On Wednesday, April 29, 2015, the Department of Justice Computer Crime and Intellectual Property Section (CCIPS) Cybersecurity Unit issued new, detailed guidance on data breach incident response best practices. The document was announced at an invitation-only round table hosted by DOJ and provides guidance on what DOJ regards as “best practices for victims and potential […]
FTC Settles With Retail Tracking Firm Regarding Alleged Opt-out Misrepresentation
On April 23, 2015, the FTC and Nomi Technologies, Inc. (“Nomi”) settled the FTC’s misrepresentation charges related to Nomi’s “Listen” service, a multiple sensor technology that allows retailers to measure consumers’ in-store movements. Nomi’s sensors track consumers as they browse physical stores. According to the complaint, “Nomi places sensors in its clients’ retail locations that detect […]
NAIC Publishes Principles for Effective Cybersecurity
The National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force adopted Principles for Effective Cybersecurity Insurance Regulatory Guidance on April 16, 2015. The document identifies types of safeguards regulators expect insurers to have in place to protect consumers from cybersecurity breaches. The guiding principles are intended to establish insurance regulatory guidance that promotes coordination and […]
SEC Confirms Plans To Issue New Cybersecurity Disclosure Rules
According to Smeeta Ramarathnam, Chief of Staff to SEC Commissioner Luis Aguilar, the SEC is currently engaging in a comprehensive re-work of its investor disclosure rules, including with respect to rules bearing on cybersecurity incident disclosure. The SEC, which is formally tasked with overseeing issues that concern market integrity and disclosure of material information, revealed […]
HHS Issues Guidance on HIPAA and Workplace Wellness Programs
On Thursday, April 16, 2015, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued guidance, consisting of two frequently asked questions (FAQs), on the application of the HIPAA Privacy, Security, and Breach Notification Rules to workplace wellness programs. HHS explains in one of the FAQs that the […]