The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: FCC Enforcement

  • From Vol. 2 No.23 (Nov. 16, 2016)

    Complying With New Rules as the FCC Forges Its Role in Privacy and Data Security 

    The FCC’s new sweeping regulations change how broadband internet access service providers can use and share customers’ personal data. In some ways stricter than FTC requirements regarding the same types of data, these regulations impose broader and more burdensome consumer consent obligations, experts told The Cybersecurity Law Report. “It’s an unlevel playing field” where “two regulators are protecting information differently,” Sheppard Mullins partner Laura Jehl explained. The regulations also revise data security expectations and heightened breach notification requirements. We analyze steps companies must take to comply with the new regulations, the implementation timeline, and what to expect from FCC enforcement. See also “FCC Flexes Its Muscles With Proposed Broadband Privacy Rules and Verizon Settlement” (Mar.16, 2016).

    Read Full Article …
  • From Vol. 2 No.9 (Apr. 27, 2016)

    Regulators Speak Candidly About Cybersecurity Trends, Priorities and Coordination

    Understanding the regulators’ priorities and concerns can help a company work effectively with them to investigate and respond to cybersecurity incidents. In a recent panel at the ABA National Institute on Cybersecurity Litigation, authorities from the DOJ, the SEC, the FCC and the Connecticut Attorney General’s office weighed in about the cyber threat landscape, their agencies’ enforcement priorities, strategies for collaboration (including when and how information shared with the government will remain confidential) and effective incident response. See also “Private and Public Sector Perspectives on Producing Data to the Government” (Jun. 3, 2015).

    Read Full Article …
  • From Vol. 2 No.6 (Mar. 16, 2016)

    FCC Flexes Its Muscles With Proposed Broadband Privacy Rules and Verizon Settlement

    Continuing its increased emphasis on online privacy, the FCC has proposed regulations for broadband ISP services, right on the heels of a $1.35 million settlement with Verizon Wireless tied to its use of unique identifier headers or “supercookies.” Verizon agreed to adopt a three-year compliance program in connection with its tracking of customers for targeted advertising purposes and failing to adequately notify them about it. Experts told The Cybersecurity Law Report that the consent decree seemed to pave the way for the proposed new privacy rules, which center around choice, security and transparency. We analyze the settlement, provide three key takeaways from it and explore the impact of the new proposed rules. See also “FCC Makes Its Mark on Cybersecurity Enforcement With Record Data Breach Settlement” (Apr. 22, 2015).

    Read Full Article …
  • From Vol. 2 No.3 (Feb. 3, 2016)

    Legal and Regulatory Expectations for Mobile Device Privacy and Security (Part One of Two)

    With consumers now using mobile devices in nearly every aspect of their personal and professional lives, companies are collecting, storing and sharing information from mobile use for a wide range of initiatives such as improving products and services and targeted advertising. During a recent webinar, WilmerHale partners D. Reed Freeman, Jr. and Heather Zachary examined the latest federal, state and self-regulatory privacy and data security expectations. Part one in this two-part series covers the panelists’ detailed discussion about how practitioners can navigate the regulatory environment for mobile advertising, including self-regulatory guidance and the increasingly important role of the FCC. In part two, Freeman and Zachary address: how to ensure compliance in the use of cross-device advertising and tracking; lessons from the Telephone Consumer Protection Act; and key aspects of the E.U. and Canada’s mobile privacy and data security regulations. See also “FTC Chair Addresses the Agency’s Data Privacy Concerns With Cross-Device Tracking” (Nov. 25, 2015).

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 6, 2016)

    FTC Director Analyzes Its Most Significant 2015 Cyber Cases and Provides a Sneak Peek Into 2016

    The FTC’s Bureau of Consumer Protection was hard at work in 2015, reaching settlements with a wide range of companies on a variety of privacy and data security issues.  During the recent IAPP Practical Privacy Series 2015, Jessica Rich, Director of the Bureau of Consumer Protection and an architect of the FTC’s privacy program, reflected on the agency’s major enforcement actions, reports and relationships in 2015 and what businesses should expect in the coming year.  See also “The FTC Asserts Its Jurisdiction and Provides Ten Steps to Enhance Cybersecurity” (Jul. 15, 2015).

    Read Full Article …
  • From Vol. 1 No.7 (Jul. 1, 2015)

    What Companies Need to Know About the FCC’s Actions Against Unwanted Calls and Texts

    The FCC has sent a strong message to companies that it will proactively monitor and regulate consumer consent related to phone calls and texts.  The agency claims this is the largest source of consumer complaints it receives.  “It is clear that the FCC will be more active in this area of enforcement,” Jen Deitch Lavie, a partner at Manatt, Phelps & Phillips, told The Cybersecurity Law Report.  The FCC recently has taken actions in two different forms to enforce and clarify the Telephone Consumer Protection Act (TCPA).  During the month of June, the FCC sent a public warning to PayPal regarding planned amendments to its User Agreement.  PayPal subsequently announced it would modify that agreement to address the FCC’s concerns.  The FCC also adopted a package of declaratory rulings regarding robocalls and spam texts that clarifies and modifies the TCPA in significant ways.  See also “FCC Makes Its Mark on Cybersecurity Enforcement with Record Data Breach Settlement,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read Full Article …
  • From Vol. 1 No.4 (May 20, 2015)

    After a Cyber Breach, What Laws Are in Play and Who Is Enforcing Them?

    Recent reports detail a breathtaking and unrelenting rise in cyber breaches, with five malware events occurring every second, and 60% of successful attackers able to compromise an organization within minutes.  But the law has not kept pace with technological innovation.  There is no single uniform law protecting individual privacy, nor one that governs all of a company’s obligations or liabilities regarding data security and privacy.  As Jenny Durkan and Alicia Cobb, a partner and associate, respectively, at Quinn Emanuel Urquhart & Sullivan, detail in a guest post, any business that suffers a significant cyber breach almost certainly will face not only multiple civil suits, but multiple investigations by federal and state authorities.  The authors provide a roadmap to the key authorities and the patchwork of relevant rules and regulations.

    Read Full Article …
  • From Vol. 1 No.2 (Apr. 22, 2015)

    FCC Makes Its Mark on Cybersecurity Enforcement with Record Data Breach Settlement

    With its $25 million settlement with AT&T, the “FCC has now planted its flag, and sent the message that it will use its powers to protect consumers,” Jenny Durkan, a partner at Quinn Emanuel Urquhart & Sullivan, told The Cybersecurity Law Report.  The FCC’s decision earlier this year to classify Internet providers as public utilities under the FCC’s jurisdiction has caused a broad range of companies to follow the agency’s actions closely.  The record AT&T settlement resolves an investigation into the theft of information by employees of a vendor call center in Mexico and requires AT&T to, among other things, overhaul its compliance program, provide free credit-monitoring services for affected customers and meet certain compliance benchmarks at intervals for the next seven years. 

    Read Full Article …