Enter to open, tab to navigate, enter to select
Privacy and Data Security: 2014 Highlights
Practical Law Legal Update 8-596-6346 (Approx. 4 pages)
Privacy and Data Security: 2014 Highlights
by Practical Law Intellectual Property & Technology
| Published on 27 Jan 2015 • USA (National/Federal) |
A Legal Update discussing some of the key developments in privacy and data security in 2014. This Update includes a discussion of regulatory developments from the Federal Trade Commission (FTC), the Consumer Financial Protection Bureau (CFPB) and the Federal Communications Commission (FCC) and federal cybersecurity legislation.
Privacy and data security remained a hot topic in 2014, with key developments occurring across a broad array of federal and state legislative and regulatory authorities and affecting virtually every industry.
Federal Regulatory Highlights
The FTC remained the principal federal privacy and data security regulator in 2014 and won the first round in its fight over its enforcement authority with Wyndham Worldwide Corporation (FTC v. Wyndham Worldwide Corp., 10 F. Supp. 3d 602 (D.N.J. Apr. 7, 2014)). In addition, the FTC released reports regarding mobile shopping apps and the data broker industry and updated its Children's Online Privacy Protection Act (COPPA) Rule guidance.
Other federal regulatory highlights in 2014 included:
- The Federal Communications Commission (FCC) jumped into data security enforcement by announcing its intent to assess a $10 million fine against two telecommunications companies for failing to adequately safeguard customers' personal information (see Legal Update, FCC to Fine Phone Carriers $10M for Failing to Safeguard Customer Data).
- The Consumer Financial Protection Bureau (CFPB) finalized a new rule permitting online delivery of annual privacy notices under certain circumstances (see Legal Update, CFPB Finalizes Rule Permitting Online Posting of Privacy Notices).
Congressional Action (Finally)
Although ultimately Congress failed to pass any comprehensive consumer privacy laws in 2014, Congress passed five cybersecurity bills in December, largely directed at governmental agencies. Most significantly for private industry, Congress passed:
- The Cybersecurity Enhancement Act of 2014 (Pub. L. 113-274, 128 Stat. 2971 (2014)).
- The National Cybersecurity Protection Act of 2014 (Pub. L. 113-282, 128 Stat. 3066 (2014)).
State Legislative Highlights
Given the absence of any concerted federal action, state legislatures and regulators have led the charge in recent years on privacy and data security initiatives, and that trend continued in 2014. Key state legislative developments in 2014 included:
- California enacted several significant privacy laws.
- Data breach notification laws continued to expand.
- Delaware enacted the nation's first fiduciary access to digital assets law (see Legal Update, Delaware Enacts Law Granting Rights to Decedents' Online Accounts).
The proliferation of high-profile data breaches continued in 2014, including well-publicized attacks on Home Depot and Sony Pictures. Both government and industry stepped up cybersecurity efforts in 2014, and privacy and data security should remain a key issue in 2015.
For a complete discussion of these and other key privacy and data security developments in 2014 and the issues that are likely to be at the forefront in 2015, see Article, Trends in Privacy and Data Security: 2014.