Cybersecurity & Privacy

Current News

Cybersecurity & Privacy

New DoJ Policy Limits Computer Hacking Prosecutions

The Department of Justice today issued a new policy on computer hacking prosecutions that would protect good-faith security research and allow “minor” violations of the Computer Fraud and Abuse Act (CFAA) to go unpunished. The policy responds to conc...

New DoJ Policy Limits Computer Hacking Prosecutions
Agencies Offer Advice on Blocking Cyber Attacks
May 19, 2022
R. Jason Howard, J.D.

An advisory published Tuesday by the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation, along with allied nations, addresses the common weaknesses that enable hackers to gain acces...

Bill to Improve ICS Cybersecurity Advances in House
May 19, 2022

A bill that would establish a training program to educate public and private sector entities about cyber threats to industrial control systems (ICS) today cleared the House Homeland Security Committee. The Industrial Control Systems Cybersecurity Tra...

Brazil Seeks Comment on Cross-Border Data Transfers
May 19, 2022
R. Jason Howard, J.D.

Brazil’s data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD), has opened a call for comments on the regulation of international transfers of personal data. The call for comments notes that international data transfers have ...

Senate Committee OKs Bill to Improve Small Business Cybersecurity
May 19, 2022
Tom Leithauser

Legislation that would require the Small Business Administration to establish a cybersecurity training program for counselors at small business development centers (SBDCs) was approved yesterday by the Senate Small Business and Entrepreneurship Commi...

Senators Blast Data Brokers for Sale of Data on Abortion Clinic Visitors
May 19, 2022
Paul Kirby

Fourteen senators have written data brokers SafeGraph, Inc., and Placer.ai demanding information about the companies’ collection and sale of cellphone-based location data of people who visit abortion clinics. In letters sent Tuesday, the lawmakers sa...

Khan defends FTC budget request in house hearing
May 19, 2022
Lynn Stanton

TR Daily Khan asked the House Subcommittee on Financial Services and General Government for increased staff to address a historic surge in mergers. During a House Appropriations financial services and general government subcommittee hearing to discus...

Cybersecurity & Privacy

House OKs Bill to Help Local Governments With Cybersecurity

A bill designed to help state and local governments improve their cybersecurity through closer collaboration with the Department of Homeland Security cleared the House late yesterday by a vote of 404-14. The State and Local Government Cybersecurity A...

House OKs Bill to Help Local Governments With Cybersecurity
Consumer Privacy Bill Advances in Louisiana
May 18, 2022
Carrie DeLeon

The Louisiana state House Committee on House and Governmental Affairs voted 9-2 yesterday to pass a bill called the Louisiana Consumer Privacy Act to establish consumer rights related to personal data processing. HB 987, which is sponsored by Rep. Da...

Consumer Privacy Bill on Agenda in Calif. Senate
May 18, 2022
Carrie DeLeon

The California state Senate Committee on Appropriations meets tomorrow to take up a bill that seeks to strengthen the state’s privacy protections by expanding the definition of “data brokers,” imposing additional requirements on data brokers, and inc...

EDPS Issues Opinions on Harmonized Rules on Cyber, Infosec
May 18, 2022
Tony Foley

The European Data Protection Supervisor (EDPS) announced yesterday that it had published two opinions on proposed regulations establishing harmonized rules for cybersecurity and information security for European Union institutions, bodies, offices, a...

Senators Seek FTC Probe of ID.me’s ‘Deceptive’ Statements
May 18, 2022
Tom Leithauser

Four Senate Democrats today asked the Federal Trade Commission to investigate whether ID.me, Inc., an online authentication platform used by some government entities, made deceptive statements about its use of facial recognition technology. ID.me, a ...

Singapore PDPC Issues Guide on Use of Biometrics in Security Apps
May 18, 2022
Tony Foley

The Singapore Personal Data Protection Commission (PDPC) published guidance on May 17 on the use of biometric identifiers in commercial security applications. In its Guide on Responsible Use of Biometric Data in Security Applications , the PDPC notes...

Spanish Agency Fines Google 10M Euros in Privacy Probe
May 18, 2022
Tony Foley

The Spanish data protection authority, Agencia Espanola de Proteccion de Datos (AEPD), issued a resolution of a procedure implemented against Google LLC in which it found serious infractions of the European Union’s General Data Protection Regulation ...

S.D. N.Y.: Patients’ inability to establish standing leads to dismissal of class action lawsuit following data breach
May 18, 2022
Chelsea N. Simms, Esq

Without establishing an injury-in-fact from the data breach, patients lacked standing to bring suit to collect damages from provider. A provider who failed to safeguard electronic protected health information (e-PHI) of 300,000 patients escaped respo...

Cybersecurity & Privacy

Officials Report Progress on Meeting Cyber EO’s Goals

Government witnesses today offered an optimistic assessment of the federal government’s progress toward implementing a cybersecurity executive order issued in the aftermath of the SolarWinds cyber intrusion. At a hearing of the House Homeland Securit...

