The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Data Privacy

  • From Vol. 3 No.7 (Apr. 5, 2017)

    A Discussion With Ireland’s Data Protection Commissioner Helen Dixon About GDPR Compliance Strategies (Part Two of Two)

    The E.U.’s General Data Protection Regulation, a sweeping law with harsh fines, is set to take effect in May 2018. Ireland, the European home of many large multinationals, is expected to be at the center of enforcement. We spoke to Helen Dixon, Ireland’s Data Protection Commissioner, about the upcoming changes and how companies can prepare for them. In this second article in our series, she discusses compliance with the non-harmonized areas of the GDPR, the GDPR's enforcement structure, enforcement challenges for the data protection authorities, and answers criticism of the law's penalties. The first article in the series contained her views on the most challenging compliance issues for companies, strategies to get buy-in from the C-suite for compliance resources and successful compliance models she has seen. See also “Getting to Know the DPO and Adapting Corporate Structure to Comply With the GDPR (Part One of Two)” (Jan. 25, 2017); Part Two (Feb. 8, 2017).

    Read Full Article …
  • From Vol. 3 No.6 (Mar. 22, 2017)

    A Discussion With Ireland’s Data Protection Commissioner Helen Dixon About GDPR Compliance Strategies (Part One of Two)

    With the effective date of the GDPR fast approaching, Ireland – the site of the European headquarters of tech giants like Apple, Google and Facebook – is at the forefront of data protection and privacy enforcement. Leading the effort is Helen Dixon, Ireland’s Data Protection Commissioner. We spoke to Commissioner Dixon about the “game-changing” nature of the GDPR. This first part of our two-part series includes her views on the most challenging compliance issues for companies, strategies to get buy-in from the C-suite for compliance resources (including the threat of the heavy fines the Commissioner can levy), and successful compliance models she has seen. See also “Getting to Know the DPO and Adapting Corporate Structure to Comply With the GDPR (Part One of Two)” (Jan. 25, 2017); Part Two (Feb. 8, 2017).

    Read Full Article …
  • From Vol. 3 No.3 (Feb. 8, 2017)

    Getting to Know the DPO and How to Adapt Corporate Structure to Comply With GDPR Requirements for the Role (Part Two of Two)

    The GDPR introduces the statutory position of the Data Protection Officer, who will have a key role in ensuring compliance with the regulation. But where and how does the DPO position function within the company? In this second installment in our two-part article series on the role, DPOs and counsel from around the world discuss how the DPO best fits in the corporate structure, and offer considerations for determining whether the role should be fulfilled internally or externally and five steps companies can proactively take to ensure they are prepared to comply with the GDPR’s DPO requirements. Part one examined when appointing a DPO is mandatory, how to select a DPO, and the requisite skillsets and responsibilities of the role, including the difference between the DPO and other privacy compliance roles. See also “Navigating the Early Months of Privacy Shield Certification Amidst Uncertainty” (Nov. 2, 2016).

    Read Full Article …
  • From Vol. 3 No.2 (Jan. 25, 2017)

    Getting to Know the DPO and Adapting Corporate Structure to Comply With the GDPR (Part One of Two)

    Looking toward the GDPR’s May 25, 2018 implementation date, many organizations preparing for compliance are focused on the DPO role. While the position is not novel, the GDPR introduces new requirements. We spoke with experienced DPOs and counsel from around the world to clarify and shed light on the GDPR provisions and recent Article 29 Working Party guidelines relevant to the DPO role. This first part of our two-part series on the topic examines when appointing a DPO is mandatory, how to select a DPO, and the requisite skillsets and responsibilities of the role, including the difference between the DPO and other privacy compliance roles. Part two will discuss how the DPO best fits in the corporate structure, how to manage the budget for this role and steps companies can proactively take to ensure they are prepared to comply with the GDPR’s DPO requirements. See also “Navigating the Early Months of Privacy Shield Certification Amidst Uncertainty” (Nov. 2, 2016).

    Read Full Article …
  • From Vol. 3 No.2 (Jan. 25, 2017)

    FTC Data Security Enforcement Year-In-Review: Do We Know What “Reasonable” Security Is Yet?

