It is disgraceful that there are so many huge data leaks involving sensitive personal data, and yet here we are again. Cybernews reports: Health Genie, a healthcare IT solutions provider, left an open instance, exposing patients’ personal details as well as sensitive clinical data. The India-based healthcare solutions provider left an open Amazon S3 bucket,…
Category: Breach Laws
Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements
A quick note that the official draft of CIRCA is now published: A Proposed Rule by the Homeland Security Department on 04/04/2024 All information is linked from https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements NOTE: This is quite long, so leave yourself time to read it. Comments and related material must be submitted on or before June 3, 2024.
CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting
Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemaking (“Proposed Rule”) related to the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”) was released on the Federal Register website. …
Utah Enacts Amendments to State Breach Notification Law
Hunton Andrews Kurth writes: On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq) and the Utah Technology Governance Act in the Utah Government Operations Code (§63A-16-1101 et seq). The Utah Technology Governance…
FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges
Hunton Andrews Kurth writes that on March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect despite legal challenges. The rules were adopted in December 2023 pursuant to an FCC Report and Order (the “Order”). Their previous blog post explained the Rules: Pursuant to the…
Florida Legislature Passes Data Breach Immunity Legislation
Josh Hansen and Alfred Saikali of Shook, Hardy & Bacon write: The Florida legislature passed a bill that provides immunity to companies that suffer a data breach. The immunity is conditioned on the company: (1) complying with the notice requirements of Florida’s data breach notification law, and (2) maintaining a cybersecurity program that tracks certain…