Officials Report Progress on Meeting Cyber EO’s Goals
Organizations Mentioned:Amazon | Apple | Google | Meta
STRATEGIC PERSPECTIVES—Ankura Consultants Discuss Implications of Privacy Laws on Record Management
May 17, 2022

The increasing number of states enacting comprehensive consumer privacy laws has highlighted a variety of issues related to the storage, management and disposal of record information. Jeff Phillips and Collen M. Yushchak of Ankura Consulting Group LL...

Andorran Data Protection Law Takes Effect
May 17, 2022
Tony Foley

The Andorran Data Protection Authority (ADPA) announced today that the country’s updated data protection law had officially entered into force. Law 29/2021 of 28 October , which originally was published in the Official Bulletin in November 2021, alig...

Berlin DPA Outlines Data Transfer Requirements After Schrems II
May 17, 2022
Tony Foley

The Berlin data protection authority issued updated guidance on Friday discussing the permissibility of cross-border data transfers in light of the Schrems II decision issued by the Court of Justice of the European Union (CJEU). The guidance outlines...

Bill Would Establish ICS Cybersecurity Training Program
May 17, 2022
Tom Leithauser

A bill that would establish a training program to educate public and private sector entities about cyber threats to industrial control systems (ICS) has been introduced by Rep. Eric Swalwell (D., Calif.). The Industrial Control Systems Cybersecurity ...

Calif. Privacy Regulation Updates On Agenda for CPPA Meeting
May 17, 2022
Tony Foley

The California Privacy Protection Agency (CPPA) will hold its next board meeting on May 26, at which it is expected to provide updates on its rulemaking processes. According to the board’s agenda , Executive Director Ashkan Soltani will provide updat...

Canadian DPA Issues Bulletin on Sensitive Information
May 17, 2022
Tony Foley

The Canadian Office of the Privacy Commissioner (OPC) announced yesterday that it had provided updated guidance for data controllers on the processing of sensitive personal information under the Personal Information Protection and Electronic Document...

Energy Cybersecurity Bill Advances in House
May 17, 2022
Tom Leithauser

A bill that would provide financial assistance to graduate students researching the cybersecurity of U.S. energy infrastructure was approved today by voice vote by the House Science, Space, and Technology Committee. The Energy Cybersecurity Universit...

French Agency Publishes Evaluation Criteria for Cookie Walls
May 17, 2022
Tony Foley

The French data protection authority, Commission nationale de l'informatique et des libertés (CNIL), has published the first evaluation criteria to assess the legality of the use of so-called “cookie walls” by websites and mobile applications. Faced ...

House OKs Bills on Cyber Incident Response, Workforce
May 17, 2022
Tom Leithauser

Legislation that would require the Department of Homeland Security to review the effectiveness of its cyber incident response plans cleared the House late yesterday. The DHS Roles and Responsibilities in Cyber Space Act (HR 5658) was approved by a vo...

Advisory warns firms against hiring North Korean tech workers
May 17, 2022
Lauren Bikoff, MLS

The individuals pose as non-North Korean to obtain employment that helps fund the country’s nuclear weapons and ballistic missile programs, the advisory says. The U.S. Treasury Department, State Department, and Federal Bureau of Investigation have is...

‘Big Tech’s’ role in financial services raises policy issues, CRS report says
May 17, 2022
Nora Macaluso

Tech giants don’t currently have a large share of the financial services market, but any of them could scale up quickly in the future, the Congressional Research Service said in a report. Big technology companies’ growing involvement in the banking s...

Cybersecurity & Privacy

Trade and Technology Council Agrees to Supply Chain, ICT Actions

At its second meeting, the U.S.-European Union Trade and Technology Council (TTC) highlighted efforts on supply chains, information and communications technology (ICT) security, 6G, and other areas at a two-day session that ended today in France. “TT...

Trade and Technology Council Agrees to Supply Chain, ICT Actions
The Week in State Privacy and Cybersecurity Legislation—May 9-13, 2022
May 16, 2022
WK Editorial Staff

Welcome to The Week in State Privacy and Cybersecurity Legislation , your weekly update on the latest developments in proposed and amended privacy and data security legislation across the 50 states and the District of Columbia, as well as a summary o...

CBO: Bill to Improve Small Entities’ Cybersecurity to Cost $10M
May 16, 2022
Tom Leithauser

A bill that would direct federal agencies to provide cybersecurity resources to small businesses, governments, and nonprofits would cost the federal government $10 million over the 2022-2027 period, the Congressional Budget Office has estimated. The ...

Coalition Calls on Zoom to Jettison Plans for Emotion Recognition Software
May 16, 2022
Tony Foley

The Electronic Privacy Information Center (EPIC) announced on Friday that is had joined a coalition of privacy groups called Fight for the Future to call on Zoom Communications to abandon its plans to develop and incorporate emotional tracking softwa...

