Micaela McMurrough, Ashden Fein, Caleb Skeath, and Matthew Harden of Covington and Burling write: On January 19, 2023, the National Institute of Standards and Technology (“NIST”) published a Concept Paper setting out “Potential Significant Updates to the Cybersecurity Framework.” Originally released in 2014, the NIST Cybersecurity Framework (“CSF” or “Framework”) is a framework designed to assist organizations with…
Category: Federal
Data Breach Reporting Requirements: A Proposed Rule by the Federal Communications Commission on 01/23/2023
This document has a comment period that ends in 29 days. (02/22/2023) AGENCY: Federal Communications Commission. ACTION: Proposed rule. SUMMARY: In this document, the Federal Communications Commission (Commission) begins the process to update and strengthen its data breach rule to provide greater protections to the public. We propose to expand the Commission’s definition of “breach”…
New Cybersecurity Directives (NIS2 and CER) Enter into Force in EU
Hunton Andrews Kurth writes: On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union (the “NIS2 Directive”) and the Directive on the resilience of critical entities (“CER Directive”) entered into force. The NIS2 Directive repeals the current NIS Directive and creates a more extensive and harmonized set of rules on cybersecurity…
FCC Proposes To Strengthen Data Breach Notification Rules for Telecom Operators
Marc S. Martin, Belinda Nixon, Samuel Klein, and Tyler Robbins of Perkins Coie write: In response to the increased frequency and severity of data breaches in the telecommunications industry, the Federal Communications Commission recently published a Notice of Proposed Rulemaking that seeks to strengthen and broaden its breach notification rules arising from the unauthorized disclosure of customer…
FCC Proposes to Modernize Data Breach Rules
Commission Will Seek Comment on Proposed Consumer and Law Enforcement Notification Requirements for CPNI Leaks — WASHINGTON, January 6, 2023—The Federal Communications Commission today launched a proceeding to strengthen the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI). The Commission will look to better align its…
ANPD Updates Information Security Incident Notification Guidelines
Cristiane Manzueto, Rodrigo Leal, and Flavia Telles of Mayer Brown write: The Brazilian National Data Protection Authority (ANPD) has published new guidelines on information security incident notifications, which are required whenever an incident is likely to create risks or cause significant damages to data subjects. In summary, here are the new updates: A new form for…