Privacy laws continue to proliferate both across U.S. states and at the international level, making it imperative for businesses to implement strong and adaptive data governance programs. In the latest episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss and guests Mary Devlin Capizzi and Peter Blenkinsop look back on the evolution of privacy laws over the last 20 years, evaluate the impact of recent laws and how they may shape the future of privacy regulations, and provide some helpful guidance for companies working to stay on top of this evolving regulatory landscape.
Category: Cybersecurity
Buyer Beware: The Internet of Things Comes Under New Cyber Attack from Multiple Fronts
It is estimated that by the end of 2020, there will be more than 50,000,000,000 (yes, billion) connected devices that are part of the Internet of Things (IoT). This is a five million percent increase in IoT devices over the last 20 years. Most of these devices are designed and manufactured for use in homes and vehicles or are wearable devices. These devices include everything from home security cameras to baby monitors, thermostats, car ignition starters, smart watches and even medical devices, such as pacemakers. There are literally thousands of different types of IoT devices that integrate into almost every aspect of your home and work life.
Cyber Attackers Threaten COVID-19 Vaccine Distribution Chain
As COVID-19 vaccine approvals and eventual distribution kicks into high gear, there has been a corresponding – and not particularly surprising – increase in cyber threat activity targeting both vaccine producers and other companies involved in the vaccine distribution chain. Most notably, “cold chain” companies responsible for safely storing and transporting the vaccines have been targeted. The problem has become so severe that both the Federal Bureau of Investigation (FBI) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently issued a joint security alert on December 3, 2020 highlighting the risk to the coronavirus vaccine distribution chain.
Continue reading “Cyber Attackers Threaten COVID-19 Vaccine Distribution Chain”
Faegre Drinker on Law and Technology Podcast: Exploring the New York SHIELD Act
The New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act updated and expanded the state’s data breach notification requirements and introduced new and broad privacy and cybersecurity requirements that exceed those imposed by most other states around the country. In the latest episode of the Faegre Drinker on Law and Technology Podcast, Jason G. Weiss sits down with Peter Baldwin for insight into a number of questions regarding this sweeping new law.
Continue reading “Faegre Drinker on Law and Technology Podcast: Exploring the New York SHIELD Act”
FTC Settlement with Zoom Concerning Alleged Data-Security Lapses
On November 9, 2020, the United States Federal Trade Commission (FTC) announced that it had entered into a consent agreement, subject to final approval, with videoconferencing company Zoom Video Communications, Inc. (Zoom). The consent agreement settles allegations that Zoom engaged in a series of deceptive and unfair practices that undermined the security of its users. The Commission voted 3–2 to accept the settlement, with Commissioners Chopra and Slaughter voting no and issuing dissenting statements asserting that the FTC’s action did not go far enough.
While the FTC generally does not identify what triggers a law enforcement action, there have been many news articles and a number of class actions filed in connection with Zoom’s data-security practices over the past six months that likely led to this action.
Continue reading “FTC Settlement with Zoom Concerning Alleged Data-Security Lapses”
European Data Protection Board Issues New Recommendations for International Data Transfers: Essential Guarantees, Supplemental Measures, and False Warrant Canaries
A pair of highly anticipated guidance documents outline the European Data Protection Board’s (EDPB) expectations for organizations transferring data out of the EU. While the detailed process for evaluating data transfers brings welcomed guidance and clarity, some aspects of the EDPB’s framework present significant obstacles for those working with non-EU service providers or moving data for routine business purposes.
For the full alert, visit the Faegre Drinker website.