Internet-connected devices contributing to the Internet of Things (IoT) are projected to exceed 50 billion devices by 2025, according to the Federal Trade Commission’s Bureau of Consumer Protection in its June 2018 comments on the Consumer Product Safety Commission’s notice of public hearing and request for written comments on “The Internet of Things and Consumer Product Hazards.” Such widespread use of and access to these internet-connected devices—which can collect personal data from their users—has spurred legislative movement toward introducing security standards for IoT devices. These initial steps start with the US government’s use of IoT devices through the Senate’s third proposed bill on the subject, S.734. The bill, known as the Internet of Things Cybersecurity Improvement Act of 2019, aims to manage cybersecurity risks regarding secure development, identity management, patching, and configuration management of “covered devices.” Under the proposed bill, a “covered device” is one that can connect to the internet, has data processing capabilities, and “is not a general-purpose computing device.” The covered devices at the focus of this bill refer to devices “owned or controlled by” the federal government.
NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
Additional Information to Include
- Directions for customers to access and update data (e.g., password resets, contact information updates, and mechanisms for unsubscribing)
- Contact details or other means of reaching persons in your organization that can address user queries or concerns
The New York State Assembly on June 17 passed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act, following approval in the State Senate on June 5.
Despite these concerns, many companies’ policies are seemingly insufficient. A recent opinion piece published as part of the New York Times’ Privacy Project assessed 150 privacy policies from various companies and found that the vast majority of them were incomprehensible for the average person. At best, these seem to have been “created by lawyers, for lawyers” rather than as a tool for consumers to understand a company’s practices.
Join Morgan Lewis at our Philadelphia office on April 11 for a discussion on hot topics impacting services contracts in the digital economy. Morgan Lewis labor and employment partner Sarah Bouchard, litigation partner Greg Parks, together with technology, outsourcing, and commercial contracts partners Barbara Melby and Michael Pillion, and associates Christopher Archer and Katherine O’Keefe will speak at the event.
Topics will include:
- Ethical considerations for lawyers working in a digital world
- Common issues to consider when using vendor cloud agreements
- Industry updates
- Contracting for automation solutions
A networking reception will follow the discussions. We hope you can join us!
Morgan Lewis partner Peter Watt-Morse (Pittsburgh) and associate Eric Pennesi (Pittsburgh) will be participating in the Pennsylvania Bar Institute’s 2019 Cyberlaw Update, which will address trending topics, including blockchain and cryptocurrency and security and privacy concerns related to social media, in addition to GDPR.
Topics to be discussed include:
- Social Media Ethics – Its Use and Impact on the Practice of Law
- IP in the Age of Cloud Computing and Artificial Intelligence
- Responding to Data Breaches – Legal Update and Practical Counsel
The event will be hosted at the PBI Professional Development Center (Heinz 57 Center, 339 Sixth Avenue, 7th Floor, Pittsburgh PA, 15222) on Tuesday, April 30 from 9:00 am to 4:00 pm.
The Federal Trade Commission (FTC) is requesting comments on proposed amendments to two rules addressing the privacy and security of customer information under the Gramm-Leach-Bliley Act. The FTC plans to publish the notices in the Federal Register in the near future.
Reece Hirsch, Morgan Lewis partner and editor of the Bloomberg Law California Domestic Privacy Profile, is hosting a webinar, California Privacy Law Update: The California Consumer Privacy Act and More, during which he will review some of the latest developments in California privacy legislation.
California has long taken an innovative approach to privacy legislation and there were many developments in the state in 2018 and going into 2019. Webinar topics will include the following:
- Continuing evolution of the California Consumer Privacy Act, including insights from the Department of Justice’s January public forums
- Internet of Things security law
- Bot transparency law
- Endorsement of the 23 Asilomar AI Principles
- Lodging and common carrier privacy law
- Consumer reporting agency security law
The webinar will take place on Wednesday, February 13, from 1:00 pm to 2:00 pm ET.
The process of “going digital” has drastically affected the outsourcing market in recent years. During their webinar, Outsourcing Across the Globe—Going Digital, Ed Hansen, Simon Lightman, Barbara Melby, and Mike Pierides will discuss how to prepare for the future of outsourcing and leading trends that will impact outsourcing transactions globally in 2019. Topics will include the following:
- Privacy considerations for Europe, China, and beyond
- The increasing impact of automation
- Using the contract to mitigate risk
The webinar will be held on Wednesday, January 23, 2019, from 12:00 pm to 1:00 pm ET (5:00 to 6:00 pm GMT).