On December 4, 2024, four of the five members of the Five Eyes intelligence-sharing group (the United States, Australia, Canada, and New Zealand) law enforcement and cyber security agencies (Agencies) published a joint guide for network engineers, defenders of communications infrastructure and organizations with on-premises enterprise equipment (the Guide). The Agencies strongly encourage applying the
Kathleen Porter
Kathy Porter's practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies' privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.
European Commission Adopts EU-U.S. Data Privacy Framework
On July 10, the European Commission (EC) published its data adequacy decision for the new EU-U.S. Data Privacy Framework (EU-U.S. DPF). This means that companies can transfer personal data from EU countries and from Iceland, Liechtenstein and Norway to U.S. organizations participating in the EU-U.S. DPF consistent with EU law. It is also expected that…
Growing Calls to Ban Chinese Owned TikTok App and Other Software Apps Considered to be National Security Threats
Chinese company ByteDance faces growing concerns from governments and regulators that user data from its popular short video-sharing app TikTok could be handed over to the Chinese government. The concern is based on China’s national security laws, which give its government the power to compel Chinese-based companies to hand over any user data. More than…
Biden’s Executive Order Implementing New EU-U.S. Data Privacy Framework to Replace Privacy Shield
President Biden recently signed an executive order establishing the implementation of the new EU-U.S. Data Privacy Framework, which would provide for the possibility of the lawful transfer of personal data from the European Union (EU) to the United States (U.S.), while ensuring a strong set of data protection requirements and safeguards.[1] Once approved…
Location Data Results in Resignation of High-Profile Church Official
Location data is data that marks the longitude/latitude location of a smartphone or other device at a particular time, or over a period of time. It works like this: each day our device, which has a unique identifier or ID, uses or connects to multiple location signals, like GPS, Wi-Fi, Bluetooth, cell towers or other…
Colonial Pays Millions in Ransomware Attack on Pipeline
Colonial Pipeline paid hackers a ransom of $4.4 million in bitcoin soon after discovering a cybersecurity hack on its systems that began on May 6. The company’s acknowledgement comes after days of speculation about whether a ransom was paid to the hackers. The company’s CEO defended the “difficult” decision to pay the ransom, maintaining he…
Crippling Ransomware Attack on Pipeline Exposes Vulnerabilities in U.S. Critical Infrastructure
Colonial Pipeline, a company that transports more than 100 million gallons of gasoline and other fuel daily across 14 states from Houston to New York Harbor, shut down the pipeline last Friday after discovering ransomware on its computer systems. The FBI has blamed the attack on a ransomware group called DarkSide.
The hack reportedly began…
Unidentified Hacker Breaches Florida City’s Water Treatment System
A Tampa, Florida area water facility was recently hacked using a popular remote-access software tool. The unidentified hacker also used the software to connect to an on-site computer and then used that computer to access the facility’s control panel. Once there, the hacker programmed a 100x-increase in the levels of sodium hydroxide (lye) to be…
Twitter fined $546,000 in December 2020 by European Data Protection Authority for 2019 Breach Notification Violations
The Irish Data Protection Commission (DPC) fined Twitter 450,000 euros (about US$546,000) for failing to timely notify the Irish DPC within the required 72 hours of discovering a Q4 2018 breach involving a bug in its Android app, and also for failing to adequately document that breach. The bug caused some 88,726 European Twitter users’…
U.S. Supreme Court Declines to Hear Case on Whether Commercial Websites and Mobile Apps Subject to Title III of the Americans with Disabilities Act (the “ADA”)
The ADA was enacted in 1990 to prohibit discrimination against persons with disabilities. It did not include express rules about access to websites and mobile apps. But that hasn’t stopped a flood of lawsuits against companies based on claims their websites or mobile apps might not be accessible to people with disabilities, such as visual,…