Catherine Stupp reports: Facebook Inc., Clubhouse and Microsoft Corp.’s LinkedIn have stressed that recently reported data leaks involved information from public user profiles, not from security breaches. In the European Union, where privacy laws require businesses to protect even publicly available personal data, that distinction may not relieve them of responsibility. Read more on WSJ.
Category: Legislation
Brit authorities could legally do an FBI and scrub malware from compromised boxen without your knowledge
Gareth Corfield comments: UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments – but some members of the British infosec industry are remarkably quiet about whether this would be a good thing. In the middle of last week the American authorities made waves after deleting web shells…
Bank Groups Object to Proposed Breach Notification Regulation
Doug Olenick reports: The American Bankers Association and three other groups have voiced objections to provisions in a cyber incident notification regulation for banks proposed by three federal agencies. For example, they say that the definition of a reportable “computer security incident” is too broad and would result in the reporting of insignificant events. The…
DOL Issues Cybersecurity Best Practices for ERISA Covered Retirement Plans
Joseph J. Lazzarotti of JacksonLewis writes: Today, the U.S. Department of Labor’s Employee Benefits Security Administration (EBSA) issued much anticipated cybersecurity guidance for employee retirement plans. This comes more than four and a half years after the ERISA Advisory Council, a 15-member body appointed by the Secretary of Labor to provide guidance on employee benefit plans, shared with the…
Maine Enacts NAIC-Inspired Cybersecurity Law
Heather McArn, Bryant Roby Jr. and Judith Selby of Hinshaw write: Maine has become the latest state to adopt a version of the National Association of Insurance Commissioners (NAIC) model cybersecurity law. Signed into law on March 17, 2021, the Maine Insurance Data Security Act establishes investigation procedures, data security program standards, and notification requirements for persons…
Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2021
Resource: Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2021 (registration required to access it)