White House Releases NIST Cybersecurity Framework
On February 12, the White House released the widely anticipated Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”). Developed pursuant to Executive Order 13636 (issued in February 2013), the Framework strongly encourages companies across the financial, communications, chemical, transportation, healthcare, energy, water, defense, food, agriculture, and other critical infrastructure sectors to implement and comply with its voluntary standards. The provisions set forth in the Framework may establish a new baseline for industry standard practices, and may impact or guide FTC enforcement actions and plaintiff data breach lawsuits.
Heads Up for Privacy, Data Protection and Cybersecurity in 2014
The new year will ring in significant privacy, data protection and cybersecurity changes in the U.S., Europe, Asia and elsewhere around the world. Below are some key developments and possible concrete action items for General Counsels, Chief Privacy Officers and Chief Information Officers:
Privacy and Data Protection Alert
This client alert describes legislation which Congress is considering introducing to require all publicly traded companies in the United States to certify to the SEC their compliance with minimum computer security standards. Prior to the introduction of the legislation within the next three months, Congress is soliciting comments and alternative proposals from the business community. The business community has been put on notice, however, that even if it formulates a strong alternative, legislation may still be required, if only to codify industry’s ideas.
California’s Office of Privacy Protection Issues – Recommendations on Notification of Security Breaches Involving Personal Information
The recent release of new guidelines on responding to computer security breaches offer important guidance for all companies with valuable electronic information. On October 10, 2003, the Office of Privacy Protection within the State of California’s Department of Consumer Affairs issued its “Recommended Practices on Notification of Security Breach Involving Personal Information.” The Office of Privacy Protection is tasked with recommending policies and practices that protect California consumers’ privacy.
California Supreme Court Resolves Apparent Conflict Between Trade Secret Law And Free Speech Rights
In a recent case of first impression, the California Supreme Court unanimously held a trial court’s preliminary injunction preventing publication of a computer program for descrambling digital video disks did not violate the defendant’s free speech rights, assuming the trial court properly issued the injunction under California’s trade secret law. In its August 25, 2003 decision in DVD Copy Control Assoc., Inc. v. Andrew Bunner, the Court resolved an apparent conflict between the free speech clauses of the United States and California Constitutions and California’s trade secret laws. This decision is significant because it is one of the first in the country to deal with the interplay between the free speech rights of parties who wish to publish technical information on the Internet and the property rights of parties who claim trade secret ownership in such information.