    In 2016 alone, more than 35 million records were reported as compromised in more than 980 data breaches, which made consumers wary of trusting companies to handle their data. This leaves companies wondering what they can do to amplify their data security practices to help avoid consumer distrust and the scrutiny of regulators. The FTC expects “reasonable” security, but what does that mean? In this guest article, Kelley Drye & Warren attorneys Alysa Z. Hutnik and Crystal N. Skelton shed light on the answer to this question by detailing illustrative data security enforcement actions over the past year and the security practices the agency has indicated should be implemented as well as those it has warned should be avoided. See also “FTC Priorities for 2017 and Beyond” (Jan. 11, 2017).

    Read Full Article …
  • From Vol. 3 No.1 (Jan. 11, 2017)

    Privacy, Security Risks and Applicable Regulatory Regimes of Smart TVs

    Technology often outpaces regulation. Connected devices such as smart TVs are no exception. Like other devices in the growing Internet of Things, smart TVs provide a variety of conveniences and content options to their users, along with a range of serious data privacy and security risks, and regulators are struggling to keep pace with developments. In a recent WilmerHale program, attorneys D. Reed Freeman and Sol Eppel discussed the FTC’s December 2016 workshop, and detailed the regulatory and legal regimes that may affect smart TV manufacturers, providers and users. See also “New NIST and DHS IoT Guidance Signal Regulatory Growth” (Nov. 30, 2016).

    Read Full Article …
  • From Vol. 2 No.25 (Dec. 14, 2016)

    Advice From Compliance Officers on Getting the C-Suite to Show You the Money for Your Data Privacy Program

    The end of the year is often when companies evaluate their budgets, and it is a crucial time to make sure the CEO is educated about data privacy legislation and its potential repercussions. So, how can privacy officers best advocate for system-wide buy-in and budget support of their data privacy programs? At a recent panel at IAPP’s Practical Privacy Series 2016 conference, compliance leaders from Shire, CBRE and InterSystems discussed their three different operational approaches and practical tactics for making sure the compliance office has the tools and the budget it needs to comply with dynamic global data privacy regulations, including the GDPR. See also “Privacy Leaders Share Key Considerations for Incorporating a Privacy Policy in the Corporate Culture” (Oct. 19, 2016).

    Read Full Article …
  • From Vol. 2 No.21 (Oct. 19, 2016)

    Privacy Leaders Share Key Considerations for Incorporating a Privacy Policy in the Corporate Culture 

    For in-house privacy counsel, building a cohesive privacy program means leading the company, its employees and its vendors through regulatory landmines. While there is no one-size-fits-all approach, there are certain privacy program essentials applicable to most organizations, regardless of size or industry. At the recent Women, Influence and Power in Law Conference, Megan Duffy, founder of Summit Privacy and former privacy counsel at Snapchat, Inc., Tori Silas, senior counsel and privacy officer of Cox Enterprises, Inc. and Zuzana Ikels, principal at Polsinelli, shared advice on how the legal department can create and implement a strong privacy program, from initial considerations to key components. See also “Designing Privacy Policies for Products and Devices in the Internet of Things“ (Apr. 27, 2016).

    Read Full Article …
  • From Vol. 2 No.18 (Sep. 7, 2016)

    Understanding Data Privacy and Cybersecurity in China (Part One of Two)

    The Chinese National People’s Congress is currently considering a new cybersecurity law that could have a far-reaching impact on data management in China. While the legislation is not yet in effect, it highlights the need for companies to familiarize themselves with China’s varied data privacy and cybersecurity laws as they currently are, and how they may change in the near future. The first part of this two-part series provides insight from practitioners in China explaining the various sources of law governing data management in China and the types of information that are covered by the law. In the second part, we will explore practical implications of these laws with regard to employee relations, particularly during internal investigations and due diligence. See “Understanding the Far-Reaching Impact of Chinese State Secrets Laws on Data Flow” (Jul. 6, 2016) and “Six State Secrets and Data Privacy Considerations in Chinese Internal Investigations” (Aug. 3, 2016).   

    Read Full Article …
  • From Vol. 2 No.16 (Aug. 3, 2016)

    Is Pokémon Go Pushing the Bounds of Mobile App Privacy and Security?

