Cobun Zweifel-Keegan writes: In its most recent cybersecurity enforcement decision, the U.S. Federal Trade Commission announced a draft settlement agreement with the current and former operators of the customized merchandise website CafePress.com. Although the unanimous consent order focuses primarily on the company’s lax security practices, which allegedly led to multiple data breaches, there are also a few…
Category: Legislation
SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies
Washington D.C., March 9, 2022 — The Securities and Exchange Commission today proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. “Over the years, our disclosure regime has evolved to reflect evolving risks and investor needs,” said SEC Chair Gary Gensler. “Today,…
U.S. Congress Passes Cyber Incident and Ransom Payment Reporting Requirement
Energy, financial services, food and agriculture, healthcare, information technology, defense industrial base, and other critical infrastructure entities in the United States will face new cyber incident reporting requirements as a result of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the Act), enacted by the U.S. Congress on March 10, 2022. Read more…
Breach Notification: Poor Transparency Complicates Response
Anyone trying to make sense of data breach trends faces a transparency challenge. Too often, a lack of detail undercuts consumers’ ability to assess their identity theft risk and businesses’ ability to block emerging attacks or ensure that their supply chains remain secure. Amen to that! Read Mathew J. Schwartz’s article on BankInfoSecurity.
Airline Sues to Stop Popular Web-Scraping Service–American Airlines v. The Points Guy
Kieran McCarthy writes: Those interested in web scraping legal issues had high hopes that the Supreme Court’s opinion in Van Buren v. United States last summer would provide clear guidelines on which types of online data access were permissible and which were not. And while most would agree that the Supreme Court avoided a worst-case scenario with its…
At Least 22 States Have Consumer Privacy Legislation Pending – Will 2022 Be the Year for More State Privacy Laws?
Deborah George of Robinson & Cole writes: California is the gold standard for state privacy laws, having recently enacted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Virginia and Colorado also have enacted comprehensive privacy laws, which will take effect in 2023. Recently, the International Association of Privacy Professionals (IAPP)…