Gareth Corfield comments: UK authorities could lawfully copy the FBI and forcibly remove web shells from compromised Microsoft Exchange server deployments – but some members of the British infosec industry are remarkably quiet about whether this would be a good thing. In the middle of last week the American authorities made waves after deleting web shells…
Category: Legislation
Bank Groups Object to Proposed Breach Notification Regulation
Doug Olenick reports: The American Bankers Association and three other groups have voiced objections to provisions in a cyber incident notification regulation for banks proposed by three federal agencies. For example, they say that the definition of a reportable “computer security incident” is too broad and would result in the reporting of insignificant events. The…
DOL Issues Cybersecurity Best Practices for ERISA Covered Retirement Plans
Joseph J. Lazzarotti of JacksonLewis writes: Today, the U.S. Department of Labor’s Employee Benefits Security Administration (EBSA) issued much anticipated cybersecurity guidance for employee retirement plans. This comes more than four and a half years after the ERISA Advisory Council, a 15-member body appointed by the Secretary of Labor to provide guidance on employee benefit plans, shared with the…
Maine Enacts NAIC-Inspired Cybersecurity Law
Heather McArn, Bryant Roby Jr. and Judith Selby of Hinshaw write: Maine has become the latest state to adopt a version of the National Association of Insurance Commissioners (NAIC) model cybersecurity law. Signed into law on March 17, 2021, the Maine Insurance Data Security Act establishes investigation procedures, data security program standards, and notification requirements for persons…
Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2021
Resource: Hogan Lovells Asia Pacific Data Protection and Cyber Security Guide 2021 (registration required to access it)
Utah is the 2nd State to Create a Safe Harbor for Companies Facing Data Breach Litigation
Joseph J. Lazzarotti, Jason C. Gavejian, and Maya Atrakchi of JacksonLewis write: In mid-March, Utah Governor Spencer Cox signed into law the Cybersecurity Affirmative Defense Act (HB80) (“the Act”), an amendment to Utah’s data breach notification law, creating several affirmative defenses for persons (defined below) facing a cause of action arising out of a breach…