    The popularity of the new app Pokémon Go, an augmented reality game in which players use their mobile devices to catch Pokémon characters in real-life locations, continues to grow despite security and privacy concerns. Intelligence firm Sensor Tower estimates the game has been downloaded 75 million times. The game’s success brings to light a number of privacy issues generally tied to the collection, storage and sharing of user information by mobile apps, as well as users’ control of those actions and the app’s disclosure practices. Justine Gottshall, a partner at InfoLawGroup, and Shook, Hardy & Bacon attorney Eric Boos recently spoke with The Cybersecurity Law Report about these issues as well as the recently filed lawsuit alleging that the Pokémon Go terms of service and privacy policy are deceptive and unfair. See “Legal and Regulatory Expectations for Mobile Device Privacy and Security” Part One (Feb. 3, 2016); Part Two (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.16 (Aug. 3, 2016)

    Six State Secrets and Data Privacy Considerations in Chinese Internal Investigations 

    China’s state secrets law is the source of much angst for lawyers. While the concept of protecting state secrets is straightforward – and common to most countries – the breadth and ambiguity of China’s law, and the inconsistent way it is enforced, create unique data privacy challenges for companies operating in the PRC, especially when they are conducting internal investigations that require data to be transferred out of the country. This article, drawing on interviews with a number of attorneys practicing law on the ground in Asia, details six key considerations related to the state secrets laws for companies formulating sensible investigation strategies in China. For our companion article, see “Understanding the Far-Reaching Impact of Chinese State Secrets Laws on Data Flow” (Jul. 6, 2016). 

    Read Full Article …
  • From Vol. 2 No.15 (Jul. 20, 2016)

    Key Requirements of the Newly Approved Privacy Shield

    The European Union formally adopted the long-awaited Privacy Shield last week, which replaces the Safe Harbor framework as a mechanism to comply with E.U. data protection requirements for the E.U.-U.S. transfer of personal data. Companies can begin to self-certify compliance with the framework on August 1, 2016. “Companies cannot take the Privacy Shield lightly. It’s a much more detailed framework with more accountability” than Safe Harbor, Sidley Austin senior counsel Cam Kerry told The Cybersecurity Law Report. We review the Privacy Shield’s background, its key requirements and examine whether, when and how to join. See also “Deal Struck to Maintain the Transatlantic Data Flow” (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.11 (May 25, 2016)

    Do You Know Where Your Employees Are? Tackling the Privacy and Security Challenges of Remote Working Arrangements

    The growing number of individuals working remotely, telecommuting or traveling with increasing frequency has challenged the traditional business cybersecurity model. With the advent of new technologies that support remote working arrangements, the secure, clearly defined perimeter many organizations once enjoyed has become a bit less distinct. The Cybersecurity Law Report spoke to Heather Egan Sussman, a privacy and data security partner at Ropes & Gray, about the privacy and security implications for employees working remotely, both in the U.S. and abroad, and proactive measures companies can take to ensure proper protections are in place and that they are compliant with the relevant laws. See also “How to Reduce the Cybersecurity Risks of Bring Your Own Device Policies”: Part One (Oct. 14, 2015); Part Two (Nov. 11, 2015).

    Read Full Article …
  • From Vol. 2 No.11 (May 25, 2016)

    Foreign Attorneys Share Insight on Data Privacy and Privilege in Multinational Investigations

    Regulatory investigations spanning borders are proliferating and subject companies must manage competing requests and competing legal regimes. At the recent White Collar Crime Institute presented by the New York City Bar Association, a panel of foreign lawyers delved into the challenges faced by counsel confronting multinational regulatory actions, including coordinating requests from multiple jurisdictions, preserving attorney-client privilege, conducting witness interviews and navigating data privacy laws. The panel featured attorneys based in London, Geneva, Hong Kong and Sao Paulo. See also “Prosecuting Borderless Cyber Crime Through Proactive Law Enforcement and Private Sector Cooperation” (Mar. 2, 2016).

    Read Full Article …
  • From Vol. 2 No.10 (May 11, 2016)

    Privacy Concerns in a Cashless Society

    How will individual privacy hold up in a cashless society? As payment technology brings us closer to a world where cash is scarce, concerns about how non-cash payments can be tracked, and how secure they are, proliferate. The Cybersecurity Law Report spoke to Christoph Tutsch, founder and CEO of ONPEX, a Munich-based online payment exchange, and David Navetta, a partner and U.S. co-chair of Norton Rose Fulbright’s data protection, privacy and cybersecurity practice group, about what privacy would look like in a cashless society, and how the government might be the key to a more secure system. See also “How Companies Are Preparing for the Imminent Liability Shift for Counterfeit Credit Cards” (Jun. 3, 2015).

