By

Michaelene E. Hanley

10 April 2017

New Mexico Enacts Breach Notification and Data Security/Secure Disposal Law, While Tennessee Clarifies Encryption Exception

New Mexico has become the 48th state to enact a data breach notification law, which also includes data security requirements. The Data Breach Notification Act, signed by Governor Martinez on April 6, 2017, requires notification within 45 days of discovery of a security breach, or “unauthorized acquisition” of computerized personal information, subject to the needs of law enforcement. A security breach is also limited to unencrypted data or encrypted data when the decryption key is compromised. Personal data protected by the law includes Social Security numbers, driver’s license numbers, government-issued identification numbers, account, credit card or debit card number paired with the security code or other pin, and biometric data.

(more…)

SHARE
EmailPrintShare
15 December 2016

Changes to DMCA Safe Harbor Registration Require Action by December 31, 2017

As part of a housekeeping effort, the U.S. Copyright Office issued a final rule that changes the designated agent mechanism protecting online service providers from certain copyright infringement liability under the Digital Millennium Copyright Act (“DMCA”).  Companies will now have to re-register every three years, and existing registrations will cease to be valid by the end of next year.

(more…)

SHARE
EmailPrintShare
07 October 2016

DOD Finalizes Contractor Cyber Attack Notice Rule

The Department of Defense has implemented another measure to protect its supply chain from hacking. On October 4, 2016 the U.S. Department of Defense issued a long-awaited finalized rule that imposes a mandatory 72-hour reporting requirement for DOD defense contractors and subcontractors to disclose cyber attacks to the Pentagon. (more…)

SHARE
EmailPrintShare
19 August 2016

NIST requests comments on cybersecurity in the digital economy to inform CENC recommendations

On August 10, 2016, the National Institute of Standards and Technology (“NIST”) issued a notice requesting public comment on the current and future state of cybersecurity in the digital economy.  The Request for Information (“RFI”) will serve to facilitate the work of the Commission on Enhancing National Cybersecurity (“CENC”) in delivering detailed cybersecurity recommendations for the public and private sectors pursuant to Executive Order 13718.  The February 2016 Executive Order created CENC to develop a plan of action for the next decade to strengthen cybersecurity in the public and private sectors and reinforce partnerships between federal, state and local governments and the private sector. The Executive Order directs the Commission and the Secretary of Commerce to work with NIST to carry out its mission.

(more…)

SHARE
EmailPrintShare
18 February 2016

DHS Issues Guidance Pursuant to Cybersecurity Act of 2015

The Cybersecurity Act of 2015, which included the long anticipated Cybersecurity Information Sharing Act or CISA, was passed on December 18, 2015 to facilitate and encourage confidential two-way private sector sharing of cyberthreat information with the federal government. It also provided key liability shields for cyberthreat information sharing and network monitoring pursuant to the Act.  Under the Cybersecurity Act, the Department of Homeland Security (DHS) was designated to coordinate the sharing and was tasked with developing guidelines to facilitate implementation within 90 days.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator