Time Sensitive Developments on Data Security from Massachusetts, the FTC and the Director of National Intelligence

Privacy, Data Security and Information Law Update

To view this Sidley Update in PDF format, click here.

This Sidley Update is intended to provide clients with brief updates regarding a number of highly current and time-sensitive matters. We recommend that companies consider how these issues may affect their organizations and, in particular, whether any revisions to existing privacy and data security policies should be considered. Please contact Sidley's Privacy, Data Security and Information Law Group if you would like more information or assistance regarding these developments.

Massachusetts Residents’ Data Must Be Specially Protected as of March 1, 2010

On March 1, 2010, Massachusetts’s strict new information security regulations will take effect. The highly-detailed regulations constitute a decisive shift in state regulation, and could set de facto national standards for information security. Companies maintaining personal data on Massachusetts residents will need to establish a comprehensive, written information security plan and apply encryption, where technologically feasible, not only to laptops and other portable media, but also to the transmission of sensitive personal information wirelessly and on public networks. Companies will also need to ensure their own internal policies and their vendor contract language incorporates and adheres to these new information security standards.Click here for a Sidley Update on the issue.

Cybersecurity “Wake-Up Call”

U.S. Director of National Intelligence Dennis Blair recently testified to Congress that the cyber attacks against Google were a “wake-up call” about the vulnerabilities of computer networks to attacks that could cripple the U.S. economy. The House of Representatives passed Cybersecurity legislation (H.R. 4061) in early February and there is likely to be additional legislative and regulatory activity. The House bill seeks to enhance coordination and prioritization of federal research and development; promote development of technical standards; and improve transfer of Cybersecurity technologies to the marketplace. Government contractors and companies involved in businesses supporting critical infrastructure networks (such as telecommunications, finance, energy, transportation, etc.), as well as other companies maintaining potentially vulnerable databases, should assess their technical and legal responses to Cybersecurity risks.

FTC Initiates Widespread P2P Investigation

The Federal Trade Commission announced on February 22, 2010, that it was engaged in a significant campaign to investigate and address and halt exposure of personal information on peer-to-peer (P2P) file-sharing networks. The FTC has issued notices to nearly 100 public and private organizations that it was aware of P2P exposure of customers’ and/or employees’ personal information. The FTC advised identifying and considering notice to persons affected by the organizations’ security breaches, and also announced that it has opened an unidentified number of non-public investigations of additional businesses that have exposed personal information on P2P networks.

If you have questions about any of these items, please contact your regular Sidley Austin LLP contact.

The Privacy, Data Security and Information Law Practice

We offer clients an inter-disciplinary, international group of lawyers focusing on the complex national and international issues of data protection and cyber law. Sidley provides services in the following areas: Privacy and Internet Litigation and Regulatory Advice; Data Breach, Incident Response, and Cybercrime Advice; Global Data Protection and Information Security; International Data Transfer Solutions; Outsourcing and Cross-Border Issues; Gramm-Leach-Bliley and Financial Privacy; HIPAA and Healthcare Privacy; Workplace Privacy and Employee Monitoring; Cyberlaw, E-Commerce, and Internet Issues; Unfair Competition and Consumer Protection.

To receive future copies of the Privacy, Data Security and Information Law Updates via email, please click here.

This Sidley Update has been prepared by Sidley Austin LLP for informational purposes only and does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. Readers should not act upon this without seeking advice from professional advisers.

Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, 212.839.5300 and One South Dearborn, Chicago, IL 60603, 312.853.7000. Prior results do not guarantee a similar outcome.