    Read Full Article …
  • From Vol. 2 No.9 (Apr. 27, 2016)

    Designing Privacy Policies for Products and Devices in the Internet of Things

    The connectivity of common devices, from watches to refrigerators, brings with it multiplying privacy challenges. Traditional ways of explaining privacy choices do not always work in this space, and manufacturers, consumers and regulators are struggling to find balance between privacy and convenience. Dana Rosenfeld and Crystal Skelton, Kelley Drye & Warren partner and associate, respectively, talked to The Cybersecurity Law Report about challenges and solutions for designing the Internet of Things for privacy. See also “Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things” (May 20, 2015).

    Read Full Article …
  • From Vol. 2 No.8 (Apr. 13, 2016)

    Study Analyzes How Companies Can Overcome Cybersecurity Challenges and Create Business Value

    Many executives tasked with combatting cybersecurity threats lack necessary awareness and readiness, according to a survey commissioned by security firm Tanium and the NASDAQ. The Accountability Gap: Cybersecurity & Building a Culture of Responsibility (the Survey Report) includes findings of an extensive study involving 1,530 non-executive directors, CEOs, CISOs and CIOs of major corporations around the globe. Using information from a combination of one-on-one interviews and a quantitative survey, the Survey Report highlighted seven key cybersecurity challenges facing boards and executives and provided actionable advice in these areas. We examine these findings, with input from Lance Hayden, managing director of Berkley Research Group, and author of People-Centric Security. See also “Protecting the Crown Jewels Using People, Processes and Technology” (Sep. 30, 2015).

    Read Full Article …
  • From Vol. 2 No.7 (Mar. 30, 2016)

    How Law Firms Should Strengthen Cybersecurity to Protect Themselves and Their Clients

    Law firms store a wealth of sensitive and confidential information electronically, making them prime targets for hackers. Not only does weak data security affect business development and client retention for firms, but can result in legal and ethical violations as well. How can firms meet clients' increasing data expectations? How can clients determine how robust their current and potential firms’ systems are? What mistakes are law firms making? John Simek, vice president and co-founder of cybersecurity and digital forensics firm Sensei Enterprises, Inc., answered these and other questions about law firm data security in a conversation with The Cybersecurity Law Report. See also “Sample Questions for Companies to Ask to Assess Their Law Firms’ Cybersecurity Environment” (Jun. 17, 2015).

    Read Full Article …
  • From Vol. 2 No.7 (Mar. 30, 2016)

    Steps for Companies to Take This Week, This Month and This Year to Meet the Challenges of International Cyberspace Governance

    The borderless nature of cyberspace demands adequate global security and governance, and companies must protect their data across jurisdictions. At the recent 2016 RSA Conference, experts explored the challenges of global cybersecurity and governance; identified key efforts to address these issues; provided nine practical steps companies should be taking now to protect themselves; and examined the cybersecurity laws of 13 countries. The panel featured Alan Charles Raul, a Sidley Austin partner; John Smith, Raytheon vice president, legal, cybersecurity and privacy; and Michael Sulmeyer, director of the Cyber Security Project at Harvard Kennedy School’s Belfer Center. See also “Deal Struck to Maintain the Transatlantic Data Flow” (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.6 (Mar. 16, 2016)

    CSIS’ James Lewis Discusses Balancing Law Enforcement and Privacy

    “Surveillance to keep me safe from crime and terrorism is bad, but surveillance to sell me deodorant is good?” James Lewis, director and senior fellow at the Center for Strategic and International Studies, and author of Securing Cyberspace for the 44th Presidency, posed this and other questions in a conversation with The Cybersecurity Law Report about the tension between law enforcement and privacy concerns. He also shared his candid and colorful views on, among other things, the ongoing dispute about law enforcement’s access to the San Bernardino shooter’s iPhone, and how the public and private sectors can coordinate cybersecurity efforts. See also “White House Lays Out Its Broad Cybersecurity Initiatives” (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.5 (Mar. 2, 2016)

    Implementing a Privacy by Design Program to Protect Corporate and Consumer Information

