On Saturday, May 9, 2015 a bomb went off at a busy intersection of the affluent Atlanta suburb of Buckhead. Nobody was killed or physically injured, so you probably didn’t read or hear about it with your Sunday morning coffee. But both the FBI and Homeland Security are investigating the incident. The “bomb” has come to be known as the “Buckhead Billboard Bomb.” The incident reflects the ever-growing need for businesses large and small to pay attention to data security.
The Buckhead Billboard Bomb resulted when a hactivist group calling itself Assange Shuffle Collective accessed a web-connected digital billboard to display an obscene pornographic image to passers-by at the intersection of Peachtree and East Paces Ferry roads. The software running the billboard had no system security in place and, worse yet, a cyber-security expert had warned the company it was vulnerable. The billboard company responded “not interested…” to the expert’s offer to assist.
Continue reading How A Data Breach Led To A ‘Billboard Bomb’ →
At the White House Summit on Cybersecurity and Consumer Protection at Stanford University on February 13, 2015, President Obama called for a single national data breach standard and for improved information sharing about threats to America’s technology infrastructure between government and the private sector. In the past two months, Congress has responded with multiple bills to address these pressing issues.
First, the Data Security and Breach Notification Act of 2015 was passed by the House Energy and Commerce Committee on April 15, and was sent to the House floor. The Act would set a single national standard for data breach notification that would be enforced by the Federal Trade Commission (“FTC”) and the states’ attorneys general, and would preempt state data security and breach notification statutes. While the Act made it out of committee, the vote was along party lines, including a no vote from the Act’s Democratic co-sponsor.
Continue reading Two Federal Cybersecurity Bills Move Forward →
Federal and state privacy and data security laws affect nearly every industry ranging from healthcare providers to financial institutions to start-ups. One federal bill that could bring clarity to varied state laws and regulations is the Data Security and Breach Notification Act of 2015 originally co-sponsored by Representatives Marsha Blackburn (R-TN) and Peter Welch (D-VT). If passed, it will change how companies, non-profit organizations, and common carriers handle data breach notifications from trying to comply with an uneven quilt of state laws to a single, enforceable, uniform standard.
There are two important provisions in this Act. First, this federal law would preempt all existing state data breach notification laws, providing a single uniform rule for what to do when a company discovers a data breach. Second, the rules for data breach notification are well defined for all companies. For example, the bill states what information a company will need to provide in its data breach notice, how notification should happen (even when some of the contact information for data breach victims is outdated), and when it should take place (not later than 30 days after the entity has investigated and secured its system).
Continue reading Feds Attempt To Preempt Conflicting State Laws On Data Breaches →
How do farmers get involved in the Internet of Things without the Internet? It helps to get the FCC involved.
In a recent 3-2 vote, the Federal Communication Commission (“FCC”) decided that federal authority preempts state laws preventing public utility broadband networks from expanding to rural areas. Prior to the ruling, large Internet Service Providers (“ISPs”) lobbied state legislatures in 22 states to pass laws that limited how far a city’s broadband service could stretch.
Why would large ISPs care if rural areas had access to the Internet? Essentially, because it has been more economical for ISPs to block the expansion of municipal broadband by their competitors, local utilities, than to provide these areas with high-speed Internet service themselves.
Continue reading Feds trump states to help provide Internet to rural areas →
Over the last week, I participated in three very different events featuring discussion about the growth of the Internet of Things (IOT). The presentations confirmed that the IOT is expanding into all areas of our lives, at a rate faster than most can track. The first two instances were professional conferences about the IOT and legal risk. Not surprisingly, the speakers raised many questions about liability, duty, and risk, but they provided few solutions.
The third presentation was more practical and inspiring. The Marin School of Environmental Leadership’s Business Leader’s Breakfast featured Gordon Feller from Cisco Systems, who explained that connected devices play a crucial role in meeting sustainability goals for his company and its customers. Cisco aims to build environmental sustainability into each business function and process through the use of information and communications technology designed to improve the world’s standard of living, use of resources, and energy efficiency, while delivering new value to customers and society.
Continue reading The Internet of Things: Expanding Everywhere And Growing Faster Daily →
For those who have been following all the failed federal cybersecurity legislation during the last year, it should come as no surprise that President Obama’s Summit on Cybersecurity and Consumer Protection was a call to Congress to act. Not coincidentally, the Summit was held at Stanford University on Friday, February 13, 2015, exactly one year since the National Institute of Standards and Technologies published the first version of its Framework for Improving Critical Infrastructure Cybersecurity, and two years since President Obama Executive Order 13636, Improving Critical Infrastructure Cybersecurity, directing NIST to establish the Framework.
The Framework consists of scalable standards, guidelines, and practices to help owners and operators of critical infrastructure to manage cybersecurity-related risk.
Continue reading Obama Brings Cybersecurity Plan To The Bay →
As we’ve been told, 2015 will be the year of the “Internet of Things.” (Or was it 2013? Or 2014?) For those not yet in the know, the Internet of Things (“IoT”) is a web of personal, household, and office devices that collect, share, and store data via an Internet connection. After registering the device and connecting it to the Internet, users can access the device from their tablet or smartphone.
Currently, there are more than 1.9 billion devices connected through the IoT—a number that some estimate will grow to 9 billion by 2018. Other projections estimate that by 2020, the global market for IoT devices and services will exceed $7 trillion. This trend is not going unnoticed by the FTC.
Continue reading The Internet of Things is Here — Are You Ready? →
Is that unwanted promotional text message coming from a human or a machine? It matters for purposes of the Telephone Consumer Protection Act.
In Marks v. Crunch San Diego, LLC, Case No. 14-cv-00348-BAS-BLM (S.D. Cal. Oct. 23, 2014), the United States District Court for the Southern District of California provided some guidance regarding the meaning of an Automated Telephone Dialing System (“ATDS”) under the Telephone Consumer Protection Act (“TCPA”).
Continue reading Court Defines Application of Telephone Act to Promotional Text Messages →