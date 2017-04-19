As data becomes more and more commoditized, domestic and
international laws and regulatory actions continue to focus on
privacy rights and data security.
The Federal Trade Commission (FTC) has issued several reports,
tools, and guidance in the privacy and data security area,
including a report on balancing privacy and innovation, a tool to
help health application developers better understand the federal
laws that apply to their applications, and an online cross-device
tracking report focused on new tracking technologies in apps and
across multiple devices.
The FTC also has increased its enforcement efforts, with high
profile cases involving companies including InMobi, Oracle, Vulcun,
Ashley Madison and ASUS. Whether this enforcement trend will
continue may depend, in part, on who the Trump administration will
appoint to occupy the vacant FTC commissioner positions.
While the FTC continues to strengthen its privacy and data
security standards, states have been updating their privacy
regulations and protections. Many states impose a "reasonable
safeguards" standard to protect personal information, but it
has been unclear what constitutes "reasonable
safeguards."
Massachusetts and Oregon have set out more specifics in their
interpretation of "reasonable safeguards," but California
was the first state to define it. In a recent data breach report,
the California Attorney General opined that failure to implement
all 20 controls listed in the Center for Internet Security's
Critical Security Controls constituted a lack of reasonable
security.
A number of international privacy law developments also have
implications for marketers and other businesses. The United States
and the European Union approved the EU-U.S. Privacy Shield and the
EU adopted the General Data Protection Regulation (GDPR),
effectively replacing the EU Data Protection Directive and imposing
new consumer privacy requirements on companies handling data from
the EU with a compliance deadline of May 2018.
Artificial intelligence (AI) has joined "Big Data" and
the "Internet of Things" as new privacy challenges.
Companies such as Amazon, Google and Apple have rolled out
AI-enhanced entertainment systems that depend on data collection
(e.g., Amazon Echo, Google Home and Apple HomeKit). Consumers have
shown that they are willing to give out their data in exchange for
new "convenience technologies," but like all new
technologies, this involves risk, and the "machine
learning" characteristic of AI technologies may pose
challenges for a consent-based model of data collection. How this
form of data collection will affect the regulatory landscape
remains to be seen.
Key Takeaways
Companies should reassess their data security infrastructure
and written privacy and information security policies.
Companies should assess whether they have in place the
necessary controls that constitute "reasonable
safeguards."
Companies that handle personal data of EU residents or process
data in the EU need to ensure that they are in compliance with the
GDPR before the May 2018 deadline.
Companies involved in AI technology should put privacy at the
forefront of their priorities.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
At last week's Health Care Compliance Association's annual "Compliance Institute," Iliana Peters, HHS Office for Civil Rights' Senior Advisor for HIPAA Compliance and Enforcement, provided a thorough update of HIPAA enforcement trends as well as a road map to OCR's current and future endeavors.
The increasing frequency and sophistication of security breaches expose organisations to wide ranging external and internal risks and key among these is the liability that can be imposed under the Payment Card Industry...
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).