EDPB Issues Guidelines on Fines, Law Enforcement Use of Facial Recognition
May 16, 2022
Tony Foley

The European Data Protection Board (EDPB) released guidelines for public consultation today that address the calculation of administrative fines under the European Union’s General Data Protection Regulation (GDPR) and the use of facial recognition in...

EU Report Recommends Caution in Deploying Open RAN Technology
May 16, 2022
Paul Kirby

Entities should exercise caution in deploying open radio access network (RAN) technology because it can lead to additional network vulnerabilities, especially in the short term, according to a report released by European Union countries with the supp...

European Council Approves Data Governance Act
May 16, 2022
Tony Foley

The European Council announced today that it had approved the Data Governance Act (DGA), which it said would promote the availability of data and build a trustworthy environment to facilitate data use for research and innovation. Reuse of public sect...

FTC Urged to Launch Data Protection Rulemaking
May 16, 2022
Paul Kirby

Access Now, Free Press, and UltraViolet have delivered thousands of petition signatures urging the Federal Trade Commission to launch a privacy and civil rights rulemaking, and the groups say that with Alvaro Bedoya’s confirmation as an FTC commissio...

FTC urged to launch data protection rulemaking
May 16, 2022
Paul Kirby

TR Daily Groups say companies’ use of personal data harms minorities. Access Now, Free Press, and UltraViolet have delivered thousands of petition signatures urging the Federal Trade Commission to launch a privacy and civil rights rulemaking, and the...

S.D. Fla.: Many counts dismissed in patients' MDL based on alleged data breaches
May 16, 2022
Sara Cracau, J.D.

Although the group of patients had standing to sue medical providers in multidistrict litigation based on alleged breaches of privacy, many of their counts were dismissed for failure to state a claim. A federal district court in Florida dismissed man...

Cybersecurity & Privacy

EU Lawmakers Reach Agreement on Stricter Cybersecurity Rules

European Union legislators today announced a tentative agreement on the text of a new law that would impose stricter cybersecurity requirements on EU organizations and create new mechanisms to protect critical infrastructure from cyber attacks. The a...

EU Lawmakers Reach Agreement on Stricter Cybersecurity Rules
Agreement Reached on EU Rules for Financial Sector Cybersecurity
May 13, 2022
Tony Foley

The European Council (EC) announced on Wednesday that it had reached a provisional agreement with the European Parliament on the Digital Operations Resilience Act (DORA), which is designed to strengthen the IT security of financial entities like bank...

COMPETES Act Conference Committee Meets for First Time
May 13, 2022
Lynn Stanton

Ninety-four members of the House-Senate conference committee on HR 4521—the America COMPETES Act in the House and the U.S. Innovation and Competition Act (USICA) in the Senate—spoke yesterday during the first meeting of the committee tasked with iron...

Education Technology Policy Statement Teed Up for FTC’s May 19 Meeting
May 13, 2022
Lynn Stanton

Federal Trade Commission Chair Lina Khan announced yesterday that the agency’s commissioners will vote on a policy statement on education technology and the Children’s Online Privacy Protection Act at a virtual open meeting on May 19, beginning at 1 ...

IAB Europe Drops Request to Suspend Execution of Belgian DPA Ruling
May 13, 2022
Tony Foley

Interactive Advertising Bureau Europe (IAB Europe) announced today that it had withdrawn its request to suspend the execution of a decision of the Belgian data protection authority imposing a fine based on violations of the European Union General Dat...

Plan Calls for $150M to Fix Open Source Security Flaws
May 13, 2022
Tom Leithauser

The Linux Foundation has released a plan calling for $150 million to be spent over two years to improve the security of open source software (OSS), and it announced that six technology companies had pledged $30 million for the effort. The foundation’...

Proposed Consumer Privacy Act on Agenda in Louisiana
May 13, 2022
Carrie DeLeon

The Louisiana state House Committee on House and Governmental Affairs meets May 17 to discuss the proposed Louisiana Consumer Privacy Act. HB 987, which is sponsored by Rep. Daryl Deshotel (R.), would give consumers the right to confirm whether a con...

Sen. Bennet Offers Digital Platform Commission Act
May 13, 2022
Lynn Stanton

Sen. Michael Bennet (D., Colo.) yesterday introduced a bill to create a federal commission to oversee and regulate digital platforms to protect consumers; promote competition; assure algorithms are fair, transparent, and safe; promote access to platf...

Updated Cyber Crime Convention Signed by 22 Nations
May 13, 2022
Tony Foley

The Council of Europe (COE) announced yesterday that the “second additional protocol” to the Convention on Cybercrime (also known as the Budapest Convention) has been signed by 22 member and non-member states. According to the COE press release , mem...

N.D. Ill.: Employee’s claims over franchisor’s capture of fingerprints for POS system proceed
May 13, 2022
Patricia K. Ruiz, J.D.

With claims sufficiently pleaded, the court delayed the question of whether the employee could prove her allegations. The federal district court in Chicago denied a motion to dismiss by a Subway franchisor and the creator of its point-of-sale (POS) s...