Patrick H. Haggerty and Elise Elam of BakerHostetler write: On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification requirements such as a mandatory 24-hour notification for cyber ransom payments, specific requirements for…
Category: Legislation
The SEC’s cyberattack reporting rules are seeing fierce opposition. CISA is poised to do better.
Kyle Alspach reports: As the chief information security officer of a large, publicly traded tech company, Drew Simonis has been keeping a close eye on the SEC’s proposed rules to require reporting of major cyberattacks. Simonis, who works at Juniper Networks, has some serious concerns shared by many executives in U.S. private industry. Some of the proposed…
Malaysian minister says amendments to PDPA in the works after repeated data breached
Yiswaree Palansamy reports: Communications and Multimedia Minister Tan Sri Annuar Musa today said that several amendments to Act 709 of the Personal Data Protection Act (PDPA) 2010 are in the pipeline to strengthen the law, after a series of personal data breaches in the country this year. […] “For information, among the proposed amendments would…
Federal Bill Would Broaden FTC’s Role in Cybersecurity and Data Breach Disclosures
Kristin L. Bryan and Jeffrey L. Turner of Squire Patton Boggs write: Last week, the House Energy and Commerce Committee advanced H.R. 4551, the “Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act” (“RANSOMWARE Act”). H.R. 4551 was introduced by Consumer Protection and Commerce Ranking Member Gus Bilirakis…
Florida Follows North Carolina in Prohibiting State Agencies from Paying Ransoms
Elise Elam and Benjamin Wanger of BakerHostetler write: We recently wrote about North Carolina’s new law prohibiting state agencies – including public schools and universities – from paying a ransom or even communicating with a threat actor following a ransomware incident. On June 24, Florida followed suit when its governor signed HB 7055 into law, amending portions…
Joint Statement by the United States and the United Kingdom on Data Access Agreement
The United States and United Kingdom intend to bring into force the Agreement between the Government of the United States of America and the Government of the United Kingdom of Great Britain and Northern Ireland on Access to Electronic Data for the Purpose of Countering Serious Crime (“Data Access Agreement”), which was signed in 2019,…