By

Clayton G. Northouse

09 November 2015

Senate Passes Cybersecurity Legislation, Differences to be Worked Out with House Bills

On October 27, 2015, the Senate passed S. 754, the Cybersecurity Information Sharing Act (“CISA”), with bi-partisan support. Although some raised privacy concerns, CISA received backing from the Administration and support from many industry participants. The Senate bill must be reconciled with similar bills in the House (H.R. 1560 and H.R. 1731) before a conference version is produced. This process may be contentious as privacy advocates seek to strengthen protections for personal information, and Senator Richard Burr, Chairman of the Senate Intelligence Committee and co-sponsor of CISA, indicated that the conferencing process is unlikely to produce a resolution before January 2016.

(more…)

EmailShare
23 October 2015

NAIC Task Force Adopts Cybersecurity “Bill of Rights” for Insurance Consumers

On October 14, 2015, the Cybersecurity Task Force (Cybersecurity Task Force) of the National Association of Insurance Commissioners (NAIC) adopted a cybersecurity “Bill of Rights” that proposes certain rights for insurance consumers relating to the protection of their personal information by insurance companies, insurance producers and other entities regulated by state insurance departments.  The Bill of Rights also outlines specific notices, information and actions that consumers should  expect from such entities, particularly in the event of a data breach.  This Bill of Rights, if adopted by NAIC’s Executive/Plenary Committees, could ultimately be incorporated in NAIC Model Acts and Regulations, and could be adopted by insurance companies on their own initiative.

(more…)

EmailShare
26 August 2015

Third Circuit Affirms FTC Authority to Regulate Cybersecurity

On Monday, the U.S. Court of Appeals for the Third Circuit issued its much-anticipated decision in Federal Trade Commission v. Wyndham Worldwide Corp., No. 14-3514 (3d Cir. Aug. 24, 2015), holding that the Federal Trade Commission has the authority to bring an action under Section 5 of the FTC Act for allegedly “unfair” cybersecurity practices.

(more…)

EmailShare
26 May 2015

Identifying the Standards: DOJ, SEC and FTC Offer Guidance for Cybersecurity Preparedness

Although a frequent topic of discussion on Capitol Hill, no single standard for private-sector cybersecurity programs has yet to emerge. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is often considered foremost among existing guidance, but several other agencies are also expressing views, including the following recent guidance from the Department of Justice (DOJ), the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC). Significantly, both the DOJ and FTC tout the advantages of cooperating with law enforcement after a data breach by noting that such cooperation may lead to “regulatory” benefits.

(more…)

EmailShare
XSLT Plugin by BMI Calculator