All in Privacy + Cybersecurity

Issue-spotting Federal Privacy Framework from Congressional Hearings

On February 26 and 27, commerce committees in the House and Senate convened the first consumer data privacy hearings of the 116th Congress. These hearings reflect a growing consensus on Capitol Hill that, in light of developments both in the states and overseas, a comprehensive federal privacy framework is becoming increasingly necessary to address an increasingly fragmented and incongruous patchwork of privacy regulation to the detriment of consumers and industry.

The FTC is Back Up and Running: The Chairman’s Update on Agency Priorities

FTC Chairman Joe Simons outlined the agency’s priorities in his keynote at the ABA’s consumer protection conference on Tuesday, promising vigorous enforcement as the agency emerges from the shutdown.  Without commenting on any pending investigations, he made clear that the agency would continue to pursue enforcement actions in a number of areas.  And he reiterated calls to Congress to give the agency new tools and expanded authority.

NIST Launches Effort to Establish IoT Security Baseline; Seeks Stakeholder Feedback

The National Institute of Standards and Technology (NIST), within the Department of Commerce, has launched an effort to identify “a core set of cybersecurity capabilities that could be a baseline for [Internet of Things (IoT)] devices.”  The discussion draft, Considerations for a Core IoT Cybersecurity Capabilities Baseline, is intended to solicit stakeholder feedback and includes NIST’s “initial thoughts about what a core baseline of cybersecurity capabilities that are important for most IoT devices would look like.”

Big Data Transforming Healthcare, But Cybersecurity Issues Loom

Mobile and cloud technologies, combined with big data and advanced analytics are revolutionizing our healthcare system, making life-saving care accessible to more patients. At the same time, the medical sector is under constant cyberattack. The healthcare infrastructure, electronic medical records and medical devices are all targets of malicious activity by criminals, hacktivists and nation states.

Illinois: Actual Injury Not Required for Privacy Lawsuit; Inviting Costly Litigation against Innovators

On Friday, the Supreme Court of Illinois found that a plaintiff could seek liquidated damages and injunctive relief under a state privacy statute without “[p]roof of actual damages.”

The case—Rosenbach v. Six Flags Entertainment—was brought under the Illinois Biometric Information Privacy Act (BIPA or Act).  The Act imposes numerous obligations on private entities that collect biometric information, like fingerprints and retina scans.  If the entity fails to follow the obligations in the Act, any person “aggrieved” is provided a “right of action . . . against an offending party.”