Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On June 21, the FTC released updated guidance designed to assist businesses when complying with the Children’s Online Privacy Protection Rule (COPPA), which regulates what websites and online services are required to do to ensure the protection of children’s privacy and safety online. Specifically, the updates address the following issues: (i) the method by which companies monitor the collection of personal data as technology evolves in order to stay compliant; (ii) they ways COPPA impacts the “Internet of Things” as new “connected devices” continue to expand beyond websites and mobile apps; and (iii) new methods such as “ knowledge-based authentication questions and using facial recognition to get a match with a verified photo ID” to obtain parental consent. Additionally, the FTC revised its Six-Step Compliance Plan for Your Business to help companies determine whether they are covered by COPPA and how to comply with the rule.
Recently, the National Telecommunications and Information Administration (NTIA) published a request for public comment regarding the current technology and policy landscape of the Internet of Things (IoT). (IoT is the broad umbrella term that seeks to describe the connection of physical objects, infrastructure, and environments to various identifiers, sensors, networks, and/or computing capability.) The notice includes a list of 28 questions ranging from which definition of IoT should the NTIA use to examine its landscape to how the government should address or respond to privacy concerns about IoT. The questions are divided into seven sections: (i) general; (ii) technology; (iii) infrastructure; (iv) economy; (v) policy issues; (vi) international engagement; and (vii) additional issues. Comments are due by May 23, 2016.
E-discovery is poised to enter a new revolution as the Internet of Things (“IoT”) continues its seemingly exponential growth. IoT is the ecosystem of interconnected sensory devices that perform coordinated, pre-programmed – and even learned – tasks without the need for continuous human input. Consider your fitness tracker that logs your sleep and physical activity, or sensors in your vehicle that track your driving habits on behalf of your auto insurance provider– all of these objects log and upload data about your body and habits into the cloud for analysis and use in automated tasks. All this data, projected to impact nearly every facet of industrialized society, has presented numerous preservation, collections, and analytical challenges for litigators navigating e-discovery in the world of the IoT. But despite these challenges, litigators can use technological and legal tools to effectively manage IoT discovery.
- It is true that IoT was not designed with e-discovery in mind, but neither was email or social media.
IoT data is generated by machines and usually transferred to the cloud rather than being stored on devices. This data storage process, which is largely automated, presents numerous preservation conundrums for litigators.
“Although innovation in e-discovery necessarily lags behind the innovation of the underlying technology, technology has always solved the problem that it had created. There’s no reason to believe the IoT experience will be materially different. But until that day arrives, courts should avail litigants of protections against disproportionate e-discovery efforts,” said Elizabeth McGinn, Partner in the DC office of BuckleySandler LLP.
- The responding litigant may not have the requisite control over IoT data to preserve it.
“The challenge of who controls cloud data is not unique to the IoT,” said Ty Yankov, Associate in the DC office of BuckleySandler LLP.
Technology companies have invested billions to maintain access to the data created from IoT devices, which calls into question who can control data created by such devices – the company who created the device or the person who’s data the device has collected?
- Preservation of IoT may be limited by the proposed revisions to the Federal Rules of Civil Procedure.
“Perhaps the most potent limitation to a party’s preservation and collection obligation of IoT data may rest in the timely proposed revisions to the Federal Rules of Civil Procedure, which are widely expected to take effect by the end of 2015,” said McGinn. Mindful of litigants’ inclination to over-preserve evidence, the Rules Committee seeks to clarify and limit litigants’ discovery obligations in four important ways:
- Proposed Rule 26(b) limits discoverability to issues within the parties’ claims or defenses, eliminating broad subject matter discovery.
- Proposed Rule 26(b)(2)(i) redefines the scope of discovery to include a proportionality principle.
- Proposed Rule 37(e) extends the proportionality principle to the duty to preserve evidence.
- Proposed Rule 26(b)(2)(B) reaffirms the allocation of expenses as a potential protective order remedy.
“IoT’s impact to data preservation and collection in e-discovery will be more muted that many fear,” said Yankov. “This is in large part due to the anticipated adoption of the proposed revisions to the Federal Rules as applied to the unique challenges of its preservation and accessibility.”
In their recently published article, “Treading Beyond the Iota of Fear: eDiscovery of the Internet of Things,” McGinn and Yankov provide further discussion on the changes and challenges IoT brings to e-discovery.
- Jonice Gray Tucker to moderate “Pandemic relief response and lasting impacts on access, credit, banking, and equality” at the American Bar Association Business Law Section Spring Meeting
- Jeffrey P. Naimon to discuss "Post-pandemic CFPB exam preparation" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Making fair lending work for you" at the Mortgage Bankers Association Spring Conference & Expo
- Jonice Gray Tucker to discuss "Reading the tea leaves of President Biden’s initial financial appointees" at LendIt Fintech
- Moorari K. Shah to discuss “CA, NY, federal licensing and disclosure” at the Equipment Leasing & Finance Association Legal Forum
- Jonice Gray Tucker to discuss "Compliance under Biden" at the WSJ Risk & Compliance Forum
- Sherry-Maria Safchuk to discuss UDAAP at an American Bar Association webinar
- Jonice Gray Tucker to discuss “The future of fair lending” at the Mortgage Bankers Association Legal Issues and Regulatory Compliance Conference