Damon W. Silver of JacksonLewis writes: As noted in a prior post, New York’s Attorney General (“NYAG”) has made enforcement of the New York SHIELD Act an enforcement priority. The SHIELD Act requires organizations handling personal information related to New York residents to maintain reasonable safeguards to protect that information. Maintaining its focus on this area, the NYAG…
Category: Legislation
Stronger cybersecurity, reducing cyber incidents, greater EU ‘strategic autonomy’? Three interesting features of the proposed EU Cyber Solidarity Act
Mark Young, Paul Maynard, and Anna Sophia Oberschelp de Meneses of Covington & Burling write: On April 18, 2023, the European Commission published its proposal for an EU Cyber Solidarity Act (“CSA”). It aims to strengthen incident detection, situational awareness, and response capabilities, and to ensure that entities providing services critical for day-to-day life can access expert…
NIST to Finalize Special Publication (SP) 800-66 Revision 2 and Collaborate on Resources for Small, Regulated Entities
NIST to Finalize Special Publication (SP) 800-66 Revision 2 and Collaborate on Resources for Small, Regulated Entities April 25, 2023 For the past 18+ months, the National Institute of Standards and Technology (NIST), in collaboration with the HHS Office for Civil Rights (OCR), has been working to update NIST Special Publication (SP) 800-66, Implementing the Health…
Nunn announces bipartisan plan to prevent school cyberattacks
Grant Gerlock reports: Third District Congressman Zach Nunn is supporting federal legislation aimed at preventing school cyberattacks like the one that canceled classes for Des Moines students for two days earlier this year. The measure would make federal officials available to advise school districts on ways to improve network security and respond to hacking attempts….
Virginia Passes Legislation Prohibiting the Use of Employees’ Social Security Numbers as Identifiers
Jason C. Gavejian and Joseph J. Lazzarotti of JacksonLewis write: On March 21, 2023, Virginia’s governor approved Senate Bill 1040, which prohibits an employer from using an employee’s social security number or any derivative as an employee’s identification number. The bill also prohibits including an employee’s social security number or any number derived from the social…
How the Federal Tort Claims Act Extricates Certain Health Care Providers From Data Breach Class Action Suits
John Cleary and Shundra Crumpton Manning of Polsinelli write: Data breach class action litigation continues to occupy center stage in the ongoing struggle to secure compensation and redress for legitimate victims of actionable cybersecurity shortcomings of data owners. The underlying scenarios in these cases encompass criminal hacking episodes, rogue employees, carelessness and unforeseen material gaps…