What’s the News?
The Federal Trade Commission is asking “who’s watching who?” in a recent settlement with Vizio over the consumer electronics brand’s smart TVs. Vizio’s settlement with the FTC and the New Jersey Attorney General comes in at $2.2 million after a complaint that Vizio tracked consumer viewing data on 11 million smart TVs since 2014 without their knowledge and sold it to third parties. Vizio must also delete all data collected up until March 2016, disclose its data practices, and improve its privacy policies.
An Illinois federal court recently awarded the Canadian retailer Moose Knuckles a $52 million default judgment related to claims of trademark infringement, counterfeiting, and cybersquatting by 26 Chinese defendants. The case offers a useful roadmap for companies that are trying to crack down on anonymous foreign infringers.
Arent Fox’s Privacy, Cybersecurity & Data Protection team members were in attendance when the Federal Trade Commission (FTC) held its third FinTech Forum on March 9th, 2017. The Forum focused on the consumer implications of artificial intelligence (AI) and blockchain, two rapidly developing technologies.
Phishing scams are arising at a fast and furious pace in the first quarter of 2017, with the IRS recently issuing a warning that these attacks are now targeting non-profits and school districts. These organizations are new on the hit-list, as the phishing attacks have already been known to target for-profit corporations. Phishing is the general term used for how attackers try to persuade a user to provide information. These scams can be conducted by phone or email, and often are so realistic the recipient has no idea that it is not legitimate. Some of the risks of falling prey to these scams is the loss or unauthorized disclosure of sensitive information, the risk of a malware intrusion, or an increased risk of ransomware.
An Executive Order from President Trump’s first days in office raised questions about its impact on the hard-won Privacy Shield, which allows about 1,700 companies to legally transfer data between the EEA and Switzerland and the US. The Order adds a new layer of complexity to the agreements and regulations already at play through the Privacy Act, Judicial Redress Act, Umbrella Agreement, and Privacy Shield.
On January 12, 2017, The Federal Trade Commission (FTC) held its second PrivacyCon conference. PrivacyCon brings together researchers, academics, industry representatives, consumer advocates, and government regulators, to discuss the latest research and trends related to consumer privacy and data security. This year’s PrivacyCon featured presentations from academics and technology researchers covering the following five main areas: (1) the Internet of Things (IoT) and Big Data; (2) mobile privacy; (3) consumer privacy expectations; (4) online behavioral advertising; and (5) information security. FTC Chairwoman Edith Ramirez, who is stepping down effective February 10, 2017, opened the conference with the myriad of ways consumer data is collected, asking if the risks associated with data collection outweigh the benefits.
What’s the News?
Following recent updates, merchants and retailers will soon become subject to the updated Payment Card Information Data Security Standard (PCI DSS), the security standard that organizations need to follow if they handle credit and debit cards from major card companies, such as Visa, MasterCard and American Express. This round of changes will be known as version 3.2 of PCI DSS, and include significant guidance and updates on hot topics such as encryption and strong credentials. Compliance with the changes is important because companies that are subject to PCI DSS but fail to comply face exclusion from processing credit card payments and/or hefty fines. Sometimes, noncompliance could mean leaving open the doors to your cardholder data environment, thereby allowing hackers and malicious entities to enter.
Companies transferring data from Switzerland to the US should take note: the Swiss-US Privacy Shield has arrived!
Why Should You Care?
Global companies that transfer personal information—specifically, the transfer of Swiss individuals’ personal information, from Switzerland to the US—must have a legal mechanism in place for doing so. The Privacy Shield provides an enforceable mechanism that the EU and Swiss governments have deemed adequate. The Swiss-US Privacy Shield complements the EU-US Privacy Shield, which applies only to European Economic Area (EEA) member countries.
ABOUT ARENT FOX LLP
Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.