Marianne Kolbasuk McGee reports: The University of Texas MD Anderson Cancer Center has filed a lawsuit arguing that a $4.3 million HIPAA penalty levied against it last year by the Department of Health and Human Services following three data breaches involving unencrypted devices was unlawful. In the complaint filed Tuesday in a Texas federal court,…
Category: Federal
Elizabeth Warren proposes holding execs criminally liable for scams and data breaches
Cory Doctorow reports: A new bill from Senator Elizabeth Warren proposes personal, criminal liability for top executives of companies turning over more than $1B/year when those companies experience data breaches and scams due to negligence (many of the recent high-profile breaches would qualify, including the Equifax giga-breach, as well as many of Wells Fargo’s string…
Lawmakers introduce bipartisan bill for ‘internet of things’ security standards
Jacqueline Thomsen reports: A bipartisan group of lawmakers on Monday unveiled legislation that would create cybersecurity standards for internet-connected devices, often known as the “internet of things.” The bill, introduced in the Senate by Sens. Mark Warner (D-Va.) and Cory Gardner (R-Colo.) and in the House by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.),…
FTC Proposes to Add Detailed Cybersecurity Requirements to the GLBA Safeguards Rule
Mike Nonaka, Libbie Canter, David Stein and Sam Adriance of Covington & Burling write: On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”). Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which…
Republicans, Democrats Offer Different Views on Preemption During Senate Privacy Hearing
James Strawbridge of Covington & Burling writes: At a February 27, 2019 hearing on “Privacy Principles for a Federal Data Privacy Framework in the United States,” Republican and Democratic members of the Senate Commerce, Science, & Transportation Committee offered different perspectives on whether new federal privacy legislation should preempt state privacy laws. Chairman Roger Wicker…
Japanese government plans to hack into citizens’ IoT devices
Catalin Cimpanu reports: The Japanese government approveda law amendment on Friday that will allow government workers to hack into people’s Internet of Things devices as part of an unprecedented survey of insecure IoT devices. The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision…