Increasing and disruptive cyberattacks on government and private networks have heightened the need for businesses to address this issue not only to protect their assets and reputations, but also to ensure that government policies are properly focused and do not create more harm than good. New cybersecurity legislation from Congress and the Obama Administration's Cyberspace Policy Review, which seeks to create public-private partnerships to protect the nation's digital infrastructure, will likely have significant impacts on corporate activities and business plans, both nationally and internationally. Wiley Rein continually monitors current and developing domestic and international initiatives in this area and leverages our knowledge and experience to assist clients.
Information & Communication Technology Security | Internet & E-Commerce | Privacy & Data Security
Information & Communication Technology Security
Wiley Rein has regularly counseled businesses on information and communication technology (ICT) security issues and helped shape the government’s technology policies. We advise companies doing business in the United States about Federal Trade Commission (FTC) cybersecurity requirements, notably:
- The importation of Gramm-Leach-Bliley privacy/security requirements into Section 5 (such that it is considered unfair practice to fail to adopt or implement sufficient privacy/security policies);
- The treatment of new “red flags” rules requiring creditors (including most wireless communications companies operating in the United States) and financial institutions to develop and implement written identity theft prevention programs;
- The encryption of sensitive personal information;
- Requiring passwords (and that passwords be changed on a regular basis);
- Deleting information after it is no longer necessary;
- The training of employees; and
- Conducting periodic security risk assessments and improving policies accordingly (in some cases).
Wiley Rein has developed a plan of action for the U.S. Critical Infrastructure Assurance Office (CIAO) to engage CEOs and boards of directors on critical infrastructure protection and has regularly addressed for clients the legal issues relating to the interception and disclosure of the contents and records of telecommunications as well as Customer Proprietary Network Information (CPNI). Our attorneys have counseled clients on the applicability of the Foreign Intelligence Surveillance Act (FISA), the Wiretap Act, the Electronic Communications Privacy Act (ECPA), and other federal privacy statutes; counseled the world’s largest communications firms and Internet service providers concerning privacy and security challenges following September 11, 2001; and represented clients in litigation over these issues.
Specifically, we have:
- Advised communications clients and Internet service providers on the Communications Assistance for Law Enforcement Act (CALEA), enhanced 911 requirements, equipment authorization, privacy and homeland security issues, the USA PATRIOT Act, and other laws imposing law enforcement assistance obligations.
- Advised clients about their obligations under the Emergency Alert System and other rules concerning the presentation of emergency information to hearing-impaired television viewers.
- Represented a leading nonprofit research organization in a federal computer-hacking investigation.
- Developed a risk management and loss control manual and legal counseling service for energy and utility Internet, intranet, and e-commerce operations.
- Designed a plan to allow the U.S. subsidiary of a foreign aerospace firm to handle classified data while exchanging unclassified data with its parent company.
- Counseled a leading developer of secure email technology on health care privacy issues.
- Developed terms and conditions for website operators to limit liability and ensure authority to take prompt action to interdict security threats.
- Assisted a Fortune 500 corporation in developing a policy to address Internet-related threats.
- Advised communications and Internet service providers regarding international cybercrime initiatives and related obligations.
- Advised the World Bank, U.S. Agency on International Development (USAID) and numerous developing countries on laws and regulations pertaining to cybercrime and information and infrastructure security.
- Handled encryption-related issues, including representing a major software provider in encryption controls and obtaining a security clearance and counseling the leading provider of encryption-related equipment and software.
Our attorneys have served on the FTC Advisory Committee on Online Access and Security, studying the need for federal policy standards on security and consumer access to personally identifiable data gathered via the Internet.
Internet & E-Commerce
Wiley Rein attorneys have a long history of involvement in legal and regulatory issues associated with groundbreaking technologies. Our professionals have structured online alliances and agreements to create new markets, worked to adapt intellectual property rights to new media, and successfully litigated new theories to promote and protect client interests.
Wiley Rein is geared to meet the full array of security issues facing organizations that use technology. We have combined our expertise in communications and technology law with the technical capabilities of supporting experts and can:
- Conduct security assessments to identify legal, policy and management vulnerabilities, and technology-related risks.
- Counsel on emerging security and technology-related laws and regulations that affect corporate operations.
- Develop policies and train personnel regarding the protection of information and networks, fiduciary duties, identifying digital assets, risk management, intrusion detection and response, and disaster recovery.
- Advise on search and seizure of electronic evidence and jurisdictional issues, conduct internal investigations, and provide litigation support on technology and security-related matters.
- Provide risk management and security legal advice during the corporate strategic planning process.
Privacy & Data Security
Information security and related privacy issues have become a critical component of the overall national security debate. Governments in the United States and abroad are requiring companies to support more surveillance requests, necessitating a review of privacy, security, and confidentiality policies. These government agencies seek a wide range of personal information, and companies need to know the ins and outs of what the law requires and permits.
Wiley Rein counsels national and international clients with regard to privacy issues. We represent domestic and international businesses, as well as major trade associations, in many areas, including communications, Internet portals, health care and insurance, financial services, online advertising, biometrics, information security, manufacturing, retailing, franchising, and distribution.
Our capabilities include:
- Advising start-ups and leading e-commerce companies on the emerging risk of European Union (EU) privacy regulation of the global Internet and proposed steps to reduce the risk of business disruptions.
- Assisting both Fortune 500 and fledgling firms in conducting privacy self-assessments and gauging the suitability of the U.S./EU Safe Harbor.
- Negotiating—with European privacy regulators—agreements for keeping trans-Atlantic data flows open for multinational financial services and communications companies.
- Counseling on radiofrequency identification (RFID) technology policy that allows remote, automatic tracking of RFID-tagged products and representing clients before the Federal Communications Commission (FCC) on RFID issues.
The firm’s comprehensive capabilities with issues relating to data breaches cover counseling companies operating in the United States on compliance with state data breach notification laws, as well as helping companies avoid breaches in the first place, in part by assisting companies’ IT departments establish policies requiring the encryption of sensitive personal information and limiting the ability of such data to travel beyond the controlled areas of the company.
In addition, protecting the information infrastructure is critical—along with increasing protections for a wide range of personal and commercial information. Our Privacy Practice assists companies on the full spectrum of information security and privacy issues, ranging from integrated compliance programs to investigations to litigation and enforcement actions. Our International Telecommunications Team also monitors policy developments and has experience with efforts now underway at the FCC and in Congress to enhance homeland security. Notably, we counseled the world’s largest communications firms and Internet service providers concerning privacy and security challenges following the attacks on September 11, 2001.
ISSUE: DECEMBER 2014
IN THIS ISSUE
Some FAQs on HIPAA De-Identification
By Kirk J. Nahra
December 2014 | Risky Business Magazine
Waldorf Astoria Deal Is Likely Headed for CFIUS Review
By Daniel B. Pickard, Nova J. Daly and Usha Neelakantan
November 3, 2014 | Law360
US regulators react to cyber threats to medical devices
By Sonali P. Gunawardhana and Megan L. Brown
November 2014 | eHealth Law & Policy Journal
RECENT NEWSMegan Brown and Scott Delacourt Featured in Federalist Society Podcast on FTC Cybersecurity Oversight
April 23, 2014