New Mexico has become the 48th state to enact a data breach notification law, which also includes data security requirements. The Data Breach Notification Act, signed by Governor Martinez on April 6, 2017, requires notification within 45 days of discovery of a security breach, or “unauthorized acquisition” of computerized personal information, subject to the needs of law enforcement. A security breach is also limited to unencrypted data or encrypted data when the decryption key is compromised. Personal data protected by the law includes Social Security numbers, driver’s license numbers, government-issued identification numbers, account, credit card or debit card number paired with the security code or other pin, and biometric data.
As part of a housekeeping effort, the U.S. Copyright Office issued a final rule that changes the designated agent mechanism protecting online service providers from certain copyright infringement liability under the Digital Millennium Copyright Act (“DMCA”). Companies will now have to re-register every three years, and existing registrations will cease to be valid by the end of next year.
The Department of Defense has implemented another measure to protect its supply chain from hacking. On October 4, 2016 the U.S. Department of Defense issued a long-awaited finalized rule that imposes a mandatory 72-hour reporting requirement for DOD defense contractors and subcontractors to disclose cyber attacks to the Pentagon. (more…)
On August 10, 2016, the National Institute of Standards and Technology (“NIST”) issued a notice requesting public comment on the current and future state of cybersecurity in the digital economy. The Request for Information (“RFI”) will serve to facilitate the work of the Commission on Enhancing National Cybersecurity (“CENC”) in delivering detailed cybersecurity recommendations for the public and private sectors pursuant to Executive Order 13718. The February 2016 Executive Order created CENC to develop a plan of action for the next decade to strengthen cybersecurity in the public and private sectors and reinforce partnerships between federal, state and local governments and the private sector. The Executive Order directs the Commission and the Secretary of Commerce to work with NIST to carry out its mission.
The Cybersecurity Act of 2015, which included the long anticipated Cybersecurity Information Sharing Act or CISA, was passed on December 18, 2015 to facilitate and encourage confidential two-way private sector sharing of cyberthreat information with the federal government. It also provided key liability shields for cyberthreat information sharing and network monitoring pursuant to the Act. Under the Cybersecurity Act, the Department of Homeland Security (DHS) was designated to coordinate the sharing and was tasked with developing guidelines to facilitate implementation within 90 days.