Regulatory

Subscribe to Regulatory via RSS

On April 1, 2015, President Obama issued an executive order declaring “cyber-enabled malicious activities” a national emergency due to the “increasing prevalence and severity” of such attacks originating from or directed by persons outside the United States.1 The executive order gives the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, the power to impose economic sanctions on certain designated individuals and entities that have been directly or indirectly involved in malicious cyberattacks against U.S. networks, critical infrastructure, as well as those involving the theft of economic resources or personal and financial information, or the misappropriation of trade secrets.
Continue Reading President Obama Creates New Sanctions Regime to Combat Foreign Cyberthreats

On June 15, 2015, the Ministers of Justice of all 28 European Union member states, sitting as the Council of the EU (Council), reached a crucial agreement for the future EU data protection legal framework. Much work still needs to be completed, but this is a major step forward in the adoption of the EU General Data Protection Regulation (Regulation).

The Regulation introduces important changes to EU data protection law that will have a significant impact on companies doing business in the EU. While the timing of final approval is still unknown, the fact that the Council has reached a general approach significantly increases the chances that the final text of the Regulation will be adopted in the foreseeable future. To learn more about the practical implications for businesses and how to prepare for the new legal framework, please join our webcast on July 15.
Continue Reading Status Update on the EU Data Protection Regulation

Making a splash with its first-ever data security enforcement actions, the Federal Communications Commission (FCC) entered uncharted waters late last year by aggressively asserting its role in safeguarding consumer information. In the fall of 2014, for the first time, the FCC took administrative enforcement action in two instances against telecommunications carriers that misused data, misrepresented their data security efforts, and failed to appropriately secure customer data. The FCC’s efforts demonstrate that it believes it has a role to play in the wider privacy landscape, even as the Federal Trade Commission (FTC) has thus far taken the lead on privacy and data security enforcement.1
Continue Reading FCC Dives into Privacy and Data Security Enforcement

The Consumer Financial Protection Bureau (CFPB) recently adopted the Privacy Notice Rule, a final rule that permits the financial institutions it regulates the option to post annual consumer privacy notices online, rather than mailing paper copies to customers, under certain conditions.1

The Privacy Notice Rule is the latest instance of regulatory relief provided to financial institutions by the CFPB. The new rule, which follows on the heels of other streamlining rulemakings by the CFPB, aims to reduce unnecessary or unduly burdensome regulatory requirements in the financial sector: the CFPB estimates that, as a result of the rule, financial institutions’ compliance expenses will decrease by approximately $17 million annually.2
Continue Reading Consumer Financial Protection Bureau Issues Final Rule Regarding Online Annual Consumer Privacy Notices

The Children’s Online Privacy Protection Act (COPPA) prohibits companies from collecting personal information from children under the age of 13 without first providing notice to parents and obtaining their verifiable consent. The Federal Trade Commission’s (FTC) recent settlements with Yelp and TinyCo serve as a reminder to mobile app developers that the failure to consider COPPA when developing and testing mobile apps can have serious consequences.
Continue Reading COPPA Looms Large for Mobile Apps

Online interest-based advertising, sometimes called behavioral advertising, is big business. Advertisers—and the technology companies that make this business possible—use information collected from a particular computer or device, over time and across others’ websites, to predict preferences and target and display advertising that is most likely to interest the user.

With encouragement from the Federal Trade Commission,1 online advertising industry organizations adopted a set of “Self-Regulatory Principles for Online Behavioral Advertising (OBA Principles),”2 which apply to members of those organizations: the ad networks, advertising agencies, service providers, and web publishers that engage in or facilitate the collection of online user data across websites for purposes of interest-based advertising. The Better Business Bureau (BBB) enforces the OBA Principles through its Online Interest-Based Advertising Accountability Program (Accountability Program). Recent action by the BBB reflects its commitment to vigorously enforce the OBA Principles.
Continue Reading Better Business Bureau Keeps Promise of Vigorous Enforcement of Online Interest-Based Advertising Accountability Program