Ben Kochman reports: The Federal Trade Commission said Friday that it is considering changing a decade-old, little-used rule that requires certain companies handling health information to publicly report data breaches — and which could gain new relevance as consumers increasingly turn to telehealth. The consumer protection agency says it is soliciting comments on whether it should make…
Category: Federal
U.S. Supreme Court Will Finally Weigh in on Scope of CFAA
Jason C. Gavejian, Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write: The United States Supreme Court recently granted a petition for certiorari in Van Buren v. United States addressing the issue of whether it is a violation of the Computer Fraud and Abuse Act (“CFAA”) when an individual who is authorized to access information on a computer, accesses the same…
China Issues New Measures on Cybersecurity Review of Network Products and Services
Yan Luo and Zhijing Yu of Covington & Burling write: On April 27, 2020, the Cyberspace Administration of China (“CAC”) and other eleven government agencies jointly released the final version of the Measures on Cybersecurity Review (“Measures”) (an official Chinese version of the Measures is available here). These Measures will take effect on June 1, 2020. Under Article…
Supreme Court to Consider Whether Improper Data Access Violates Computer Crime Law
From EPIC.org: The Supreme Court will decide whether a person who is authorized to access data for some purposes violates the Computer Fraud and Abuse Act if they access the information for other purposes. The case, Van Buren v. United States, concerns a police officer who accessed a law enforcement database to sell the information to…
Another Court Significantly Limits the Scope of Criminal CFAA–Sandvig v. Barr
Eric Goldman writes: The plaintiffs want to create fake job profiles to research algorithmic discrimination. Fearing that their research activities would expose them to criminal CFAA prosecution, they challenged the CFAA as violating their First Amendment rights. Venkat blogged a preliminary ruling in the case 2 years ago. Now, the court dismisses the researchers’ suit as moot…
NIST asks for public comments on new cybersecurity risk management document
Andrew Eversden reports: The National Institute of Standards and Technology is asking for public comments on a new report that provides insight into how organizations can integrate cybersecurity into enterprise risk management. The document, titled “NIST-Interagency Report 8286 Integrating Cybersecurity and Enterprise Risk Management,” advises organizations on how to improve the cybersecurity risk information they…