Sean Tassi reports: Until recently, colleges and universities that experienced a data breach had no unique reporting obligations to the U.S. Department of Education. Institutions were expected to analyze security incidents under applicable federal and state laws and, when appropriate, notify affected individuals and appropriate federal and state agencies. Because the Family Educational Rights and…
Category: Federal
PH: House okays measure declaring credit-card fraud as heinous crime
Jovee Marie de la Cruz reports on a Philippine bill working its way through their legislature: The House of Representatives on Monday approved on third and final reading a measure declaring hacking of bank systems and stealing 50 or more ATM or credit-card details as economic sabotage. Voting 224-0, lawmakers passed House Bill (HB) 6710,…
FR: CNIL issues new data security guidelines
On January 23, 2018, the French data protection authority (the CNIL) published new guidelines on the security of personal data (updating its previous security guide published in 2010 available in English) , providing practical recommendations in the form of “Do’s and Dont’s” to help businesses implement appropriate measures to protect personal data in compliance with…
House Passes Cyber Vulnerability Disclosure Reporting Act
Jennifer Martin and Calvin Cohen write: On January 9, the House of Representatives passed the Cyber Vulnerability Disclosure Reporting Act by voice vote. The Act directs the Secretary of the U.S. Department of Homeland Security (“DHS”) to prepare a report describing the policies and procedures that DHS developed to coordinate the cyber vulnerability disclosures. Under…
(Another) Federal Data Breach Notification Law Introduced in Congress
Gregory Bautista, Jeremy T. Merkel, and Alex Moh of Wilson Elser Moskowitz Edelman & Dicker LLP write: Senate Democrats have introduced a third iteration of a federal data breach notification bill, the Data Security and Breach Notification Act of 2017 (S.B. 2179). If passed into law, this bill would replace the patchwork of 48 separate state breach notification…
SCOTUS Will Not Review CFAA Password Sharing Case
Jason C. Gavejian writes: The United State Supreme Court recently denied certiorari in Nosal v. United States, 16-1344, declining to weigh in on the scope of unauthorized access under the Computer Fraud and Abuse Act (“CFAA”). The Ninth Circuit held in Nosal that David Nosal violated the CFAA by using his past assistant’s password to…