Jonathan Adams

Subscribe to all posts by Jonathan Adams

WSGR Alert: FTC Settles with Manufacturer of Home Network Routers over Alleged Data Security Flaws

On February 23, 2016, the Federal Trade Commission (FTC) announced a settlement with computer hardware maker ASUSTeK Computer, Inc. (ASUS). The ASUS settlement highlights the FTC’s position regarding security in the connected device market: connected device manufacturers are responsible for security shortcomings in their devices and are expected to promptly update or patch any identified … Continue Reading

FAST Act Eases GLBA Compliance Burdens for Many Companies, Addresses Transportation and Infrastructure Privacy and Cybersecurity Issues

President Obama signed the Fixing America’s Surface Transportation Act (FAST Act) into law on December 4, 2015. The FAST Act not only provides long-term funding for highway and infrastructure improvements and other transportation projects, but also includes several privacy- and security-related provisions, including an important provision that may reduce consumer confusion and industry compliance costs … Continue Reading

PCI Security Standards Council Issues Guidance on Responding to a Data Breach

On September 29, 2015, the PCI Security Standard Council (PCI SSC) issued guidance regarding data breach responses for merchants and service providers who process payment cards. The PCI SSC is a global forum founded by card brands (American Express, Discover, JCB, MasterCard, and Visa), and it is responsible for the development and management of the … Continue Reading

FTC Begins “Start with Security” Conference Series

On September 9, 2015, the Federal Trade Commission (FTC) held its first “Start with Security” conference at the University of California Hastings College of the Law in San Francisco. The conference was the first in a series of events hosted by the agency intended to provide additional guidance to businesses regarding how to keep consumers’ … Continue Reading

Privacy and Data Security Due Diligence

This article is the third in a series of articles that discuss the importance of privacy and data security considerations in the transactional context. In any transaction in which an entity invests in or acquires another business or its assets, the investing or acquiring entity (the “Acquiror”) should fully evaluate its counterparty (the “Company”), the … Continue Reading

Canadian Anti-Spam Legislation Shows Its Teeth with First Enforcement Actions

The Canadian Anti-Spam Legislation (CASL) is now showing that it has strong teeth. CASL requires companies operating in Canada to obtain affirmative opt-in consent prior to sending commercial electronic messages (CEMs), such as emails or text messages, within Canada. In addition, any CEM sent must contain certain identification information and provide recipients with a means … Continue Reading

Navigating Public Company Cybersecurity Obligations: Advising Boards and Disclosing to Investors

This article is the second in a series of articles that discuss the importance of privacy and data security considerations in the transactional context. In light of numerous costly security breaches affecting disparate sectors of the American economy, public companies—ranging from merchants like Target Corporation and The Home Depot to technology firms like Adobe Systems, … Continue Reading

Recent Executive Order to Push for Security of Consumer Financial Transactions, Identity Theft Remediation

On October 17, 2014, the White House released its plans for a “BuySecure Initiative” in an executive order entitled “Improving the Security of Consumer Financial Transactions.” The initiative aims to push the market toward adopting more secure payment methods and to reduce the burden on consumers seeking to remediate identity theft incidents. The White House … Continue Reading

Consumer Financial Protection Bureau Issues Final Rule Regarding Online Annual Consumer Privacy Notices

The Consumer Financial Protection Bureau (CFPB) recently adopted the Privacy Notice Rule, a final rule that permits the financial institutions it regulates the option to post annual consumer privacy notices online, rather than mailing paper copies to customers, under certain conditions.1 The Privacy Notice Rule is the latest instance of regulatory relief provided to financial … Continue Reading

Privacy and Data Security in Transactions: What’s the Deal?

This article is the first in a series of articles that will discuss the importance of privacy and data security considerations in the transactional context. Data privacy and data security continued to capture headlines and boardroom attention in 2014, as the EU “right to be forgotten” ruling, the Sony cyberattack,1 new laws and lawsuits, and … Continue Reading

Federal Agencies Reduce Barriers to Cyber Threat Information Sharing

Federal regulators released guidance in the first half of 2014 that should provide comfort to businesses that are considering sharing information relating to cybersecurity risks with other companies and the government. Although these advisory opinions are nonbinding and do not carry the force of law, they provide strong indications of the priorities of the U.S. … Continue Reading

FTC Recommends Improved Transparency and Security in Mobile Shopping Apps

In August 2014, the Federal Trade Commission (FTC) published a staff report that evaluates the consumer disclosures made by a number of popular mobile shopping applications and makes recommendations to the providers and users of those apps.1 The FTC staff did not address or find any fault with app platforms, like Google Play or Apple’s … Continue Reading

Proposed California Law Would Impose Data Breach Liability on Retailers and Create More Stringent Data Security Requirements for Businesses

A proposed California law, the Consumer Data Breach Protection Act (A.B. 1710),1 has the potential to upend the calculus of determining liability after retail data breaches, create additional data security requirements for retailers and other consumer-facing businesses operating in California, and establish new standards for data breach reporting for breaches affecting California residents. The bill, … Continue Reading
LexBlog