Tag Archives: Service Provider

Webinar Recording Available on the NYDFS Regulations

On March 9, 2017, AllClear ID hosted a webinar with Hunton & Williams partner Lisa J. Sotto on the new cybersecurity regulations from the New York State Department of Financial Services. This blog post provides a link to the recording and presentation materials. … Continue Reading

FCC Stays Implementation of Data Security Rules

On March 1, 2017, the Federal Communications Commission, under the new leadership of Chairman Ajit Pai, voted 2-1 to issue a temporary stay of the data security obligations of the FCC’s Broadband Consumer Privacy Rules, which were to go into effect March 2, 2017. The temporary stay will remain in place until the FCC is able to act on pending petitions for reconsideration. … Continue Reading

China Publishes Draft Measures for Security Review of Network Products and Services

On February 4, 2017, the Cyberspace Administration of China published a draft of its proposed Measures for the Security Review of Network Products and Services. Under the Cybersecurity Law of China, if an operator of key information infrastructure purchases network products and services that may affect national security, a security review is required. The draft is open for comment until March 4, 2017.… Continue Reading

House of Representatives Passes Email Privacy Act

On February 6, 2017, the House of Representatives suspended its rules and passed by voice vote H.R 387, the Email Privacy Act. The Email Privacy Act now moves to the Senate, where it will be considered by the Senate Judiciary Committee. … Continue Reading

NERC Releases Draft Standard for Cybersecurity Supply Chain Risk Management

On January 19, 2017, the North American Electric Reliability Corporation released a draft Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management which addresses “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.”… Continue Reading

Email Privacy Act Reintroduced in Congress

On January 9, 2017, Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO) reintroduced the Email Privacy Act, which would amend the Electronic Communications Privacy Act to require government entities to obtain a warrant, based on probable cause, before accessing the content of any emails or electronic communications stored with third-party service providers, regardless of how long the communications have been held in electronic storage by such providers.… Continue Reading

CJEU Challenges Legality of UK Interceptions Laws

On December 21, 2016, a judgment by the Court of Justice for the European Union that clarifies EU surveillance laws has called into question the legality of the UK’s Investigatory Powers Act 2016. The decision could have significant implications on the UK’s chances of securing “adequacy” status for its data protection regime post-Brexit.… Continue Reading

European Commission Plans to Upgrade e-Privacy Directive to a Regulation

On December 12, 2016, Politico reported that the European Commission intends to replace the e-Privacy Directive with a Regulation. The planned shift from a Directive to a Regulation means that the Regulation will create a harmonized set of requirements at the EU level that are directly applicable in the Member States. … Continue Reading

UK Parliament Approves Investigatory Powers Bill

On November 16, 2016, the UK Investigatory Powers Bill was approved by the UK House of Lords. The draft of the Bill has sparked controversy, as it will hand significant and wide-ranging powers to state surveillance agencies, and has been strongly criticized by some privacy and human rights advocacy groups. … Continue Reading

CISPE Unveils Cloud Providers Code of Conduct

On September 27, 2016, Cloud Infrastructure Services Providers in Europe published its Data Protection Code of Conduct. CISPE, a relatively new coalition of more than 20 cloud infrastructure providers with operations in Europe, has focused the Code on transparency and compliance with EU data protection laws. … Continue Reading

TalkTalk Appeal Against ICO Fine for Late Notification of Data Breach Dismissed by First-Tier Tribunal

On August 30, 2016, the First-tier Tribunal (Information Rights) (the “Tribunal”) dismissed an appeal from UK telecoms company TalkTalk Telecom Group PLC (“TalkTalk”) regarding a monetary penalty notice issued to it on February 17, 2016, by the UK Information Commissioner’s Office (“ICO”). The ICO had issued the monetary penalty notice to TalkTalk, for the amount … Continue Reading

Article 29 Working Party and EDPS Release Opinions on the ePrivacy Directive

On July 25, 2016, the Article 29 Working Party and the European Data Protection Supervisor released their respective Opinions regarding the evaluation and review of Directive 2002/58/EC on privacy and electronic communications. Both the Working Party and the EDPS stressed that new rules should complement the protections available under the EU General Data Protection Regulation. … Continue Reading

China Publishes First Regulation Expressly Regulating Mobile Apps

On June 28, 2016, the State Internet Information Office of the People’s Republic of China published the Administrative Provisions on Information Services for Mobile Internet Applications (the “App Administrative Provisions”). This is the first regulation that expressly regulates mobile apps in the People’s Republic of China. Before the App Administrative Provisions were published, the P.R.C. … Continue Reading

EU Council Adopts the Network and Information Security Directive

On May 17, 2016, the European Council adopted its position at first reading on the Network and Information Security Directive. The NIS Directive was proposed by the European Commission on February 7, 2013, as part of its cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues.… Continue Reading
LexBlog