Orin Kerr writes: I’ve blogged a lot on the scope of the Computer Fraud and Abuse Act, and specifically on whether using a computer in violation of a computer use policy or Terms of Service is a federal crime. I’ve been banging the drum urging courts to adopt a narrow interpretations of the Act for a decade,…
Category: Legislation
Latest Data Breach Notification Bill Won’t Go Far
Eduard Goodman of Identity Theft 911 dissects the data breach notification bill introduced last month by Rep. Toomey and finds it seriously wanting: The latest bill to address the problem of data breaches is just one of an increasingly long line of proposed federal breach notice regulations with little to no chance of becoming law…
EU wants breach notification for certificate authorities
Stewart Mitchell reports: European authorities plan to clamp down on certificate authorities, demanding security signing organisations speak up if hit by hackers. Certificate authorities – either private or government backed – issue digital certificates that verify web pages and code, and are a key component of the web running smoothly and securely. But as last…
Cybercrime disclosures rare despite new SEC rule
Embedded in revisions to a proposed cybersecurity law are some provisions on mandatory breach notification. Richard Lardner reports: The chairman of the Senate Commerce, Science and Transportation Committee, Sen. Jay Rockefeller, D-W.Va., is adding a provision to cybersecurity legislation that would strengthen the reporting requirement. The SEC’s cybersecurity guidance issued in October is not mandatory. It was…
Old law puts school data at risk
Susan Palmer reports: An obscure state regulation — one that requires districts to keep student records for decades — is one reason several thousand Eugene School District students are at risk of having their Social Security numbers hijacked following a security breach of the district’s electronic records. School districts must retain student records for 75…
France’s New Breach Notification Requirements
Maryanne Stanganelli reports: On May 28, 2012, the French data protection regulator (CNIL) released new guidance on breach notification laws. The guidance regards a 2011 ordinance that recently came into force on April 1. Among other things, the ordinance amends existing French data protection law (Law on Information Technology and Liberties (78-17 of 1978)) to…