    One way for companies to integrate their internal and external commitment to data protection and privacy is by implementing a “privacy by design” mechanism, Sachin Kothari, director of online privacy and compliance at AT&T, Inc., explained during a recent ALM cyberSecure Conference. Kothari highlighted specific steps companies can take to effectively integrate such a program into their corporate governance structures. He was joined by Andrea Arias, an attorney in the Division of Privacy and Identity Protection at the FTC and Chaim Levin, chief U.S. legal officer at Tradition Group. This article examines Levin and Kothari’s insights on data security and privacy governance and best practices to meet the potentially competing demands of in-house, consumer and regulatory cybersecurity expectations. A future article will address Arias’ perspective on recent FTC guidance and cyber enforcement actions. See also “Coordinating Legal and Security Teams in the Current Cybersecurity Landscape (Part One of Two)” (Jul. 1, 2015); Part Two (Jul. 15, 2015).

    Read Full Article …
  • From Vol. 2 No.4 (Feb. 17, 2016)

    HIPAA Privacy Rule Permits Disclosures to Firearm Background Check System

    The current firearm background check system just became a little stronger thanks to the Department of Health and Human Services. The Department issued a Final Rule amending the HIPAA Privacy Rule to allow certain covered entities to disclose PHI about individuals prohibited from possessing or receiving firearms to the National Instant Background Check System without the individual’s prior consent. Lynn Sessions, a BakerHostetler partner, spoke with The Cybersecurity Law Report about the Final Rule, its implications and processes covered entities should put in place to mitigate risk. The Final Rule became effective February 6, 2016. See also “Year-End HIPAA Settlements May Signal More Aggressive Enforcement by HHS” (Dec. 9, 2015).

    Read Full Article …
  • From Vol. 2 No.3 (Feb. 3, 2016)

    The FTC’s Big Data Report Helps Companies Maximize Benefits While Staying Compliant

    Recognizing the benefits of “big data” and its widespread use, on January 6, 2016, the FTC issued a staff report on best practices for companies to minimize risks of that use, including the potential for discrimination against certain populations. The report, Big Data: A Tool For Inclusion or Exclusion? Understanding the Issues, addresses applicable laws and policy considerations and provides a series of questions to help companies become and remain compliant. See also “The FTC Asserts Its Jurisdiction and Provides Ten Steps to Enhance Cybersecurity” (Jul. 15, 2015).

    Read Full Article …
  • From Vol. 2 No.2 (Jan. 20, 2016)

    The E.U.’s New Rules: Latham & Watkins Partner Gail Crawford Discusses the Network Information Security Directive and the General Data Protection Regulation

    December was a busy month in Europe for data security and breach reporting with representatives of the European Parliament, Council and Commission agreeing to a sweeping new data protection regulation, the General Data Protection Regulation (GDPR) in the “trilogue” process. The GDPR toughens European data privacy law, already at odds with U.S. privacy law, by issuing heavier fines for non-compliance and by imposing more stringent obligations for both data controllers and processors. It also expands the territorial scope to apply to any company processing data in the E.U. and companies outside the E.U. who offer goods and services to, or monitor the behavior of, E.U. residents. European Justice Commissioner Vera Jourova said that E.U. citizens and businesses “will profit from [these] clear rules that are fit for the digital age,” but many companies claim that the new law is less clear than originally hoped. The trilogue also announced its agreement on the proposed Network Information Security Directive, which is aimed at improving cybersecurity capabilities and mandating breach reporting in certain sectors. Latham & Watkins partner Gail Crawford explains the key points of each of these legal developments and what they mean for companies. See also “Seeking Solutions to Cross-Border Data Realities” (Aug. 26, 2015).

    Read Full Article …
  • From Vol. 1 No.16 (Nov. 11, 2015)

    California Law Enforcement Faces Higher Bar in Acquiring Electronic Information

    California, looked to as a leader in privacy protections as well as breach notification requirements, has passed the California Electronic Communications Privacy Act (CalECPA), a new law that raises the bar for state law enforcement seeking electronic information.  Aravind Swaminathan and Marc Shapiro, Orrick partner and associate, respectively, told The Cybersecurity Law Report what CalECPA – which requires state law enforcement officials to secure a warrant before they can access electronic information – means for companies and individuals.  See also “Orrick Attorneys Explain California’s New Specific Standards for Breach Notification,” The Cybersecurity Law Report, Vol. 1, No. 15 (October 28, 2015).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    Federal Courts Offer a Modern Interpretation of the VHS-Era Video Privacy Protection Act

