Zoom’s video communications platform service and its data privacy issues and security vulnerabilities have been a very hot topic of late, covered by numerous media outlets and in our recent Password Protected post. Due in part to the COVID-19 pandemic and resulting “stay-at-home” orders, as well as Zoom’s user-friendly set up and ability for large numbers of people to join a meeting for free, Zoom use has grown exponentially, from 10 million daily meeting participants pre-pandemic, to over 300 million daily meeting participants in April 2020. In an April 23, 2020 executive letter, Zoom touted use of its platform by over 100,000 schools and universities, U.S. and foreign governments, and numerous companies, including many Fortune 500 companies, located in over 226 countries and territories around the world.
Continue Reading Are We (Finally) Ready to Zoom?
Privacy vs. Containment, Part 2: The Democratic Answer to a Framework for Federal Privacy Legislation on COVID-19
Two weeks ago we wrote about proposed legislation, The COVID-19 Consumer Data Protection Act of 2020 (“CCDPA”), introduced by a group of senior Republican senators, which was designed to address privacy issues arising in the wake of the COVID-19 pandemic. In response, senior Democratic members of the Senate and House of Representatives introduced their own framework for protecting the privacy of individuals in light of the development of tools for tracking and containing the spread of the virus.
The Public Health Emergency Privacy Act
Senators Richard Blumenthal (D-CT) (Ranking Member of the Senate Commerce Committee’s Manufacturing, Trade and Consumer Protection Subcommittee) and Mark Warner (D-VA) (Vice Chairman of the Senate Intelligence Committee) lead a bicameral group of 10 lawmakers on a Democratic version of federal consumer privacy legislation as it relates to the coronavirus pandemic. The Public Health Emergency Privacy Act (the “PHEPA”), introduced on May 14, seeks to give individuals protection and control over their covered health data by adopting an express affirmative consent regime, along with enumerated requirements for businesses. For a helpful summary of the key similarities and differences between the PHEPA and the CCDPA, please see the Chamber Technology Engagement Center’s (C_TEC) COVID-19 Privacy Bill Comparison Chart.Continue Reading Privacy vs. Containment, Part 2: The Democratic Answer to a Framework for Federal Privacy Legislation on COVID-19
Privacy vs. Containment: Federal Privacy Legislation Meets COVID-19
As the federal, state, and local governments and industry grapple with how to respond to and prevent the spread of COVID-19, a group of senior Republican senators recently announced consumer privacy legislation designed to protect personal “covered data” collected from consumers relating to personal health, geolocation, and proximity. The proposed legislation is a response to contact tracing solutions aimed at tracking the virus and those who may have been exposed to it.
The COVID-19 Consumer Data Protection Act of 2020
Senate Commerce Committee Chairman Roger Wicker (R-MS), Communications, Technology, Innovation, and the Internet Subcommittee Chairman John Thune (R-SD), Consumer Protection, Product Safety, Insurance, and Data Security Subcommittee Chairman Jerry Moran (R-KS), and Senator Marsha Blackburn (R-TN), who sits on both the Commerce and Judiciary Committees, introduced the COVID-19 Consumer Data Protection Act of 2020 (the “Act”) on May 7. According to the sponsors, the legislation is intended to provide consumers more transparency, choice, and control over the collection and use of their personal data, and to hold businesses accountable to consumers if these businesses use personal COVID-19-related data for purposes unrelated to the pandemic. As Subcommittee Chairman Moran stated, “while many businesses have taken well-intentioned steps to develop technological solutions to tracking, containing and ending the COVID-19 pandemic, Congress must address potentially harmful practices that could stem from these innovations if not held accountable.”Continue Reading Privacy vs. Containment: Federal Privacy Legislation Meets COVID-19
Update: Coronavirus Cyberscams and Other Attacks – Scammers Are Still at It
The global coronavirus pandemic continues on, and the cyberattacks and scams continue to multiply. In the midst of the pandemic, hackers are capitalizing on fears surrounding the outbreak by crafting COVID-19-themed attacks aimed at infecting computers with malware or obtaining sensitive, personal information. Below are some of the latest examples of attacks and vulnerabilities to be aware of:
Continue Reading Update: Coronavirus Cyberscams and Other Attacks – Scammers Are Still at It
Upcoming Event – The Future of Cybersecurity: DHS’s Newest Agency and the Private Sector
Please join McGuireWoods and the Mecklenburg County Bar, on April 3, 2019 from 10 – 11 a.m. EST, for an exclusive look into the newly formed Cybersecurity and Infrastructure Security Agency (CISA). Hear from CISA’s Chief Counsel, Daniel Sutherland, about the agency’s mission, its statutory authorities, and how CISA can help your organization and its
From the Editor’s Desk
Since our launch in 2013, Password Protected has made every attempt to provide in-depth relevant data privacy and cybersecurity legal analysis. In our continued effort to provide accessible and useful information, we have modernized our blog to provide readers with a better experience. We have re-formatted with the user in mind, to provide easily digestible
New California Privacy Law Could Have Nationwide Implications
Yesterday Gov. Jerry Brown signed California Consumer Privacy Act of 2018, which grants California residents unprecedented control over the collection, use, and sale of personal information. Many have already speculated that other state legislatures will follow suit and adopt a similar law in their own states, as has occurred in the wake of past California laws on data privacy and security. A copy of the law can be found here.
Continue Reading New California Privacy Law Could Have Nationwide Implications
Between a Rock and a Hard Place: SEC Disclosure Analysis in Light of Yahoo
On April 25, the Securities and Exchange Commission announced a settlement with Yahoo that constituted its first enforcement action against a public company for failing to disclose a data breach.
This settlement demonstrates that companies in post-data breach environments must engage in a thorough, fulsome analysis of whether to disclose the cybersecurity incident in their
New SEC Cybersecurity Guidance Outlines Disclosure Obligations
Last week, as previously reported, the U.S. Securities and Exchange Commission (SEC) unanimously voted to approve additional guidance for reporting cybersecurity risks. The release of this guidance underscores the SEC’s intent to prioritize cybersecurity compliance in 2018. The SEC may bring action against boilerplate cybersecurity disclosures that are not specifically tailored to address unique
DoD Cyber Compliance Deadline Fast Approaching – Here’s What Government Contractors Need to Know
U.S. Department of Defense (DoD) contractors face new cybersecurity compliance requirements, including a significant deadline set for December 31, 2017.
Most DoD contracts now include clauses imposing obligations on contractors’ protection of government information and reporting of cyber incidents. These obligations include a requirement for contractors to comply with the cybersecurity standards set forth in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.
Contractors must comply with the NIST standards no later than the end of calendar year 2017. Submission of a proposal to DoD now serves as a specific representation that the offeror meets these compliance requirements. Failure to meet the NIST standards potentially opens the door to more stringent government enforcement actions and liability under the False Claims Act.
Continue Reading DoD Cyber Compliance Deadline Fast Approaching – Here’s What Government Contractors Need to Know