The Sedona Conference®, a nonprofit research and educational think tank dedicated to the advanced study of law, particularly in information governance, has released its Incident Response Guide , open for public comment through June 19, 2018. Drafted by Working Group on Data Security and Privacy Liability (WG11), the guide is meant to serve as a practical resource for practitioners dealing with the legal, technical, and policy issues related to data-related incidents – from distributed denial-of-service to ransomware attacks.
US FDA Approaches to Artificial Intelligence
Artificial Intelligence (AI) can be employed in a health care setting for a variety of tasks, from managing electronic health records at a hospital, to market research at a benefits management organization, to optimizing manufacturing operations at a pharmaceutical company. The level of regulatory scrutiny of such systems depends on their intended use and associated risks.
In the U.S., for medical devices using AI, one of the key regulatory bodies is the Food and Drug Administration (FDA), especially its Center for Devices and Radiological Health (CDRH). CDRH has long followed a risk-based approach in its regulatory policies, and has officially recognized ISO Standard 14971 “Application of Risk Management to Medical Devices.” That standard is over 10 years old now, and therefore is currently undergoing revisions – some of which are meant to address challenges posed by AI and other digital tools that are flooding the medical-devices arena.
Continue reading “US FDA Approaches to Artificial Intelligence”
Ninth Circuit Rules in Travelers Case, Involving Social Engineering Fraud and Cyber Insurance
The 9th U.S. Circuit Court of Appeals affirmed the district court’s ruling in Aqua Star (USA) Corp., vs Travelers Casualty and Surety Company of America. The case involved fraudulent emails purporting to be from the insured’s suppliers directing that the insured direct its payments to a new account purportedly opened by that supplier. Based on that fraudulent communication, the insured transferred $713,890 due its supplier to the fraudulent “new account.”
FTC Announces Expanded Settlement with Uber
The FTC withdrew its August 2017 administrative complaint and proposed consent agreement with Uber Technologies, Inc. (Uber) and issued a revised complaint against Uber Technologies, Inc. Uber has accepted a revised proposed consent agreement which will be subject to public comment for 30 days.
Continue reading “FTC Announces Expanded Settlement with Uber”
U.S. Congress Approves CLOUD Act for Data Stored Overseas
On March 23, 2018, Congress passed the “Clarifying Overseas Use of Data Act,” also known as the “CLOUD Act” (H.R. 4943, S. 2383), a new U.S. law that will have a dramatic effect on the United State government’s control over and access to data stored overseas. The CLOUD Act was introduced to the U.S. Senate and House of Representatives on February 6, 2018, as part of a $1.3 trillion omnibus spending bill. The bill passed both houses of Congress on March 23, 2018, and was signed into law by the President the next day.
Continue reading “U.S. Congress Approves CLOUD Act for Data Stored Overseas”
FCC to Wade into the US Telecom Supply Chain in the Name of National Security
The Federal Communications Commission (FCC) made headlines on March 26 when Chairman Ajit Pai proposed that the FCC bar several companies, in the name of national security, from participation in the FCC programs. The FCC plans to vote on this proposal at its next Open Meeting on April 17, 2018.
The proposal was prompted by letters he received from 18 Congressional leaders last December, which asserted the potential for compromised security of U.S. telecommunications networks through insecure equipment supply chains required FCC consideration. Chairman Pai responded to the Congressional letters by noting that FCC itself does not purchase or use the equipment from the named companies and would not intend to take service from a service provider that does. The Chairman however did not stop there; he is proposing that certain companies be barred from participating in the Universal Service Fund (USF) program that subsidizes carrier equipment.
Continue reading “FCC to Wade into the US Telecom Supply Chain in the Name of National Security”