Deborah George of Robinson & Cole writes: California is the gold standard for state privacy laws, having recently enacted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Virginia and Colorado also have enacted comprehensive privacy laws, which will take effect in 2023. Recently, the International Association of Privacy Professionals (IAPP)…
Category: Legislation
HIPAA: The Who: Plans, Providers, and Clearinghouses, and the First of the Rule of 3s.
With all the wildly erroneous claims made by people about what is covered by HIPAA, here’s a great explainer by attorney Jeff Drummond on exactly what kinds of entities ARE covered by HIPAA (Spoiler alert: yes, your local bar CAN ask you your vaccination status without violating HIPAA because they are not covered by HIPAA)….
Hackers to face 25 years in jail for cyber attacks on Australia’s national infrastructure
Zach Marzouk reports: Hackers could face up to 25 years in jail if found guilty of cyber offences against Australia’s critical infrastructure, under proposed changes introduced by the government today. The government tabled the Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 in a bid to modernise criminal offences and procedures to respond to the threat of ransomware….
Tech Transactions & Data Privacy 2022 Report: Ransomware Reporting Requirements: A Look Forward into Evolving Security Incident Notification Rules
Michael J. Waters and Colin H. Black of Polsinelli write: Tech Transactions & Data Privacy 2022 Report Data breach notification laws in the United States have historically focused on notifying individuals, regulators and others in situations in which personal information has been accessed or acquired. Ransomware attacks, while incredibly disruptive, do not always involve data…
SEC’s breach notification proposal one step closer to a final vote
Tonya Riley reports: The Securities and Exchange Commission voted Wednesday 3-1 to approve a recommendation for tighter mandatory cybersecurity requirements for financial institutions. The proposed rule will now open to public comment before a final vote. “The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers…
Ethical hackers face tough sanction under Jamaican law
From the threats-to-ethical-hacking-and-a-free-press department, Edmond Campbell reports: Ethical hackers who find vulnerabilities on government or private websites in Jamaica could face a $3-million fine and three-year prison sentence if a provision in the Cybercrimes Act, 2015, remains and receives the nod from Parliament. That threat could penalise actors such as Zack Whittaker, the security editor at…