Christian B. Nagel, Todd R. Steggerda, Ronald L. Fouse, David G. Dargatis, and Edwin O. Childs of McGuireWoods LLP write: Beginning January 19, federal government contracts will contain additional training requirements for contractors who deal with personally identifiable information (PII) or with a system of records. Affected contractors must provide privacy training to their employees,…
Category: Federal
“….and in no case later than 60 calendar days after discovery of a breach”
I’ve been encouraging (ok, nagging) HIPAA lawyer Jeff Drummond of Jackson Walker to write a post explaining what the 60-day notification provision really means in HIPAA, as I’ve always had a lot of questions about it, such as: Does the 60-day clock start when the covered entity (CE) first discovers that they might have a…
EBA’s Proposed Guidelines Call for 2-Hour Notice of Data Breach
From PayBefore: The European Banking Authority (EBA) working with the European Central Bank (ECB) recently released a consultation paper on guidelines for payment service providers (PSPs) to follow in the event of security breaches. Among the suggested mandates is notifying authorities of an incident within two hours from the moment the breach is detected—that’s significantly faster than…
New cyber incident notification guidelines take effect April 1, 2017
Tony Ware reports: The U.S. Computer Emergency Readiness Team (US-CERT) is implementing new reporting requirements beginning April 1, 2017, and just released new guidelines to help federal departments and agencies; state, local, tribal, and territorial government entities; information sharing and analysis organizations; and foreign, commercial and private-sector organizations submit incident notifications. An “incident” is defined…
Department Releases Intake and Charging Policy for Computer Crime Matters
As computers play an ever-greater role in our lives and cybercrime becomes both more commonplace and more devastating, the need for robust criminal enforcement of effective computer crime laws will only become more important. As we’ve said in public remarks last year, we urgently need targeted updates to the Computer Fraud and Abuse Act that will help the department…
Three times a charm? Twice dead data breach notification laws re-enter Australia’s Parliament
Chris Duckett reports: It’s a scenario that feels like it could use a Ron Howard voiceover as Australia is making a third attempt at passing data breach notification laws, following previous attempts being stranded in the Senate by both Labor and Coalition governments. […] The laws being introduced this time around are similar to those drafted…