ensure consumers benefit from free and fair competition.” With the consumer protection agency already a chief arbiter of privacy enforcement in the tech sector, the new task force increases the likelihood that the continued convergence between competition and consumer protection policy, which began in earnest at…
China’s National Information Security Standardization Technical Committee issued draft amendments (Amendments) to the standards that govern the protection of personal information, “Information Security Technology – Personal Information Security Specification” (Standards, effective May 1, 2018) on February 1, 2019. The Standards provide guidance on interpreting China’s Cybersecurity Law (CSL) and set out best practices for the collection and processing of personal information in China. If the Amendments pass, they would place the Standards among the other…
On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on the outcomes, goals, risks, and implementation of its proposed high-level framework for consumer privacy protection. The Administration’s framework articulated…
The U.S. Securities and Exchange Commission (“SEC”) recently provided issuers with a reminder of the potential for enforcement for insufficient cybersecurity. The SEC continues to emphasize the importance of measures such as up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system, and a recent Report of Investigation reflects that cybersecurity remains an enforcement priority. To learn more about the Report and the SEC’s recent enforcement actions, visit…
In recent months, the U.S. Securities and Exchange Commission (“SEC”) has emphasized cybersecurity as both an enforcement priority and corporate responsibility, demonstrating its continued focus on the need for issuers to have sufficient measures in place, including up-to-date compliance and incident response programs in order to maintain the integrity of the capital market system. The SEC recently issued a Report of Investigation pursuant to Section 21(a) of the Securities Exchange Act (the “Report”) that advised…
Company response to major data breach results in first-of-its-kind fine for improper disclosure to investors On April 24, 2018, U.S. Securities and Exchange Commission (SEC) and Altaba Inc., (formerly known as Yahoo! Inc.) agreed to settle SEC Division of Enforcement charges stemming from the compromise of 3 billion Yahoo accounts that occurred in 2013 and 2014, but were not disclosed until 2016.[1] The 2014 incident was attributed to Russian hackers by the U.S. government…
In the wake of recent cyberattacks, cities and states are taking a stand. On March 29, New York City (the City) Mayor Bill de Blasio announced NYC Secure, an initiative that will include a suspicious activity alert app for residents and security upgrades to the City’s public Wi-Fi networks.[1]The initiative is intended as a citywide effort to better protect citizens and mitigate systemic-level cyber threats to citizens or City infrastructure, not unlike the…
On Tuesday, January 23, Lloyd’s of London and AIR Worldwide co-published a report regarding the financial fallout that could occur if a cyber incident or shutdown of a cloud computing provider happened in the United States. The report noted that losses could be around $19 billion with only about $3 billion being covered by insurance.[1]  The report also reveals that “[g]iven the state of the cyber insurance industry today, a cyber incident that…