By

Michaelene E. Hanley

31 August 2017

Delaware Expands Data Breach Notification Statute

Governor John Carney signed Delaware’s updated breach notification law on August 17, 2017.  The revised law, which will come into force on April 14, 2018, includes key changes to the definition of personal information, introduces credit monitoring obligations, and heightens notice requirements. The law will also create new general information security requirements. (more…)

SHARE
EmailPrintShare
03 August 2017

House Panel Advances Bill to Ease Safety Restrictions on Autonomous Vehicles

Federal legislation on the regulation of self-driving cars may be gaining traction.  The House Energy and Commerce Committee approved a bipartisan bill that would ease safety restrictions on self-driving cars and preempt state laws banning “highly automated systems” or self-driving vehicles to allow designers to test and deploy cars on the road.  The Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution Act (the “SELF DRIVE Act”) bill passed the House Committee with a 54-0 vote.  It would facilitate the release by automakers of 25,000 automated vehicles in the first year and up to 100,000 automated vehicles annually, starting in the third year after the bill’s effective date.  (more…)

SHARE
EmailPrintShare
14 July 2017

Federal Agencies Focus on Risks, Guidance for Internet of Things

Businesses and consumers are increasingly using Internet of Things (“IoT”) devices to communicate and process quantities and types of information that have never before been captured.  In response, more federal agencies are turning their attention to the potential risks, and developing guidance for the deployment of IoT technologies.  The latest to weigh in on risks include the Governmental Accountability Office and the Department of Commerce. (more…)

SHARE
EmailPrintShare
10 April 2017

New Mexico Enacts Breach Notification and Data Security/Secure Disposal Law, While Tennessee Clarifies Encryption Exception

New Mexico has become the 48th state to enact a data breach notification law, which also includes data security requirements. The Data Breach Notification Act, signed by Governor Martinez on April 6, 2017, requires notification within 45 days of discovery of a security breach, or “unauthorized acquisition” of computerized personal information, subject to the needs of law enforcement. A security breach is also limited to unencrypted data or encrypted data when the decryption key is compromised. Personal data protected by the law includes Social Security numbers, driver’s license numbers, government-issued identification numbers, account, credit card or debit card number paired with the security code or other pin, and biometric data.

(more…)

SHARE
EmailPrintShare
15 December 2016

Changes to DMCA Safe Harbor Registration Require Action by December 31, 2017

As part of a housekeeping effort, the U.S. Copyright Office issued a final rule that changes the designated agent mechanism protecting online service providers from certain copyright infringement liability under the Digital Millennium Copyright Act (“DMCA”).  Companies will now have to re-register every three years, and existing registrations will cease to be valid by the end of next year.

(more…)

SHARE
EmailPrintShare
07 October 2016

DOD Finalizes Contractor Cyber Attack Notice Rule

The Department of Defense has implemented another measure to protect its supply chain from hacking. On October 4, 2016 the U.S. Department of Defense issued a long-awaited finalized rule that imposes a mandatory 72-hour reporting requirement for DOD defense contractors and subcontractors to disclose cyber attacks to the Pentagon. (more…)

SHARE
EmailPrintShare
19 August 2016

NIST requests comments on cybersecurity in the digital economy to inform CENC recommendations

On August 10, 2016, the National Institute of Standards and Technology (“NIST”) issued a notice requesting public comment on the current and future state of cybersecurity in the digital economy.  The Request for Information (“RFI”) will serve to facilitate the work of the Commission on Enhancing National Cybersecurity (“CENC”) in delivering detailed cybersecurity recommendations for the public and private sectors pursuant to Executive Order 13718.  The February 2016 Executive Order created CENC to develop a plan of action for the next decade to strengthen cybersecurity in the public and private sectors and reinforce partnerships between federal, state and local governments and the private sector. The Executive Order directs the Commission and the Secretary of Commerce to work with NIST to carry out its mission.

(more…)

SHARE
EmailPrintShare
18 February 2016

DHS Issues Guidance Pursuant to Cybersecurity Act of 2015

The Cybersecurity Act of 2015, which included the long anticipated Cybersecurity Information Sharing Act or CISA, was passed on December 18, 2015 to facilitate and encourage confidential two-way private sector sharing of cyberthreat information with the federal government. It also provided key liability shields for cyberthreat information sharing and network monitoring pursuant to the Act.  Under the Cybersecurity Act, the Department of Homeland Security (DHS) was designated to coordinate the sharing and was tasked with developing guidelines to facilitate implementation within 90 days.

(more…)

SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator