President Trump recently signed the Broadband Deployment Accuracy and Technological Availability Act. The law requires the Federal Communications Commission (FCC) to collect and disseminate more granular data about the availability of broadband service and to establish processes to ensure data accuracy. The legislation comes in response to commentary about the FCC's broadband coverage maps and suggestions regarding the Form 477 data collection process used to create those maps.
During the coronavirus outbreak, many employers around the world are seeking to prioritise the wellbeing and safety of their employees by asking them to work remotely instead of risking exposure while commuting and working in populated office spaces. Organisations must consider increased risks to the security of their networks, systems and data during this time.
The US courts of appeals increasingly agree on how to interpret the definition of 'automatic telephone dialling system' under the Telephone Consumer Protection Act. A unanimous Seventh Circuit panel recently refused to revise a putative class action after concluding that the dialling system used did not qualify as an autodialer. Like recent Eleventh Circuit and Third Circuit decisions, the Seventh Circuit held that an autodialer must use a random or sequential number generator to either store or produce numbers.
A recent action by the National Advertising Division (NAD), a self-regulatory arm of the Better Business Bureau, illustrates that advertisers that participate but decline to be bound by an NAD decision can expect to be referred to the Federal Trade Commission (FTC). The NAD recently announced that it had referred advertising claims made by a dietary supplement company to the FTC for further review, following a challenge by the Council for Responsible Nutrition.
The Eleventh Circuit panel recently released a landmark ruling in Glasser v Hilton Grand Vacations Company, LLC. The key issue was how to interpret ambiguous language in the Telephone Consumer Protection Act's (TCPA's) definition of an 'automatic telephone dialling system'. In recent years, imprecise statutory phrasing and the Federal Communication Commission's liberal reading of the legislative history has empowered plaintiffs to assert TCPA claims based on a wide array of calling systems.
Two recent cases highlight the increased False Claims Act risk that cybersecurity compliance poses for government contractors. The first is a cautionary tale for contractors that self-certify that their IT systems provide adequate security for sensitive federal information which they store, process or transmit in performance of a federal contract. The second signals the importance of accurately representing compliance with federal cybersecurity standards when selling IT products or services to the government.
The Washington Privacy Act (WPA) gained significant traction in the legislature in 2019, passing the state Senate almost unanimously, but ultimately failing in the state House of Representatives due to discussions around facial recognition and compliance challenges. State Senator Reuven Carlyle has now released a revised draft of the WPA for 2020. If enacted as drafted, this new version of the WPA would come into effect on 31 July 2021.
The Federal Communications Commission (FCC), in consultation with the Department of Agriculture, has announced the members of the Task Force for Reviewing the Connectivity and Technology Needs of Precision Agriculture in the United States. The task force, an advisory body to the FCC, will investigate the current state of broadband access in agricultural areas and recommend policies and regulatory solutions to the FCC to promote broadband deployment and precision agriculture.
The Department of Defence (DoD) has announced a plan to pilot 5G technologies on four military installations in partnership with private industry and the Federal Communications Commission. The project has been heralded as an opportunity for the DoD to work with industry and collaborate across federal agencies to advance the Trump administration's policy of maintaining the United States' global leadership in 5G.
California Governor Gavin Newsom recently signed the Consumer Call Protection Act 2019 to address the rise in deceptive robocalls and protect consumers from fraudulent calls. The act requires telecoms service providers to implement secure telephony identity revisited (STIR) and secure handling of asserted information using tokens (SHAKEN) protocols by 1 January 2021 and is the latest in a series of ongoing efforts to promote STIR/SHAKEN or similar call authentication frameworks.
New York Governor Andrew Cuomo recently signed into law a pair of bills establishing new requirements for businesses that process certain personal information relating to New York residents. The changes include expanding the scope of information covered by New York's data breach notification law. Businesses maintaining the private information of New York residents will now be required to develop reasonable safeguards within their organisation as part of a new reasonable security requirement.
The US Department of Justice (DOJ) has issued a new guidance memorandum entitled "Evaluating a Business Organisation's Inability to Pay a Criminal Fine or Criminal Monetary Penalty". This memorandum aims to provide greater clarity, transparency and uniformity as to how the DOJ's Criminal Division evaluates companies' claims that they cannot pay a proposed criminal fine or monetary penalty.
The California attorney general recently released proposed regulations to implement certain provisions of the California Consumer Privacy Act (CCPA). The attorney general also released a notice of proposed rulemaking and an initial statement of reasons that provide drafting insights and outline considerations that will likely continue to guide the rulemaking process. The proposed regulations provide clarifications for businesses and consumers in five key CCPA areas, including privacy notice requirements.
In a legislative environment charitably described as challenging, the fact that the Senate recently passed cybersecurity legislation by unanimous consent is noteworthy and highlights the bipartisan nature of this issue. The bill requires the newly-formed Department of Homeland Security teams to provide assistance to public and private entities, on request, to prepare for and respond to cyber-related incidents, including (among other things) restoring services after a cyber incident.
The California legislature recently debated several amendments to the California Consumer Privacy Act, eventually passing five bills which now await the governor's signature. Collectively, these bills do not provide the sweeping changes sought by businesses. Instead, the amendments make minor tweaks and postpone for one year some of the more challenging requirements. The passed bills address a range of topics, including providing for a partial, temporary one-year exception for applicant and employee data.
The New York governor recently signed into law a pair of bills establishing new requirements for businesses that process certain personal information relating to New York residents. The changes include expanding the scope of information covered by New York's data breach notification law and defining 'breaches' to include incidents involving unauthorised access to covered information, even where the information is not acquired.
In a long-awaited decision, the Supreme Court was expected to provide greater clarity on the extent to which litigants can challenge the Federal Communications Commission's Telephone Consumer Protection Act interpretations in private litigation. However, instead of deciding that issue, the court vacated the Fourth Circuit's ruling and remanded the case for further development.
Senate Bill 220 was recently signed into law, making Nevada the first state to join California in granting consumers the right to opt out of the sale of their personal information. However, the new privacy law is significantly narrower than the California Consumer Privacy Act (CCPA). For example, it applies only to online activities, defines 'consumer' and 'sale' more narrowly and includes broad exceptions for financial institutions subject to the Gramm-Leach-Bliley Act.
Federal Communications Commission (FCC) Chair Ajit Pai recently announced plans to open a rulemaking proceeding to take a fresh look at the 5.9GHz band. In this new proceeding, the FCC will consider whether and how to allow sharing in the 5.9GHz band between dedicated short-range communication, gigabit Wi-Fi and cellular vehicle-to-everything technologies.
Several legislative proposals seeking to amend the California Consumer Privacy Act are moving forward following a recent hearing before the California Assembly's Committee on Privacy and Consumer Protection in which the bills were approved. The bills will advance to the assembly's Appropriations Committee before being voted on by the full assembly and potentially advancing to the California State Senate for consideration.