CyberAdviser

Insights from the frontlines of privacy and data security law

The Federal Election Commission (FEC) released a draft advisory opinion (draft AO) yesterday, holding that a nonprofit corporation providing certain cybersecurity services to candidates and political parties are not in-kind contributions. Defending Digital Campaigns, Inc. (DDC) is a nonprofit corporation under Washington, D.C., law, exempt from federal income tax under § 501(c)(4). Its stated purpose is “to provide education and research for civic institutions on cybersecurity best practices and assist them in implementing technologies, processes,…
This month marks 15 years of observing National Cyber Security Awareness Month (NSCAM) in October. The program was started way back in 2004, by the U.S. Department of Homeland Security and the National Cyber Security Alliance to educate Americans about ways to stay safer and more secure online. Technology has transformed most aspects of daily life since 2004, when: Smartphones didn’t exist (Blackberry’s don’t count). Thefacebook.com was born in a Cambridge dorm room. Google launched…
Less than three months after California passed the California Consumer Privacy Act of 2018 (CCPA), Governor Jerry Brown signed SB 1121 this week, making a number of technical and substantive changes to the law. Of particular note: SB 1121 modifies the financial institution carve-out language in CCPA section 1798.145(e). While the change is a welcome development for entities subject to regulation under the Gramm-Leach-Bliley Act (GLBA), it does not grant full exemption from the CCPA.…
Please join Ballard Spahr on October 4, 2018 in New York City for “Concordant Crossroads: Regulation and Innovation in the Automotive Industry,” presented by the Thomson Reuters Legal Executive Institute. Co-chaired by Ballard Spahr partners Neal Walters and Philip N. Yannella, this conference offers a practical and robust examination of the disruption that autonomous technology and regulation pose to transportation and the automotive industry.…
The Office of Civil Rights of the Department of Health and Human Services has announced settlements with three different Boston-area hospitals for allegedly compromising the privacy of protected health information by inviting documentary film crews on premises without first obtaining patient authorization.  The three settlements call for a total of almost $1 million in penalty payments and require each of the hospitals to undertake corrective action.  The corrections are not the same for each hospital…
On April 18, 2018, the Government of Canada published the final regulations relating to mandatory reporting of privacy breaches under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). To date, most organizations under PIPEDA’s purview have not been subject to mandatory privacy breach notification requirements. While organizations in the United States are familiar with breach notification statutes, organizations both within and outside of Canada will need to pay careful attention to the…
A new bill introduced by House Financial Services subcommittee Chairman Rep. Blaine Luetkemeyer would significantly change data security and breach notification standards for the financial services and insurance industries. Most notably, the proposed legislation would create a national standard for data security and breach notification and preempt all current state law on the matter.…
California is once again poised to set the standard for privacy and data security by enacting the first state law directed at securing Internet of Things (IoT) devices. The law has passed the state legislature and is awaiting the signature of Governor Jerry Brown. It requires manufacturers of “connected devices” to equip them with “a reasonable security feature or features” that are: appropriate to the nature and function of the device; appropriate to the information…
As discussed in our prior post, the California Consumer Privacy Act of 2018 (the “Act”) is expected to be modified by the California legislature prior to its January 1, 2020, enforcement deadline. In fact, while Governor Brown signed the legislation less than two months ago, one effort to amend the law already is underway through California Senate Bill 1121.…