Neil Ford explains: Germany has passed a new IT security law requiring critical infrastructure institutions to implement minimum information security practices or face fines of up to €100.000. The new law, which was drafted last August, was passed by the Bundestag last month and has now been passed by Germany’s upper house, the Bundesrat. It gives…
Category: Federal
National Association of Attorneys General: Federal Data Breach Legislation Should Not Preempt States
The National Association of Attorneys General (NAAG) sent a letter today to congressional leaders urging them to ensure that federal data breach legislation preserves states’ ability to enforce state laws in order to protect consumers from data breaches and identity theft. Most of the federal bills related to data security and data breach notification pending…
ALERT: NIST Issues Final Guidance on Federal Contractor Cybersecurity Standards for Controlled Unclassified Information
Alexander Major of Sheppard Mullin writes: On June 19, 2015, the National Institute of Standards and Technology (NIST) published the final version of guidance for federal agencies to ensure sensitive information remains confidential when stored outside of federal systems. The guidelines, Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, apply to…
Lawyers and ethical hackers weigh in on Astros hack
Robert Patrick interviews a number of attorneys and white-hat hackers about whether the government is likely to pursue charges under the Computer Fraud and Abuse Act in this piece in the St. Louis Post-Dispatch.
House OGR questions FTC’s Ramirez about standards for data security
In a hearing yesterday, Rep. Darrell Issa of the House Committee on Oversight and Government Reform questioned FTC Chairwoman Edith Ramirez about standards for data security enforcement. And although I often disagree with Rep. Issa, I do agree that entities need to know what they need to do to have safe harbor from an FTC enforcement…
Warner, Johnson, Ayotte introduce Senate bill to require IRS to notify victims of identity theft
U.S. Sens. Mark Warner (D-VA), Ron Johnson (R-WI) and Kelly Ayotte (R-NH) introduced a bill Wednesday to require the Internal Revenue Service to notify potential victims of identity theft, something the agency has not always done in the past. The Social Security Identity Defense Act of 2015 would require the IRS to notify an individual…