President Donald Trump recently signed an Executive Order on cybersecurity, “Strengthening the Cybersecurity Federal Networks and Critical Infrastructure.” The EO is divided into sections on: cybersecurity of federal networks cybersecurity of critical infrastructure (CI) to support CI at greatest risk cybersecurity risks to the defense industrial base strategic options for deterrence and protection of the … Continue Reading
President Trump recently issued Executive Order 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which included a section on Resilience Against Botnets and Other Automated, Distributed Threats. The Executive Order requires the Departments of Commerce and Homeland Security to produce a report on Botnets based on industry and other stakeholder input. As … Continue Reading
Written by Michelle Anderson and Samantha Glazer In a June 21, 2017 blog post, the FTC announced updates to its Six-Step Compliance Plan for Your Business under the Children’s Online Privacy Protection Act (COPPA). The revisions make clear that the FTC considers new business models (e.g., voice-activated devices) and products (e.g., connected toys) to be … Continue Reading
Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only … Continue Reading
Written by Michelle Anderson and Anne Kierig New York Attorney General Eric Schneiderman announced that his office received a record number (1,300) of data breach notices in 2016. In the press release, Attorney General Schneiderman also provided a list of recommendations for how organizations can help protect sensitive personal data—a list that could be used … Continue Reading
Written by Carol Umhoefer and Caroline Chancé On March 15, 2017, the CNIL published a 6-step methodology for companies that want to prepare for the changes that will apply as from May 25, 2018 under the EU the General Data Protection Regulation (“GDPR”). The abolishment under GDPR of registrations and filings with data protection authorities … Continue Reading
Consumer Reports (CR) announced on March 6, 2017, that it is developing a new standard—The Digital Standard—for safeguarding consumers’ security and privacy. The eventual goal is for CR to use the Standard to evaluate and rate consumer products. By scoring products based on certain Standard criteria, CR aims to help consumers make informed purchasing decisions … Continue Reading
Guidance on who is a “key information infrastructure operator” under the PRC Cybersecurity Law, and draft regulations on handling minors’ data In the rapidly evolving data protection compliance environment in the People’s Republic of China, this month has seen some helpful clarification around two areas of uncertainty – namely: some further indications as to whom … Continue Reading
Written by Jim Halpert and Michelle Anderson The National Institute of Standards and Technology (NIST) released proposed revisions (draft Version 1.1) to its Framework for Improving Critical Infrastructure Cybersecurity (“Cybersecurity Framework”) on January 10, 2017. The latest draft is intended to “refine, clarify, and enhance” Version 1.0, released in February 2014 in response to Executive … Continue Reading
Written by Michelle Anderson The Department of Commerce International Trade Administration and Swiss Federal Council announced on January 11, 2017, the creation of a Swiss-US Privacy Shield framework that will “apply the same conditions as the European Union” under the EU-US Privacy Shield framework. This is welcome news for companies that transfer personal data from … Continue Reading
Written by James Duchesne The President’s Commission on Enhancing National Cybersecurity (the “Commission”) recently issued a thoughtful report on improving the United States’ cybersecurity posture. (The full report can be read here.) The majority of the Commission’s recommendations would require action by the Trump Administration but may nonetheless prove influential. The Commission was charged under … Continue Reading
Written by Sydney White The U.S. Board of Governors of the Federal Reserve System, the U.S. Office of the Comptroller of the Currency (OCC), and the U.S. Federal Deposit Insurance Corporation (the “Agencies”), released an Advanced Notice of Proposed Rulemaking (“ANPR”) on October 20, requesting comments by January 17, 2017, on enhanced cybersecurity risk management … Continue Reading
Written by Scott Thiel Following the publication of industry-specific BYOD guidelines such as those issued by the Hong Kong Association of Banks (the “HKAB Guidelines“), the trend towards Bring Your Own Device (“BYOD“) has come to the attention of Hong Kong’s Privacy Commissioner. The Commissioner published an information leaflet on 31 August 2016 (the “Information … Continue Reading
Written by Jim Halpert and Michael Schearer The New York State Department of Financial Services (NYDFS) has set forth a proposed cybersecurity regulation for financial service companies. Announced this week by New York Governor Andrew M. Cuomo, the proposed rule seeks to protect both consumer data and financial systems from terrorist organizations and other criminal … Continue Reading
Written by Scott Thiel China’s cybersecurity and data privacy frameworks are facing yet more significant changes, as in recent weeks the Chinese Government has announced two further initiatives. These are in addition to the significant legal developments that we highlighted in July 2016. Strengthening the standardisation of national cyber security: The Cyberspace Administration of China … Continue Reading
Written by James Duchesne As detailed in press reports over the past several months, sophisticated hackers have used trusted interbank messaging systems to initiate fraudulent transactions resulting in the theft of tens of millions of dollars. Hackers using stolen credentials accessed secure messaging systems to initiate fraudulent transfers after hours, making them appear to come … Continue Reading
Written by Peter McLaughlin and Michelle Anderson The U.S. Federal Trade Commission (FTC) recently announced its creation of a Mobile Health Apps Interactive Tool, a web-based tool designed to help developers of mobile health (mHealth) applications understand which federal laws and regulations they should consider in developing their apps[1]. While the tool is helpful as … Continue Reading
The National Telecommunications and Information Administration (“NTIA”) has sought comment on a broad range of issues related to the advancement and regulation of the Internet of Things (“IoT”), including technological challenges/benefits of IoT, definitional issues, privacy, and cybersecurity related issues, among others. NTIA will use the information to produce a “green paper” in which it intends … Continue Reading
Written by Giangiacomo Olivi While many are not yet aware of the full breadth of the cybercrime phenomenon (cybercrime globally generates more revenues and is more profitable than drug trafficking!), there is a general consensus about the fact that certain breaches cannot be avoided. With a proliferation of connected devices operated remotely and a more … Continue Reading
By Patrick Van Eecke and Loretta Marshall On 7 December 2015, Europe adopted a new set of cyber security rules in a European Directive concerning measures to ensure a high common level of network and information security across the EU (“NIS Directive”). The NIS Directive is set to reduce fragmentation caused by 28 different markets, … Continue Reading
Written by Tara McGraw Swaminatha and Christopher Scott Companies around the world are seeing the resurgence of an old scam: wire transfer phishing attacks that trick employees into wiring money from company bank accounts to criminals’ bank accounts. Over the past several months, many companies have lost millions of dollars to such relatively simple attacks. … Continue Reading
Written by Sydney White Senate consideration of cybersecurity information sharing legislation, the Cybersecurity Information Sharing Act (CISA), S. 754, has again been delayed this time until the Senate returns from August recess. The delay is attributable to the lengthy debate required on the highway bill rather than opposition to the bill from within the Senate. … Continue Reading
The cyber-attack suffered by Hacking Team revealed unexpected vulnerabilities of systems with considerable consequences for businesses whose cyber risk strategy shall be reassessed.… Continue Reading
The Federal Trade Commission (“FTC”) has launched a new initiative, dubbed “Start with Security,” which is focused on assisting businesses in developing greater security to protect consumers’ personal information. To kick off the initiative, the FTC issued Protecting Personal Information: A Guide for Business, which is based on the lessons learned from the approximately fifty (50) … Continue Reading
