UK Has New Snoopers' Charter ... Uh ... Investigatory Powers Act

The UK’s Investigatory Powers Act 2016 officially became law on Tuesday. The Act codifies and updates a wide variety of investigatory and surveillance powers, replacing the Regulation of Investigatory Powers Act 2000. The new Act will not make large changes to UK surveillance law, but it confirms, clarifies, and modestly expands UK surveillance powers, and illustrates that U.S. surveillance powers ‒ both covert before the Snowden allegations, and overt as subsequently limited ‒ are in fact not unusually broad in an international context.

NIST Releases Information Security Guide Aimed At Small Businesses

The National Institute of Standards and Technology (NIST) recently released information security guidance for small businesses. The new guide is aimed at assisting small businesses in understanding and providing basic security for their information, systems, and networks. The guide, which is divided into four sections, includes a basic background on information security, provides advice on understanding and managing risks, identifies effective methods and planning techniques for safeguarding information, and discusses simple and effective user-directed actions for greater system security. The guide also includes several helpful appendices, including sample risk analysis worksheets and policy and procedure statements. The guide is based on NIST’s Cybersecurity Framework, but actually provides a much more comprehensible set of prescriptions and recommendations that businesses can apply in practice.

LinkedIn Is Pushed Out In Russia

Is Russia considering more widespread enforcement of its data protection rules, and should multi-national companies be worried? A Russian court recently enforced Russia’s Data Localization Law (Russian Federal Law No. 242-FZ) against LinkedIn for the company’s failure to store data locally. Preparations are now reportedly underway to block access to the site from within Russia. This may be a warning shot to other large Internet companies, as well as other companies that collect personal information about Russian citizens, sending a strong message: comply with regulations, or face the consequences.

Note to Readers

After nearly 18 years, E-Commerce Law Week will cease publication after this week. It’s been a pleasure.