Major regulatory changes in data governance recently went into effect in Japan and China that are likely to impact organizations doing business in these Asian markets. While the regulations are long-awaited, their implementation follows on the heels of the global Wannacry ransomware data scare and at the same time as companies attempt to prepare for the European General Data Protection Regulation. Both countries’ changes warrant reviews of company policies and procedures, but they are also quite different: Japan’s straightforward amendments focus on consumer information and data protection, while China turned a controversial focus to network operators managing data.
Arent Fox LLP is pleased to announce that Privacy, Cybersecurity & Data Protection partner Sarah L. Bruno and Labor & Employment partner Jennifer C. Terry have been named among the “Top Women Lawyers” in California by the Daily Journal as a result of their impressive track record of successes on behalf of clients, their role as mentors within the firm, and their impact on the overall legal profession.
Ransomware is old news, as we had previously written here. Its latest iteration, the currently circulating WannaCry ransomware, is no laughing matter. The WannaCry vulnerability was reportedly first uncovered by the National Security Agency (NSA) but kept under wraps as a potential tool for possible surveillance. It was subsequently found by hackers who released a cache of stolen NSA documents on the internet, including details about WannaCry.
March and April were very busy months for the Federal Trade Commission’s Office of Consumer Protection staff who focus on “Made in USA” enforcement. Indeed, FTC issued seven “closing letters” to companies during a three-week period, in which FTC closed out its investigations involving allegations that each company “overstated the extent to which” the products in each case were made in the United States. In each case, the FTC closed out the investigation based on the company’s agreement to implement a remedial action plan, including but not limited to such actions as removing unqualified US-origin claims from websites and social media and providing corrected qualified claims to third-party resellers and distributors. This flurry of activity began on March 14, 2017 and ended on April 5, 2017, as follows:
Last week, numerous hospitals operated by Britain’s National Health Service (NHS) suffered a ransomware event in which hospital computer systems were encrypted, phone lines became inoperable, patients were diverted, and a Bitcoin ransom was demanded. Hospitals across Britain shut down their computer systems in order to protect patient data and prevent further spread and advised people to stay home unless there was an emergency. NHS Digital, Britain’s national hospital cybersecurity overseer, stated that 16 NHS organizations across Britain had reported an incident, but that the attack did not appear to be specifically targeting NHS hospitals. At this time, there is no indication that the ransomware has exfiltrated any personal data from the NHS.
The Federal Trade Commission recently sent more than 90 letters to celebrities, athletes, and other influencers reminding them that brand endorsements made in social media posts must comply with the FTC’s Endorsement Guides. The letters reminded social media influencers – individuals or groups recruited to promote a brand’s products or services – that social media endorsements must clearly and conspicuously disclose “material connections” between the influencer and the brand, and focused on the need to disclose such connection in Instagram posts.
What’s the News?
The Federal Trade Commission is asking “who’s watching who?” in a recent settlement with Vizio over the consumer electronics brand’s smart TVs. Vizio’s settlement with the FTC and the New Jersey Attorney General comes in at $2.2 million after a complaint that Vizio tracked consumer viewing data on 11 million smart TVs since 2014 without their knowledge and sold it to third parties. Vizio must also delete all data collected up until March 2016, disclose its data practices, and improve its privacy policies.
In December 2016, the EU’s Article 29 Working Party (A29WP)—a group comprised of EU national data protection authorities (DPAs) that advises the EU Commission on EU data protection law—issued a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.
ABOUT ARENT FOX LLP
Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.