Hunton Andrews Kurth writes: In April 2022, two states enacted insurance data security legislation based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law (MDL-668). Kentucky Governor Andy Beshear signed HB 474 into law on April 8, 2022, and Maryland Governor Larry Hogan signed SB 207 into law on April 21, 2022. The new laws establish…
Category: Legislation
Indian government makes user data collection mandatory for VPNs; Providers debate leaving country
Rahul Verma reports: The Indian government has introduced a new IT policy that requires virtual private network companies (VPNs) to collect extensive customer data and maintain it for five years or more. The directive came from Computer Emergency Response Team, CERT-in. The new policy lists data centers and crypto exchanges under the same provision. The…
India to introduce six-hour data breach notification rule
Stephen Pritchard reports: Organizations in India face a six-hour data breach reporting deadline, following the introduction of new rules by the country’s computer emergency response team, CERT-In. The new rules will apply to critical parts of India’s network and IT infrastructure, including service providers, data centers, government organizations, and corporations. Read more at TheDailySwig.
North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms
Hunton Andrews Kurth writes: On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack. North Carolina’s new law, which was passed as part of the state’s 2021-2022 budget appropriations, prohibits government entities from paying a ransom to…
Singapore to license pentesters and managed infosec operators
Laura Dobberstein reports: Cybersecurity service providers must for licenses to operate in Singapore, under new regulations launched by the country’s Cyber Security Agency (CSA) on Monday. The new licensing framework requires vendors that offer penetration testing, and/or managed security operations centers (SOC) to get a licenses, in recognition that they access customers’ systems and therefore pose a…
ANNOUNCE: HHS’ Office for Civil Rights Seeks Public Comment on Recognized Security Practices and Sharing Civil Money Penalties and Monetary Settlements Under the HITECH Act
The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) today released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act), as amended in 2021. The growing number of cybersecurity threats are…