Following up on President Biden’s recent executive order and the Justice Department’s notice of proposed rulemaking, CISA has issued the following: PROPOSED SECURITY REQUIREMENTS FOR RESTRICTED TRANSACTIONS Pursuant to Exec. Order 14117, Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern On February 28, 2024, President Biden signed…
Category: Legislation
Justice Department Issues Comprehensive Proposed Rule Addressing National Security Risks Posed to U.S. Sensitive Data
From the U.S. Department of Justice, October 21: Proposed Rule Would Establish New Program to Implement Executive Order to Prevent Access to Americans’ Sensitive Personal Data by Russia, Iran, China, and Other Countries of Concern Note: Read the Department’s fact sheet on this matter here. The Justice Department today issued a Notice of Proposed Rulemaking (NPRM) to implement…
NYDFS Superintendent Adrienne A. Harris Issues New Guidance to Address Cybersecurity Risks Arising from Artificial Intelligence
October 16, 2024 New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today issued new guidance to assist regulated entities in addressing and combating cybersecurity risks arising from artificial intelligence. The guidance builds on the Department’s ongoing work to protect New Yorkers and DFS-licensed entities from cybersecurity risks through its nation-leading cybersecurity…
Do the Marriott cybersecurity settlements send the wrong message to CISOs, CFOs?
A report by Evan Schuman about recent Marriott settlements with the FTC and state attorneys general suggests that the settlements leave much to be desired. Both settlements have cybersecurity requirements, and the state settlement has a monetary component, but neither is strong enough as far as some experts are concerned. Here’s a snippet or two…
Cyber resilience act: Council adopts new law on security requirements for digital products
This is big. From the Council of the EU: The Council adopted today a new law on cybersecurity requirements for products with digital elements with a view to ensuring that products, such as connected home cameras, fridges, TVs, and toys, are safe before they are placed on the market (cyber resilience act). The new regulation…
General Hospital Cybersecurity Requirements Take Effect in New York
Mark Furnish and Jane M. Preston of Greenberg Traurig, LLP write: A new regulation related to cybersecurity program requirements for all New York general hospitals licensed under Article 28 of the Public Health Law (PHL) took effect Oct. 2, 2024. All general hospitals must comply with the new provisions within one year of the adoption…