Hunton & Williams explains: On December 21, 2017, the Federal Energy Regulatory Commission (“FERC”) issued a Notice of Proposed Rulemaking (“NOPR”) aimed at expanding mandatory reporting obligations in relation to cybersecurity incidents. In particular, FERC’s NOPR would direct the North American Electric Reliability Corporation (“NERC”) to develop modifications to certain Critical Infrastructure Protection (“CIP”) Reliability…
Category: Breach Laws
Businesses Take Note: Updates to Maryland’s Data Breach Notification Law Take Effect January 1, 2018
James Benjamin, Jr. of Pessin Katz Law, P.A. writes: On January 1, 2018, several amendments to the Maryland Personal Information Protection Act, (“MPIPA”) MD Code Ann., Com. Law §14-3501 et seq. will go into effect. Businesses collecting personal information should take note and be prepared. Under the law as amended, the definition of “personal information”…
Federal Court’s Embrace Of FTC Data-Breach Settlements As ‘Common Law’ Treads On Due Process
Cory L. Andrews of Washington Legal Foundation has an OpEd that begins: The Federal Trade Commission (FTC) has developed a well-known penchant for using individually negotiated settlement agreements and consent decrees to announce for the first time what qualifies as “unfair” or “deceptive” conduct under the FTC Act. In the data-privacy arena, FTC views these…
Ohio Bill Proposes Safe Harbor Against Breach Suits to Businesses Maintaining Recognized Cybersecurity Programs
William Berglund, Robert J. Hanna and Victoria L. Vance of Tucker Ellis write: Maintaining robust cybersecurity measures that meet government- and industry-recognized standards will provide businesses operating in Ohio with a legal defense to data breach lawsuits, if a bill recently introduced in the Ohio Senate becomes law. Ohio Senate Bill No. 220 (S.B. 220),…
National data breach notification law introduced by Senate Commerce Committee members
Patrick Howell O’Neill reports: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports…
SCOTUS Will Not Review CFAA Password Sharing Case
Jason C. Gavejian writes: The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to…