Rahul Verma reports: The Indian government has introduced a new IT policy that requires virtual private network companies (VPNs) to collect extensive customer data and maintain it for five years or more. The directive came from Computer Emergency Response Team, CERT-in. The new policy lists data centers and crypto exchanges under the same provision. The…
Category: Federal
India to introduce six-hour data breach notification rule
Stephen Pritchard reports: Organizations in India face a six-hour data breach reporting deadline, following the introduction of new rules by the country’s computer emergency response team, CERT-In. The new rules will apply to critical parts of India’s network and IT infrastructure, including service providers, data centers, government organizations, and corporations. Read more at TheDailySwig.
CERT-In’s directions on reporting data breach will hold companies accountable: Experts
Debangana Ghosh reports: The Indian Computer Emergency Response Team (CERT-In) on Thursday made it mandatory for firms to report all incidents of cybersecurity vulnerabilities within six hours of noticing. Internet researchers and cybersecurity experts call it a welcome move, protecting consumers and ensuring companies become more alert of cybersecurity. However, some raise concerns over whether…
Singapore to license pentesters and managed infosec operators
Laura Dobberstein reports: Cybersecurity service providers must for licenses to operate in Singapore, under new regulations launched by the country’s Cyber Security Agency (CSA) on Monday. The new licensing framework requires vendors that offer penetration testing, and/or managed security operations centers (SOC) to get a licenses, in recognition that they access customers’ systems and therefore pose a…
HHS OCR Issues Annual HIPAA Reports to Congress
Chris Bennington of Epstein Becker Green writes, in part: The HITECH Act requires OCR to issue annual reports to Congress of HIPAA breaches and complaints received by OCR during the calendar year. For 2020, OCR reported that it received 656 notifications of breaches affecting 500 or more individuals, 66,509 notifications of breaches affecting fewer than…
ANNOUNCE: HHS’ Office for Civil Rights Seeks Public Comment on Recognized Security Practices and Sharing Civil Money Penalties and Monetary Settlements Under the HITECH Act
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) today released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. The growing number of cybersecurity threats are…