On December 5, 2017, the National Institute of Standards and Technology (“NIST”) published a proposed update to its Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”). NIST is a non-regulatory federal agency within the Department of Commerce, with a mission to promote innovation and industrial competitiveness in the United States by advancing measurement science, standards and technology in beneficial ways. The Framework was initially developed as a result of the issuance of Executive Order 13636 in 2013 (“Executive Order”), which specifically addressed the cybersecurity of critical infrastructure (defined below) and directed NIST to work with stakeholders to develop a voluntary framework for reducing cyber risks to such critical infrastructure. Therefore, the Framework provides nonbinding guidance, and compliance is not mandatory. In practice, the Framework is used as the basis for best practices by many companies in the United States that have cybersecurity policies and procedures. The Framework has generally been praised as a successful example of cooperation between the public and private sector and is cited by many as a more effective approach than prescriptive regulatory requirements.
Continue Reading NIST Proposes Fine-Tuning of its Framework for Improving Critical Infrastructure Cybersecurity
United States
Newly Created SEC Cyber Unit Takes First Action Against Allegedly Fraudulent ICO
By Rahul Mukhi & James Michael Blakemore on
On Monday, December 4, 2017, the U.S. Securities and Exchange Commission (SEC) obtained an emergency order from a U.S. District Court in New York to enjoin an allegedly fraudulent initial coin offering scheme. The SEC’s complaint alleges that Dominic Lacroix, a recidivist securities law violator, and his company PlexCorps violated the anti-fraud and registration provisions of the U.S. federal securities laws in collecting up to $15 million in investor funds purportedly in exchange for digital tokens and promised returns in excess of 1,000% in 29 days. The complaint also charges Lacroix’s partner Sabrina Paradis-Royer with securities fraud. Among other relief, the district court has granted the SEC’s request to freeze the defendants’ assets.
Continue Reading Newly Created SEC Cyber Unit Takes First Action Against Allegedly Fraudulent ICO
Bitcoin’s Future: CME and Other Exchanges Self-Certify Bitcoin Futures and Options with the CFTC
By Colin D. Lloyd & James Michael Blakemore on
Last Friday, December 1, 2017, the U.S. Commodity Futures Trading Commission (CFTC) announced that three futures exchanges—the Chicago Mercantile Exchange Inc. (CME), the CBOE Futures Exchange (CBOE) and the Cantor Exchange (Cantor)—self-certified that they will be listing futures contracts (CME and CBOE) and options (Cantor) referencing bitcoin. Trading in bitcoin futures will commence at the CBOE on December 10 and on CME on December 18, with Cantor’s options trading to follow. Listing these contracts will allow both institutional and retail investors to obtain long or short exposure to bitcoin without buying or selling the underlying bitcoin itself.
Continue Reading Bitcoin’s Future: CME and Other Exchanges Self-Certify Bitcoin Futures and Options with the CFTC
EU-U.S. Privacy Shield Functions Well, with Scope for Improvement, According to its First Annual Review
By Emmanuel Ronco, Natascha Gerlach, Gareth Kristensen & Lucinda Smart on
On October 18, 2017, the European Commission published its report on the functioning of the EU-U.S. Privacy Shield framework (the “Privacy Shield”), marking the conclusion of its first joint annual review of the regime. The Privacy Shield, which is administered by the International Trade Administration within the U.S. Department of Commerce (“DOC”), provides companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States. To join the Privacy Shield, a U.S.-based organization is required to self-certify to the DOC and publicly commit to comply with the Privacy Shield requirements. While joining the Privacy Shield is voluntary, once an eligible organization makes the public commitment to comply with the Privacy Shield requirements, the commitment will become enforceable under U.S. law.
Continue Reading EU-U.S. Privacy Shield Functions Well, with Scope for Improvement, According to its First Annual Review
Schrems Ruling: Renewed Scrutiny of Standard Contractual Clauses for EU-US Personal Data Flows
By Emmanuel Ronco & Gareth Kristensen on
Earlier this month, in the latest ruling to emerge from the privacy campaign initiated by activist Max Schrems, the Irish High Court cast fresh doubt on the legitimacy of so-called Standard Contractual Clauses (“SCCs”, also commonly referred to as Model Contracts) as an approved method of ensuring lawful personal data transfers from the European Economic Area (“EEA”) to the United States. In this case, Mr. Schrems, joined by the Irish Data Protection Commissioner (“DPC”), objected to Facebook Ireland Ltd. transferring personal data to its parent company in the U.S., Facebook Inc.
Continue Reading Schrems Ruling: Renewed Scrutiny of Standard Contractual Clauses for EU-US Personal Data Flows