RAPSI News reports: The Ministry for Digital Development, Communications and Mass Media of the Russian Federation is preparing a bill on turnover-based fines for the personal data breach. This additional responsibility is to put business up to invest in the development of the information safety infrastructure and the personal data protection, a statement released on…
Category: Federal
Au: Infrastructure companies must report cyberattacks within 12 hours
Tom Burton reports: Critical infrastructure operators must now report significant cyber breaches to the federal government within 12 hours of an attack, following the expiry of a three-month grace period that enabled nearly 2500 of them to prepare for the new rules. Owners of electricity, gas, ports and water, and sewerage assets are also required…
Dangerous Ruling Says If Someone Goes Onto Your Openly Shared Google Drive, You Can Sue Them For Unauthorized Access
Mike Masnick writes: If you accidentally leave your Google Drive accessible to anyone with the URL, and someone goes there and deletes stuff, is that “unauthorized access” and a violation of the CFAA? To me, the answer should be absolutely not. But in this recent ruling the judge went the other direction (first noted by Evan Brown). So,…
FTC Finalizes Action Against CafePress for Covering Up Data Breach, Lax Security
CafePress Must Bolster Data Security Protections, Pay Half a Million Dollars The Federal Trade Commission finalized an order against CafePress over allegations that it failed to secure consumers’ sensitive personal data including Social Security numbers and covered up a major data breach. The Commission’s order requires the company to bolster its data security and requires its former…
FTC Weighs In On Data Breach Notification
Liisa M. Thomas, Kari M. Rollins, and Julia K. Kadish of Sheppard, Mullin, Richter & Hampton LLP write: The FTC recently reminded companies that principles of fairness and the likelihood of harm may in some cases prompt breach notification. This requirement might exist even if state breach notice laws have not been triggered. The FTC emphasized at the…
New Canadian cybersecurity bill to require mandatory reporting of ransomware, other attacks
Jim Bronskill reports: Businesses and other private-sector organizations would be required to report ransomware incidents and other cyberattacks to the government under a federal bill to be tabled today. The legislation is intended to flesh out Liberal government efforts to protect critical infrastructure following last month’s announcement that Chinese vendors Huawei Technologies and ZTE will be banned from Canada’s…