The Federal Trade Commission today announced it has finalized changes to the Health Breach Notification Rule (HBNR) that will strengthen and modernize the rule by clarifying its applicability to health apps and other similar technologies and expanding the information that covered entities must provide to consumers when notifying them of a breach of their health…
Category: Legislation
Resource: U.S. State Data Breach Notification Laws
There’s an update to Foley & Lardner’s resource on U.S. state data breach notification laws. They explain what their resource applies and what it doesn’t apply to: While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches…
NIS2 implementation enters the final stretch – six months to deadline
Mark Young, Paul Maynard, and Aleksander Aleksiev of Covington and Burling write: In six months’ time, on 17 October 2024, Member State laws that transpose the EU’s revised Network and Information Systems Directive (“NIS2”) will start to apply. As described in more detail in our earlier blog post (here), NIS2 significantly expands the categories of…
Prominent US senator sees new momentum for healthcare cybersecurity push
Eric Geller reports: As U.S. hospitals struggle to pay their employees amid a cyberattack that knocked out a major payment vendor, a powerful Democratic senator is seizing the moment to push for better security in the sorely vulnerable healthcare sector. Sen. Mark Warner (D-VA) has introduced legislation that would require hospitals and their technology vendors…
K12 SIX Applauds Launch of K-12 Education Cybersecurity Council
On March 28, 2024, the U.S. Department of Education—in coordination with the Cybersecurity and Infrastructure Security Agency (CISA)—held the kickoff meeting of the Education Facilities Subsector Government Coordinating Council (GCC), designed to facilitate formal, ongoing collaboration between all levels of government and the education sector on issues of K-12 cybersecurity risk management. Organized in response…
Proporsed Rule: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements
A quick note that the official draft of CIRCA is now published: A Proposed Rule by the Homeland Security Department on 04/04/2024 All information is linked from https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements NOTE: This is quite long, so leave yourself time to read it. Comments and related material must be submitted on or before June 3, 2024.