Mark Young and Tomos Griffiths of Covington and Burling write: In the early hours of Friday, 13 May, the European Parliament and the Council of the EU reached provisional political agreement on a new framework EU cybersecurity law, known as “NIS2”. This new law, which will replace the existing NIS Directive (which was agreed around the same…
Category: Legislation
Mint gets data breach claims dismissed
Alyssa M. Sones of SheppardMullin writes about a data breach lawsuit with a somewhat different, albeit unsuccessful, approach. Sones explains: Fraser’s allegation that Mint had a role in helping the hacker gain control of his phone number sets this case apart from the typical data breach case….. Fraser alleges that Mint allowed Fraser’s number to…
UK Announces Data Reform Bill
Hunton Andrews Kurth writes: On May 10, 2022, as part of the Queen’s Speech, the UK government announced its intention to introduce a Data Reform Bill (the “Bill”). The UK government’s background and briefing notes to the Queen’s Speech state that the purpose of the Bill is to “take advantage of the benefits of Brexit to create a…
Two States Enact Insurance Data Security Laws
Hunton Andrews Kurth writes: In April 2022, two states enacted insurance data security legislation based on the National Association of Insurance Commissioners (“NAIC”) Insurance Data Security Model Law (MDL-668). Kentucky Governor Andy Beshear signed HB 474 into law on April 8, 2022, and Maryland Governor Larry Hogan signed SB 207 into law on April 21, 2022. The new laws establish…
Indian government makes user data collection mandatory for VPNs; Providers debate leaving country
Rahul Verma reports: The Indian government has introduced a new IT policy that requires virtual private network companies (VPNs) to collect extensive customer data and maintain it for five years or more. The directive came from Computer Emergency Response Team, CERT-in. The new policy lists data centers and crypto exchanges under the same provision. The…
India to introduce six-hour data breach notification rule
Stephen Pritchard reports: Organizations in India face a six-hour data breach reporting deadline, following the introduction of new rules by the country’s computer emergency response team, CERT-In. The new rules will apply to critical parts of India’s network and IT infrastructure, including service providers, data centers, government organizations, and corporations. Read more at TheDailySwig.