Sara was recognized as part of the 2021 class of Professional Excellence Award winners by The Legal Intelligencer. The honorees were chosen based on a variety of factors, including service to the bar, peer recognition, distinctions and accomplishments, thought leadership, and other legal work of note.
Welcome to our seventh Data Security Incident Response Report (DSIR). It has been quite a year from many perspectives. Thank you to everyone we have continued to partner and work with to create this report.
We are excited to soon launch a new digital platform version, and we intend to update this version throughout the year with real-time data. The DSIR will continue to share data and insights about security incidents, regulatory enforcement actions, class actions, transactions, digital innovation, compliance projects, data governance, and advisory matters to help organizations develop solutions to address the issues that data and technology create. Continue Reading
Across the economy, businesses are using digital technology to pivot into innovative service lines, accelerate growth and transform their businesses altogether. These businesses’ digital strategies and data assets play important roles in their success. Since Europe’s General Data Protection Regulation (GDPR) introduced special protections and requirements around sensitive personal data in 2018, the United States has seen a national movement to pass comprehensive privacy laws, some of which mirror the GDPR in this respect. In this issue, we are highlighting Catrina Wang and how her privacy practice intersects with digital transformation and the data economy.
The week of April 19 was an eventful one for practitioners following the evolution of potential artificial intelligence (AI) enforcement both in the United States and abroad, answering some questions regarding which regulators were going to take a more active and prospective role in regulating and advising on AI use and what those roles might look like. In addition, and perhaps more importantly for advisers and their clients, the announcements from the U.S. Federal Trade Commission (FTC) and the European Commission (EC) provided insight into what organizations using AI might do prospectively to mitigate enforcement concerns and prepare for future responses.
News from the FTC
The week started with an April 19, 2021, post from the FTC titled “Aiming for truth, fairness, and equity in your company’s use of AI.” Note first, however, that the FTC had provided some initial guidance back on April 8, 2020, titled “Using Artificial Intelligence and Algorithms.” The FTC’s 2020 guidance noted that the FTC had “brought many cases alleging violations of the laws [the FTC] enforce[s] involving AI and automated decision-making, and [had] investigated numerous companies in this space.” Continue Reading
Organizations around the globe began 2021 grappling with two significant supply-chain attacks. First, the SVR, Russia’s foreign intelligence service, planted malicious code in Orion, SolarWinds’ flagship network management suite. When 18,000 Orion customers updated their software, they also unwittingly installed the SVR’s malicious code, giving the Russian intelligence agency direct access to the customers’ networks.
The second attack came in March, when news broke that a threat actor labeled HAFNIUM was exploiting four previously unknown vulnerabilities in Microsoft Exchange, the ubiquitous email server platform. Information security teams scrambled to install Microsoft’s emergency fix and evaluate the damage. Within days, other threat actors began targeting unpatched systems for their own goals, including ransomware attacks.
In a landmark decision issued April 1, 2021, the Supreme Court settled a hotly-contested debate over the definition of “automatic telephone dialing system” (or “autodialer”) under the 1991 Telephone Consumer Privacy Act (“TCPA”). The Court’s decision is likely to upend the TCPA compliance and litigation landscape, as the law’s private right of action coupled with steep penalties for non-compliance have spawned countless class action lawsuits in recent years. SCOTUS resolved a circuit split over the definition of autodialer, which has been at the heart of many of these disputes, adopting the more narrow interpretation to avoid including any device that can dial numbers from a stored list. Continue Reading
We used to think of subscriptions as mostly for newspapers and magazines, but today you can subscribe to get cosmetics, cars, clothes, mental health counseling – even a curated selection of cat toys and treats that will show up on your doorstep every month. Is your brand offering a subscription-service? Linda Goldstein explains how to mitigate your legal risk.
Questions and Comments: email@example.com
Subscribe to BakerHosts
Apple Podcast | Google Podcast | iHeartRadio | Spotify | Stitcher | TuneIn
Download Episode Transcript
On March 19, 2021, Xavier Becerra was confirmed as the secretary of the U.S. Department of Health and Human Services (HHS). HHS is the federal regulatory body that oversees the Office for Civil Rights (OCR), which is the primary federal enforcer of the Health Insurance Portability and Accountability Act (HIPAA).
The secretary oversees 11 operating divisions and 15 offices (including OCR), and as a result, he is not solely focused on HIPAA and privacy issues. However, if Becerra maintains his California state of mind, we can reasonably anticipate that privacy reform will be a high-ranking item on his federal agenda. Continue Reading
On March 26, with less than a month left in the Washington Legislature’s 2021 session, the House Civil Rights and Judiciary Committee (CRJC) passed the Washington privacy act (2SSB 5062), with amendments, on a straight party-line vote of 11-6 (with all six Republican committee members voting no). As the act gets closer to passing, we’ll revisit the bill to highlight how it compares to its predecessors in California and Virginia. For now, this post focuses on differences between the Senate and House versions and how those might affect its passage.
The amended bill, which now includes a private right of action, moves next to the House Appropriations Committee before moving to the full House for consideration. If passed by the House (as currently amended or with other amendments), the amended bill must then be reconciled with the Senate’s version. Which puts us in about the same place we were in last year before the Washington privacy act failed – but with a few notable differences discussed below. Continue Reading
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months.
Europe, the Middle East and Africa