DBR ON DATA

Security, Privacy and Information Governance

Author: Anthony Glosson

NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18

Share

On February 14, 2018, the National Institute of Standards and Technology (NIST) released a draft of its NIST Interagency Report 8200 (NISTIR 8200), which is intended to inform policymakers and standards participants in developing and implementing cybersecurity standards in and for IoT devices and systems.  At a high level, the draft report is intended to:

  • provide a functional description for IoT (Section 4);
  • describe several IoT applications that are representative examples of IoT (Section 5);
  • summarize the cybersecurity core areas and provides examples of relevant standards (Section 6);
  • describe IoT cybersecurity objectives, risks, and threats (Section 7);
  • provide an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
  • map IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).

Continue reading

Limits of the VPPA: Ninth Circuit Panel Upholds Dismissal of VPPA Claim in Eichenberger v. ESPN, But Creates Low Bar for Satisfying Article III

Share

A federal circuit court recently rules that there was no actionable violation of the Video Privacy Protection Act (VPPA) when ESPN shared a user’s movie streaming device serial number with a third party.

A three judge panel of the U.S. Court of Appeals of the 9th Circuit unanimously affirmed a district court decision dismissing a claim alleging a violation of the VPPA, holding that the serial number of a Roku movie streaming device is not “personally-identifiable information” under the statute in Eichenberger v. ESPN, Inc., No. 15-35499 (9th Cir.).  In so doing, however, the Ninth Circuit also joined the Third and Eleventh Circuits in holding that, when alleging a violation of the VPPA, allegations of additional consequences stemming from the violation are not necessary to meet Article III’s standing requirement.

Continue reading

A Top-5 Panel Round-up of the Mobile World Congress Americas

Share

The Mobile World Congress Americas (MWCA) brought more than 30,000 attendees together from around the world to discuss the latest technologies, telecommunications developments, and policies last month.  The conference, which was held in San Francisco, included a massive exhibition floor, numerous panel events, and countless ancillary networking events.  What follows is a top-five round-up of key takeways from MWCA panels, in no particular order.

Continue reading

FTC Updates COPPA Guidance to Approve New Parental Consent Methods; Clarify Obligations for Sites not Primarily Targeting Children

Share

The Federal Trade Commission (FTC) has updated its guidance applicable to the Children’s Online Privacy Protection Act (COPPA) to reflect developments in the digital advertising ecosystem and a burgeoning Internet of Things marketplace. The Guidance revises its six-step compliance plan to keep current with developing technology.

The Guidance, which had existed in substantially the same form since 2015, contains three new updates relating to new methods for obtaining parental consent, new products covered by COPPA, and new business models.

Continue reading

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy