Key Takeaways from Sidley’s Privacy and Cybersecurity Monitor-Side Chat Featuring Adam Klein, Chairman of the PCLOB
Posting revised August 13, 2020
On July 2, 2020, Sidley partner Alan Raul, founder and co-head of Sidley’s Privacy and Cybersecurity practice, hosted Adam Klein, Chairman of the Privacy and Civil Liberties Oversight Board (“PCLOB” or “the Board”), for a Monitor-Side Chat.
The discussion focused largely on the Commission’s work since Mr. Klein became Chairman in October, 2018. Key topics of the chat included:
- Mission, Operation and Access of PCLOB
- Balancing Counter-Terrorism and Privacy
- Comparison of U.S. and Foreign Checks and Balances
- FISA Reform
- Emerging Technologies
DoD Issues Cybersecurity Maturity Model Certification Version 1.0
On January 31, 2020, the Department of Defense released its latest version of the Cybersecurity Maturity Model Certification (“CMMC”) for defense contractors. Under the CMMC plan, DOD contractors will be required to obtain a cybersecurity rating from Level 1 through Level 5. Self-certification will not be permitted. Given the significant investment of industry resources the CMMC may require, the DOD eased some concerns by announcing that it would roll out the CMMC program out in stages. A new Defense federal Acquisition Regulation Supplement (“DFARS”) clause is expected in the spring of 2020, and CMMC requirements are anticipated to be included in certain limited Requests for Information released starting June 2020. Ultimately, all DOD contracts will include a minimum cybersecurity requirement by 2026. (more…)
FERC Enhances Reporting Requirements for Cyber Attacks on Power Grid
On June 20, 2019, the Federal Energy Regulatory Commission (“FERC”) approved a North American Electric Reliability Corp. (“NERC”) petition to adopt Reliability Standard CIP-008-6 to strengthen the reporting requirements for attempts to compromise the operation of the United States’ bulk electric system. The prior Critical Infrastructure Protection (“CIP”) Reliability Standards only required reporting where an incident compromised or disrupted one or more reliability tasks. The new standard applies to all registered entities subject to the CIP Reliability Standards.
State Privacy Laws: New Jersey Passes Consumer Privacy Act
State laws governing the collection and use of personal information continue to proliferate. The latest comes from New Jersey, which on July 21, 2017, signed into law legislation that restricts a merchant’s ability to collect personal data of shoppers and share such data with third parties. New Jersey’s Personal Information Privacy and Protection Act permits retailers to scan an identification card only for certain purposes—such as verifying the consumer’s identity—and requires retailers to store such data securely. Further, a retailer may not share the data with a third party unless the retailer discloses its data-sharing practices to the consumer. (more…)
White House Publishes Report on Artificial Intelligence
Artificial intelligence has been hailed for the promise of breakthrough innovations but also the object of concern by such notable voices as Bill Gates, Stephen Hawkins, and Elon Musk. To explore the issues presented, the White House conducted a review of the opportunities, risks, and regulatory implications of artificial intelligence. Last week, the White House released a comprehensive report, Preparing for the Future of Artificial Intelligence, reflecting a culmination of its review, including public comment and several public workshops that were co-hosted by the White House Office of Science and Technology Policy with the National Economic Council, as well as non-profit and academic organizations.