Jonathan Adams

Subscribe to Jonathan Adams's Posts

ThinkstockPhotos-469750754-webOn October 17, 2014, the White House released its plans for a “BuySecure Initiative” in an executive order entitled “Improving the Security of Consumer Financial Transactions.” The initiative aims to push the market toward adopting more secure payment methods and to reduce the burden on consumers seeking to remediate identity theft incidents. The White House simultaneously published a fact sheet explaining the impetus for the action, the changes proposed in the order, and the potential downstream effects from the steps outlined.
Continue Reading Recent Executive Order to Push for Security of Consumer Financial Transactions, Identity Theft Remediation

The Consumer Financial Protection Bureau (CFPB) recently adopted the Privacy Notice Rule, a final rule that permits the financial institutions it regulates the option to post annual consumer privacy notices online, rather than mailing paper copies to customers, under certain conditions.1

The Privacy Notice Rule is the latest instance of regulatory relief provided to financial institutions by the CFPB. The new rule, which follows on the heels of other streamlining rulemakings by the CFPB, aims to reduce unnecessary or unduly burdensome regulatory requirements in the financial sector: the CFPB estimates that, as a result of the rule, financial institutions’ compliance expenses will decrease by approximately $17 million annually.2
Continue Reading Consumer Financial Protection Bureau Issues Final Rule Regarding Online Annual Consumer Privacy Notices

ThinkstockPhotos-87341406-webThis article is the first in a series of articles that will discuss the importance of privacy and data security considerations in the transactional context.

Data privacy and data security continued to capture headlines and boardroom attention in 2014, as the EU “right to be forgotten” ruling, the Sony cyberattack,1 new laws and lawsuits, and investor pressure on executives and boards regarding cybersecurity issues 2 provided continued worries for legal departments, executives, and directors.3 The ongoing coverage of these incidents has caused many legal departments, executive teams, and boards of directors to become more familiar with data privacy and security risks. Many businesses are taking steps to reduce their risk exposure by reviewing and enhancing their privacy and data security programs, ensuring that they maintain appropriate cyber insurance, and working with service providers, vendors, customers, and employees to minimize the likelihood of becoming the next target of a cyberattack or class action litigation.
Continue Reading Privacy and Data Security in Transactions: What’s the Deal?

Federal regulators released guidance in the first half of 2014 that should provide comfort to businesses that are considering sharing information relating to cybersecurity risks with other companies and the government. Although these advisory opinions are nonbinding and do not carry the force of law, they provide strong indications of the priorities of the U.S. Department of Justice (DOJ) and Federal Trade Commission (FTC) with respect to facilitating the ability of businesses to engage in cybersecurity risk mitigation. Notably, under the recent guidance, the federal regulators suggest that antitrust and electronic communications privacy concerns, which may have previously made businesses hesitant to share certain information relating to cybersecurity risks, should not preclude business-to-business or business-to-government information sharing that is tailored to mitigate these risks.
Continue Reading Federal Agencies Reduce Barriers to Cyber Threat Information Sharing

In August 2014, the Federal Trade Commission (FTC) published a staff report that evaluates the consumer disclosures made by a number of popular mobile shopping applications and makes recommendations to the providers and users of those apps.1 The FTC staff did not address or find any fault with app platforms, like Google Play or Apple’s App Store, with respect to the consumer disclosures of those apps. This report follows the FTC staff’s March 2013 mobile payment report that recommended mobile payment providers convey clear policies regarding fraudulent and unauthorized charges, encouraged all stakeholders to raise consumer awareness about mobile payment security, and stressed the applicability of its general privacy recommendations to companies in the mobile payment marketplace.2
Continue Reading FTC Recommends Improved Transparency and Security in Mobile Shopping Apps

A proposed California law, the Consumer Data Breach Protection Act (A.B. 1710),1 has the potential to upend the calculus of determining liability after retail data breaches, create additional data security requirements for retailers and other consumer-facing businesses operating in California, and establish new standards for data breach reporting for breaches affecting California residents. The bill, introduced by California State Assemblymen Bob Wieckowski and Roger Dickinson in February 2014 and currently pending before the California Assembly Committee on the Judiciary, may in part represent an effort to respond to the recent data breaches affecting Target Corp. and Neiman Marcus Ltd., and aims to strengthen one of the most prescriptive state statutes already in existence.

The heightened concern over data privacy in recent months might enable the passage of the bill, which is a variation of past bills that were vetoed by former Governor Arnold Schwarzenegger.2 If passed, A.B. 1710 would place California alongside Washington, Minnesota, and Nevada as the states mandating particular data security provisions with respect to payment card data,3 and would increase the data breach reporting requirements and liability associated with breaches for entities doing business in California.
Continue Reading Proposed California Law Would Impose Data Breach Liability on Retailers and Create More Stringent Data Security Requirements for Businesses