Eric Chabrow reports: Kentucky became the 47th state to enact a breach notification law last week. And while a national law superseding the widely varying state statutes is long overdue, the primary election defeat of House Majority Leader Eric Cantor makes passing such a bill tougher. Read more on GovInfoSecurity.com.
Category: Federal
New Zealand to Require Breach Notice, Strengthen Cross-Border Transfer
Murray Griffin reports: The New Zealand government May 28 released a fact sheet detailing its intended proposals to update the country’s data protection regime, including the introduction of new controls on cross-border disclosures and a requirement that companies and public agencies provide data breach notification. Read more on Bloomberg BNA.
FTC told to disclose the data security standards it uses for data security enforcement actions
Jaikumar Vijayan reports: The Federal Trade Commission (FTC) can be compelled to disclose details of the data security standards it uses to pursue enforcement action against companies that suffer data breaches, the agency’s chief administrative law judge ruled Thursday. The decision came in response to a motion filed by LabMD, a now-defunct medical laboratory that…
Breaking down the court’s decision in FTC v. Wyndham Worldwide
Here’s another commentary/analysis of Judge Salas’s ruling on Wyndham’s motion to dismss that is worth noting here, by the law firm of Covington & Burling: They write, in part: The FTC’s data-security authority is still in jeopardy. Although the FTC is the plaintiff in this case, it is really Wyndham that is on the offensive. If…
Part II: Fair Notice or No Notice? The Wyndham Worldwide Case and the Expanding Power of the FTC to Police Data Security
As I expected, a slew of law firms posted their analyses and commentaries on Judge Salas’s ruling on Wyndham’s motion to dismiss the FTC’s complaint about its data security. I haven’t linked to most of them, but took note of this commentary by Lance Koonce and Christin McMeley of Davis Wright Tremaine as they take a less FTC-friendly view…
“Weev’s” conviction reversed on appeal
Wow. The U.S. Court of Appeals for the Third Circuit just reversed Andrew Auernheimer (“Weev”)’s conviction – not based on anything to do with the Computer Fraud and Abuse Act issues that defense counsel had raised, but because the court determined that the case never should have been heard in New Jersey. Ars Technica and TechDirt have…