In recent months, a series of U.S. government reports have documented U.S. policymakers’ growing concerns over Chinese government policies and programs designed to advance China’s competitive edge in a range of technologies and industries. In turn, the findings of these reports are shaping U.S. economic and national security laws and policies, as illustrated by the recent Section 301 tariff actions, national security reviews of investment by Chinese firms under the Committee on Foreign Investment in the United States (CFIUS) process, and provisions of the recently-passed John McCain National Defense Authorization Act that restrict exports of “emerging and foundational technologies” and U.S. government use of certain Chinese-made telecommunications equipment. Against this background, a report released on October 26, 2018, is likely to further increase U.S. government scrutiny of China-manufactured devices with internet connectivity features – so-called “Internet of Things” or “IoT” devices.
Category: Cybersecurity
Security Recommendations for Mobile Health Apps
Expanded use of Electronic Health Records (EHRs) is an integral component of the ongoing modernization of the U.S. health care system through digitalization. Among the anticipated advantages of using EHRs are improvements in patient care (e.g., through faster access to relevant information and consequently improved care coordination), increased patient engagement, as well as reduction of medical errors and cost savings. On the other hand, implementing EHRs in a sustainable and legally compliant way requires upfront investment in hardware, software, training, workflow restructuring, as well as management of risks unique to electronic records, such as vulnerability to malicious interference. When EHRs are combined with mobile platforms, the cybersecurity risks multiply. Addressing this latest challenge can be daunting, both for medical practices and EHR product providers.
Continue reading “Security Recommendations for Mobile Health Apps”
Cybersecurity Responsibilities of a Plan Sponsor
Plan sponsors of retirement plans handle a lot personal participant data, but many are unaware of their fiduciary duties in the context of cybersecurity. If a retirement plan suffers a cyberattack, plan assets could be diverted and misused. Under the Employee Retirement Income Security Act (ERISA), the plan sponsor could be held liable for a fiduciary breach for failure to satisfy a duty of loyalty and to act prudently.
Continue reading “Cybersecurity Responsibilities of a Plan Sponsor”
India Releases Draft Personal Data Protection Regulation
India has released the much-anticipated first draft of the Personal Data Protection Bill, 2018, the country’s first comprehensive data protection regulation. The proposed bill is currently under review by India’s Ministry of Electronics and Information Technology and will likely be introduced in Parliament this year.
Continue reading “India Releases Draft Personal Data Protection Regulation”
New Biometrics and Geolocation Legislation Proposed in U.S. Senate, More States Consider Similar Laws
Technology that determines an individual’s identity or location has been the subject of significant media attention in the first half of 2018: Amazon made news with the sale of its facial recognition technology to law enforcement, the U.S. Supreme Court ruled that the government generally must obtain a warrant to access certain types of geolocation information, California arrested the Golden State Killer using the DNA information of a relative, and Facebook came under fire for the way in which Cambridge Analytica accessed the data of tens of millions of users. Garnering less attention, but of no less importance, are the legislative efforts underway in the federal government and in many states to regulate these emerging technologies and limit the ways in which this information can be collected.
FTC Opens Comment Period in Preparation for Competition and Consumer Protection in the 21st Century Hearings
The Federal Trade Commission has opened up public comments for their upcoming Hearings on Competition and Consumer Protection in the 21st Century.
The hearings will take place during the fall and winter 2018 and will examine “whether broad-based changes in the economy, evolving business practices, new technologies, or international developments might require adjustments to competition and consumer protection enforcement law, enforcement priorities, and policy,” according to the FTC website. FTC Chairman Joe Simons said in a statement that the hearings are modeled after former Chairman Bob Pitofsky’s 1995 Global Competition and Innovation Hearings, which at the time “re-energized one of the FTC’s most valuable functions – to gather leaders in business, economics, law, and related disciplines to discuss tough, emerging problems and prepare public reports on the facts, issues, governing law, and the need, as appropriate, for change.”