    When does the 1988 Video Privacy Protection Act, which limits what companies can do with personal information about video consumption, apply to companies that post videos online?  The Eleventh Circuit and a New York district court recently dismissed complaints challenging the VPPA – passed in 1988 and designed to protect the privacy of individuals’ VHS rental preferences – narrowing the scope of the Act in the process.  Ellis v. The Cartoon Network, Inc. (11th Cir. Oct. 9, 2015) and Robinson v. Disney Online (S.D.N.Y. Oct. 20, 2015) both dealt with free smartphone apps, and questions regarding who is a “subscriber” and what “personally identifiable information” means under the statute.  Simon J. Frankel, a partner at Covington & Burling, told The Cybersecurity Law Report that “courts are really struggling with how the statute, not written for this context, applies in this context and [they are] trying to draw where the limits are.”  See also “The Tension Between Interest-Based Advertising and Data Privacy,” The Cybersecurity Law Report, Vol. 1, No. 12 (Sep. 16, 2015).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    MasterCard and U.S. Bancorp Execs Share Tips for Awareness and Prevention of Mushrooming Cyber Risk (Part Two of Two)

    With threat vectors increasing at least as rapidly as new technology, companies need to be well-versed in how to recognize and prevent cyber attacks.  In the second installment of our coverage of PLI’s recent Cybersecurity 2015: Managing the Risk program, two top-level executives and leaders in cybersecurity, Jenny Menna, U.S. Bank’s cybersecurity partnership executive, and Greg Temm, vice president for information security and cyber intelligence at MasterCard, tackle mitigating cyber risk.  They discuss, among other things: information sharing efforts; eight important components of an information technology ecosystem; and how to prevent cyber attacks at home and in the office.  In the first article in the series, they addressed the current cyber landscape, prevalent threats, and responses to those threats that are being implemented by the government, regulators and private companies.  See also “Weil Gotshal Attorneys Advise on Key Ways to Anticipate and Counter Cyber Threats,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.14 (Oct. 14, 2015)

    Dangerous Harbor: Analyzing the European Court of Justice Ruling

    An Austrian graduate student’s lawsuit against Facebook has resulted in the invalidation of a 15-year old data privacy treaty relied upon by thousands of multi-national companies.  On October 6, 2015, the Court of Justice of the European Union (ECJ), the highest court in the E.U., held that the Safe Harbor framework that allowed companies to transfer personal data from the E.U. to the U.S., including data for cross-border investigations and discovery, is invalid.  The ECJ found that the U.S. does not ensure adequate protection for personal data, primarily because of the access rights that the ECJ said U.S. agencies have.  Although the ruling is immediate, the “sky is not falling,” said Harriet Pearson, a partner at Hogan Lovells.  On October 16, 2015, a group of E.U. member state privacy regulators, the Article 29 Working Party, called for renewed negotiations on a treaty and recommended interim actions for companies.  There will need to be a “transition to a more complex and perhaps a more work-intensive compliance strategy than Safe Harbor had previously afforded companies,” Pearson said.  See also “ECJ Hearing on Safe Harbor Challenges How U.S. Companies Handle European Data,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 1 No.12 (Sep. 16, 2015)

    The Tension Between Interest-Based Advertising and Data Privacy

    How can companies employ interest-based online advertising – targeting the exact consumers they covet – without running afoul of data privacy laws?  During a recent panel at PLI’s Sixteenth Annual Institute on Privacy and Data Security Law, Julia Horwitz, coordinator of the Electronic Privacy Information Center’s Open Government Program and Noga Rosenthal, general counsel and vice president for compliance and policy for the Network Advertising Initiative, offered their perspectives on the current interest-based advertising (IBA) climate.  The panelists discussed the evolution of IBA, potential privacy pitfalls and how companies are self-regulating.

    Read Full Article …
  • From Vol. 1 No.4 (May 20, 2015)

    Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things

    The Internet of Things – physical objects with Internet connectivity – provides conveniences and efficiencies for consumers and companies but also security and privacy challenges.  In this interview with The Cybersecurity Law Report, Ed McNicholas, a partner at Sidley Austin and co-chair of the firm’s privacy, data security and information law practice, discusses how companies should address privacy notification with connected devices, the consent issues and cybersecurity threats presented by the Internet of Things, and the movement toward a personalized Internet.

    Read Full Article …