Enforcement - Federal Agency and State AG Action

On April 3, 2017, President Trump signed a repeal of new Federal Communications Commission (FCC) rules that would have subjected broadband internet service providers (ISPs) to more stringent consumer privacy regulations. Specifically, the FCC’s rule would have required ISPs to obtain opt-in consent from consumers before using and sharing sensitive information such as geo-location, web

On January 23, 2017, the FTC released a new report outlining its recommendations for companies using cross-device tracking. The report focused on the FTC’s continued commitment to consumer choice, transparency, and security.

What is cross-device tracking?

Cross-device tracking occurs when companies attempt to connect a consumer’s activities across multiple devices. For example, a consumer begins

On December 1, 2016, the Commission on Enhancing National Cybersecurity (Commission)—established ten months earlier by President Obama—released its Report on Securing and Growing the Digital Economy (Report).  The 50-page Report includes six major imperatives with 16 recommendations and 53 associated action items to improve national cybersecurity. The Commission is a non-partisan panel comprised of 12

The GDPR harmonizes data protection laws across the EU and updates the current 20-year-old regime to take account of globalization and the ever-changing technology landscape.  It will apply not only to EU companies, but to any company processing the personal data of individuals in the EU in relation to offering goods or services, or to

Yesterday afternoon Yahoo Inc. (Yahoo) announced that user information was stolen from more than one billion accounts in August 2013. Yahoo said that the stolen information includes, “names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers” but does not include bank

State attorneys general play an active role in data privacy and security matters. Their involvement is increasing as they grapple with changing technologies and threats, rapidly evolving state laws and their relatively broad consumer protection authority to engage private sector custodians of personal data such as retailers, financial institutions, technology companies, and health systems. In

As the healthcare industry continues to embrace the Internet of Things, cybersecurity may present unprecedented health and privacy risks to patients. Wireless-enabled medical devices are increasingly common. For some patients, this means that their hearts are, quite literally, connected to the Internet of Things. For others, mobile medical apps and wearable products are collecting