Kim Peretti, Lance Taubin, and Emily Poole of Alston & Bird write: On June 10, 2021, almost exactly three years after the passing of its Cybersecurity Law (CSL), the National People’s Congress of China passed a new Data Security Law (DSL) (click here for an unofficial English translation of the DSL), which goes into effect September 1, 2021. Where…
Category: Federal
Bits ‘n Pieces
Aultman Health Foundation Notifying Patients of Insider-Wrongdoing The Ohio foundation is notifying approximately 7,000 patients that a former employee accessed their records without business need. HOYA Optical Labs of America Notifying Patients of Ransomware Incident As first reported by HealthITSecurity, the Japanese-headquartered firm notified 3,259 U.S. patients of a ransomware incident. The incident occurred in…
New Australian bill would force companies to disclose ransomware payments
Catalin Cimpanu reports: Australian lawmakers have filed on Monday a new bill that would mandate that local companies inform the Australian Cyber Security Centre (ACSC) of their intention to pay a ransomware gang. The Ransomware Payments Bill 2021 was put forward today by Tim Watts, Australia’s Shadow Assistant Minister for Cyber Security, and comes after Australian companies…
Do We Even Need the Computer Fraud & Abuse Act (CFAA)?–Van Buren v. US
Eric Goldman writes: Last week, the Supreme Court decided Van Buren v. US. Many hoped the decision would clarify how owners can delimit third-party usage of their computer resources for purposes of the Computer Fraud & Abuse Act (CFAA). Disappointingly, the court explicitly punted on that key question, though the decision probably will prompt lower…
South Africa lays down the law on cybercrime
Karen Allen writes: A new law brings South Africa up to international standards for fighting cybercrime. […] Together with the Protection of Personal Information (POPI) Act 2020, which will be in full effect after 30 June 2021, the new cyber law is a key part of South Africa’s armoury in the fight against cybercrime. […] In summary, cybercrime…
Van Buren is a Victory Against Overbroad Interpretations of the CFAA, and Protects Security Researchers
Aaron Mackey and Kurt Opsahl of EFF write: The Supreme Court’s Van Buren decision today overturned a dangerous precedent and clarified the notoriously ambiguous meaning of “exceeding authorized access” in the Computer Fraud and Abuse Act, the federal computer crime law that’s been misused to prosecute beneficial and important online activity. The decision is a victory for all Internet…