Header graphic for print
TMT Perspectives Insight & Commentary on Business, Legal and Policy Developments Affecting the Telecom, Media, and Technology Sectors

Category Archives: Privacy and Data Security

Subscribe to Privacy and Data Security RSS Feed

New York State Set To Examine Bank Cybersecurity Policies

Posted in Administrative Law, Finance, Privacy and Data Security, Technology

The New York State Department of Financial Service’s Banking Division supervises nearly 1,900 banking and other financial institutions with assets of more than US$2.9 trillion. On December 10th, Benjamin Lawsky, the Department Superintendent released a guidance letter outlining the Department’s plan to expand cybersecurity examination procedures of regulated institutions to focus more attention on cybersecurity. The… Continue Reading

Update–Software as Crime: Federal Prosecutors Determine that Software Can Violate the WireTap Act

Posted in Privacy and Data Security, Technology

In a prior post we noted a subtle but potentially far-reaching development in how federal prosecutors interpret the Electronic Communications Privacy Act. In that post we discussed the prosecution of Hammad Akbar for selling a software application that could be used to record file, text, or voice records on a mobile phone. The prosecution’s claim… Continue Reading

Cyber Security: NIST’s Guide to Sharing

Posted in Privacy and Data Security

With cyber attacks growing in scale, complexity, and frequency and in the midst of the U.S. Postal Service and Federal Weather Network breaches, NIST continues to march on with efforts to stem the tide. At the end of October, NIST released the draft Guide to Cyber Threat Information Sharing. The public comment period closes November… Continue Reading

CFTC Guidance to Financial Institutions on Cybersecurity

Posted in Privacy and Data Security

On November 5, 2014, the Chairman of the Commodity Futures Trading Commission (CFTC), Timothy G. Massad, gave keynote remarks at the Futures Industry Association Expo 2014 in Chicago, Illinois. Chairman Massad’s remarks focused, in part, on the importance of the Commission’s oversight of cybersecurity issues for the financial institutions, exchanges and markets that it regulates…. Continue Reading

More than 500 Financial Institutions Assessed for Cybersecurity Risks

Posted in Privacy and Data Security

On November 3, 2014, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Assessment General Observations of more than 500 financial institutions and their preparedness to mitigate cyber risks. The Council is a formal interagency body of the US government made up of five banking regulators: the Federal Reserve Board of Governors (FRB), the… Continue Reading

FCC Seeks to Become a Cybersecurity Enforcer with a $10 Million Sword

Posted in FCC, FTC, Privacy and Data Security

Last Friday, the FCC released a Notice of Apparent Liability for Forfeiture (“Notice”) ordering TerraCom, Inc. and YourTel America, Inc. to pay a $10 million forfeiture for the companies’ failure to reasonably secure electronic customer information. In doing so, the FCC relied on Title II (i.e., the “common carrier” provisions) of the Communications Act of… Continue Reading

Prosecution of Retail Spyware App Publisher Raises Questions

Posted in Privacy and Data Security, Technology

On October 7, 2014, federal prosecutors in Virginia charged Hammad Akbar with manufacturing, advertising, and selling to retail customers a mobile phone spyware application called “StealthGenie.[1] In issuing this Indictment, the Government applied an old law to new circumstances, which raises a host of questions.   The Prosecution.  According to the Indictment, StealthGenie was marketed to… Continue Reading

BitLicense: The Death of Pseudonymity?

Posted in Finance, Legal Developments, Privacy and Data Security

Last week, the New York State Department of Financial Services (NY-DFS) released its highly anticipated proposed BitLicense regulatory framework which addresses many of the problems that have plagued the virtual currency in the media over the last year. In an attempt to engage the grass-roots Bitcoin community directly, Benjamin Lawsky, the Superintendent of the NY-DFS,… Continue Reading

Mt. Gox’s Collapse Leads to First Major US “Bit-igation”

Posted in Finance, Lawsuits, Privacy and Data Security, Transactions

It’s no secret that Bitcoin businesses and their customers have been having a rough time lately. On March 3, 2014, Bitcoin wallet service Flexcoin announced that it was shutting down after hackers stole 896 Bitcoins (approximately US$600,000). On March 4, 2014, Bitcoin exchange Poloniex admitted that hackers had stolen 12.3% of its funds. And, of… Continue Reading

Bitcoin: Staying on the Right Side of the Law

Posted in Finance, Privacy and Data Security, Transactions

Recently, Charlie Shrem, a well-known Bitcoin advocate and entrepreneur, was arrested and charged with conspiracy to commit money laundering and operating an unlicensed money transmitting business. Shrem was the vice-president of the Bitcoin Foundation, a non-profit organization dedicated to advocating for the legitimacy of Bitcoin (although he has now stepped down from this position), and… Continue Reading

Thought Experiments about Internet Privacy Law (Part 4)

Posted in Privacy and Data Security

In this series, we conduct a thought experiment on Internet privacy law inspired by a law review article written by Professor Orin S. Kerr, titled “The Next Generation Communications Privacy Act.” The article was Kerr’s thought experiment, discussing how the Electronic Communications Privacy Act, adopted in 1986, could be rewritten from scratch to better reflect… Continue Reading

Bitcoins: A Primer

Posted in Finance, Privacy and Data Security, Transactions

Bitcoin is the world’s largest digital currency. Introduced in 2009, it is controlled by a software program that was designed by a person or group operating under the pseudonym Satoshi Nakamoto, which had the goal of creating a currency that could run independently from banks and governments. New bitcoins are “mined” via code-breaking computers, and… Continue Reading

Cybersecurity Problems? Better Lawyer Up!

Posted in Privacy and Data Security

Companies investigating data breach incidents, or attempting to comply with cybersecurity regulations, would be wise to hire a law firm before doing anything else. A law firm will be able to assist a company in its investigation and compliance efforts, while providing attorney-client privilege to shield its findings should any lawsuits arise in the future…. Continue Reading

The EU Cybersecurity Directive Will Follow the US Framework

Posted in Legal Developments, Privacy and Data Security

On October 16, 2013, Dr. Pilar del Castillo Vera issued the draft opinion of the European Parliament’s Committee on Industry, Research and Energy (ITRE) with regard to the proposed cyberstrategy of the EU. Although the ITRE’s opinion suggests some useful amendments to the EU proposed Network and Information Security (NIS) Directive, it now seems clear… Continue Reading

FCC’s Cellphone Ruling Will Have Broad Impact

Posted in FCC, Privacy and Data Security

You may have heard that on June 27, 2013, the Federal Communications Commission issued a declaratory ruling in an effort to expand protection of cellphone data from privacy and security risks. While the ruling applies directly to telecommunications carriers that provide cellphone service, the ruling also impacts cellphone manufacturers and software developers. All businesses that… Continue Reading

Thought Experiments about Internet Privacy Law (Part 1)

Posted in Privacy and Data Security

A law review article entitled “The Next Generation Communications Privacy Act” was written by Professor Orin S. Kerr, the Fred C. Stevenson Research Professor at George Washington University and a renowned privacy law expert. The article poses the challenge of engaging in a bold thought experiment regarding privacy law as it applies to the Internet…. Continue Reading

Companies Need To Take Notice of the Government’s Cybersecurity Program

Posted in Legal Developments, Privacy and Data Security

The “Discussion Draft of the Preliminary Cybersecurity Framework” was released by the National Institute of Standards and Technology (“NIST”) on August 28, 2013. A “discussion draft” of a “preliminary” document issued by an entity that does not wield any federal or state regulatory authority may not seem important to most busy companies. But it is… Continue Reading