All in Privacy + Cybersecurity
Under the President’s Executive Order on AI, the National Institute of Standards and Technology (NIST) is tasked with putting together a plan for federal engagement on developing standards for deploying AI technologies, and the agency confirmed Thursday that it is moving quickly to do so.
On February 26 and 27, commerce committees in the House and Senate convened the first consumer data privacy hearings of the 116th Congress. These hearings reflect a growing consensus on Capitol Hill that, in light of developments both in the states and overseas, a comprehensive federal privacy framework is becoming increasingly necessary to address an increasingly fragmented and incongruous patchwork of privacy regulation to the detriment of consumers and industry.
February was a busy month in privacy—from the federal government to the states, from legislatures to agencies, various governmental authorities have been hard at work on a diverse array of potential privacy approaches.
FTC Chairman Joe Simons outlined the agency’s priorities in his keynote at the ABA’s consumer protection conference on Tuesday, promising vigorous enforcement as the agency emerges from the shutdown. Without commenting on any pending investigations, he made clear that the agency would continue to pursue enforcement actions in a number of areas. And he reiterated calls to Congress to give the agency new tools and expanded authority.
The National Institute of Standards and Technology (NIST), within the Department of Commerce, has launched an effort to identify “a core set of cybersecurity capabilities that could be a baseline for [Internet of Things (IoT)] devices.” The discussion draft, Considerations for a Core IoT Cybersecurity Capabilities Baseline, is intended to solicit stakeholder feedback and includes NIST’s “initial thoughts about what a core baseline of cybersecurity capabilities that are important for most IoT devices would look like.”
Mobile and cloud technologies, combined with big data and advanced analytics are revolutionizing our healthcare system, making life-saving care accessible to more patients. At the same time, the medical sector is under constant cyberattack. The healthcare infrastructure, electronic medical records and medical devices are all targets of malicious activity by criminals, hacktivists and nation states.
Yesterday, Symantec Corporation hosted its #PrivacyCon2019, which featured a diverse array of lawmakers, academics, policy experts, and regulators/government personnel.
On Friday, the Supreme Court of Illinois found that a plaintiff could seek liquidated damages and injunctive relief under a state privacy statute without “[p]roof of actual damages.”
The case—Rosenbach v. Six Flags Entertainment—was brought under the Illinois Biometric Information Privacy Act (BIPA or Act). The Act imposes numerous obligations on private entities that collect biometric information, like fingerprints and retina scans. If the entity fails to follow the obligations in the Act, any person “aggrieved” is provided a “right of action . . . against an offending party.”