All in Privacy + Cybersecurity
On Monday, the Supreme Court denied cert in Zappos.com, Inc. v. Stevens, signaling that the Court remains reluctant to address privacy harms under Article III standing. The petition for certiorari in Zappos asked the Court to resolve a circuit split over whether individuals have standing where their personal information is held in a database breached by hackers, even if they have not actually suffered an injury from that data breach.
In a recent per curiam opinion, the Supreme Court vacated and remanded a much-watch case—Frank v. Gaos—perpetuating uncertainty about privacy litigation. The Court sent the case back to the Ninth Circuit for further consideration of the plaintiffs’ standing to sue for violations of a federal privacy law, the Stored Communications Act (SCA or Act).
Under the President’s Executive Order on AI, the National Institute of Standards and Technology (NIST) is tasked with putting together a plan for federal engagement on developing standards for deploying AI technologies, and the agency confirmed Thursday that it is moving quickly to do so.
On February 26 and 27, commerce committees in the House and Senate convened the first consumer data privacy hearings of the 116th Congress. These hearings reflect a growing consensus on Capitol Hill that, in light of developments both in the states and overseas, a comprehensive federal privacy framework is becoming increasingly necessary to address an increasingly fragmented and incongruous patchwork of privacy regulation to the detriment of consumers and industry.
February was a busy month in privacy—from the federal government to the states, from legislatures to agencies, various governmental authorities have been hard at work on a diverse array of potential privacy approaches.
FTC Chairman Joe Simons outlined the agency’s priorities in his keynote at the ABA’s consumer protection conference on Tuesday, promising vigorous enforcement as the agency emerges from the shutdown. Without commenting on any pending investigations, he made clear that the agency would continue to pursue enforcement actions in a number of areas. And he reiterated calls to Congress to give the agency new tools and expanded authority.
The National Institute of Standards and Technology (NIST), within the Department of Commerce, has launched an effort to identify “a core set of cybersecurity capabilities that could be a baseline for [Internet of Things (IoT)] devices.” The discussion draft, Considerations for a Core IoT Cybersecurity Capabilities Baseline, is intended to solicit stakeholder feedback and includes NIST’s “initial thoughts about what a core baseline of cybersecurity capabilities that are important for most IoT devices would look like.”
Mobile and cloud technologies, combined with big data and advanced analytics are revolutionizing our healthcare system, making life-saving care accessible to more patients. At the same time, the medical sector is under constant cyberattack. The healthcare infrastructure, electronic medical records and medical devices are all targets of malicious activity by criminals, hacktivists and nation states.