On February 26, 2024, the National Institute of Standards and Technology (NIST) released the long-awaited second version of the Cybersecurity Framework (CSF). Dubbed “CSF 2.0,” it contains a few significant changes...more
On March 9, 2022, the Securities and Exchange Commission announced that it proposed rules that would expressly mandate cybersecurity disclosures by public companies. The rules would require disclosure of material...more
Federal Trade Commission (FTC) staff published a blog post that highlights increased cybersecurity threats and emphasizes the key role corporate boards play in a successful cybersecurity program: “Corporate boards: don’t...more
On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott as a result of its acquisition of Starwood and the subsequent...more
Recently, the en banc Federal Circuit held that a determination by the Patent Trial and Appeal Board (PTAB) on whether a petitioner is time-barred from challenging a patent in an inter partes review (IPR) is judicially...more
On August 17, 2017, Governor John Carney signed into law bi-partisan legislation that increases cybersecurity protections for Delaware residents whose personal information may be compromised as a result of a data breach....more
The window for Department of Defense (DoD) contractors to bring themselves into compliance with cybersecurity requirements is closing. Specifically, changes to the Defense Federal Acquisition Regulation Supplement (DFARS)...more
Effective January 19, 2017, companies awarded federal government contracts will be required to ensure that their employees receive annual privacy training if those employees (1) handle personally identifiable information...more
The Federal Communication Commission's Bureau of Public Safety and Homeland Security has released a Notice of Inquiry ("NOI") seeking information on the best ways to secure the next generation of wireless technology, known as...more
The recent massive distributed denial of service (DDoS) attack that caused major internet outages was led by an army of security cameras, digital video recorders, and other Internet of Things ("IoT") devices that had been...more
Recently, in the midst of an M&A transaction involving Verizon and Yahoo!, news broke of a Yahoo! cybersecurity breach that had occurred approximately two years earlier. This event raised a lot of speculation around what...more
On July 29, 2016, the Federal Trade Commission (FTC or Commission) announced its long-awaited decision in its LabMD enforcement action. The Commissioners reversed the decision of an Administrative Law Judge (ALJ) and held...more
8/5/2016
/ Administrative Law Judge (ALJ) ,
Covered Entities ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LabMD ,
Likelihood of Harm ,
Popular ,
Section 5 ,
Unfair or Deceptive Trade Practices
On June 22, the Federal Trade Commission ("FTC") announced that it would settle its first-ever enforcement action against a mobile advertising company, InMobi. InMobi agreed, subject to court approval of the settlement, to...more
On April 26, 2016, Verizon published its ninth annual Data Breach Investigations Report ("DBIR"), which looks at breach trends, common vulnerabilities, and categories of security incidents that affected organizations in 82...more
The Federal Communications Commission has proposed rules requiring all participants in the nation's emergency alert system ("EAS") to implement certain cybersecurity risk management practices. The proposed rules could apply...more
On October 30, 2015, the Department of Defense ("DoD") issued a new rule, Requirements Relating to Supply Chain Risk, requiring its agencies to evaluate cybersecurity risks when considering contractors who provide Information...more
On September 1, 2015, the Digital Advertising Alliance ("DAA") began enforcing the application of its Self-Regulatory Principles for Online Behavioral Advertising and Multi-Site Data (the "OBA Principles", the "MSD...more
9/15/2015
/ Advertising ,
Behavioral Advertising ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Digital Advertising Alliance ,
Direct Marketing Association ,
Geolocation ,
Mobile Apps ,
Online Advertisements ,
Popular ,
Prior Express Consent ,
Self-Regulatory Organizations ,
Transparency
The Federal Trade Commission (FTC) has brought over 50 cases against companies that put consumer data at unreasonable risk. On June 30, 2015, the FTC released a guide titled Start with Security that summarizes 10 lessons the...more
California S.B. 568, titled "Privacy Rights for California Minors in the Digital World," (the "Privacy Law") took effect January 1, 2015. The new Privacy Law includes a provision known as the "Eraser Law" that gives...more
1/6/2015
/ Advertising ,
COPPA ,
Marketing ,
Minor Eraser Law ,
Minors ,
Mobile Privacy ,
New Legislation ,
Notice Requirements ,
Online Platforms ,
Popular ,
Privacy Laws ,
Social Media ,
Social Networks ,
Websites
In its August 1st report entitled "What's the Deal — An FTC Study on Mobile Shopping Apps," the FTC provides guidance on various disclosures that should be made by mobile apps along with reinforcing a number of prior...more