Ashden Fein, Micaela McMurrough, Caleb Skeath, and Matthew Harden of Covington & Burling write: On March 3, 2023, the United States Environmental Protection Agency (“EPA”) published a memorandum requiring states to evaluate the cybersecurity of operational technology used by public water systems (“PWSs”) “when conducting PWS sanitary surveys or through other state programs.” EPA’s memorandum “interprets the…
Category: State/Local
Little Rock school district seeks cyberattack disclosure guidance
Arkansas Online reports: The Little Rock School District is continuing to seek an attorney general’s opinion on the legality of holding private school board meetings when reacting to a cyber- or ransomware attack on a district’s electronic information systems. Little Rock Superintendent Jermall Wright sent a lengthy letter in January to the attorney general’s office…
NY lawmakers vow to tackle cyber hack attacks against hospitals, schools
Carl Campanile reports: New York state lawmakers have promised to make helping local governments, schools and hospitals protect against cyber ransomware attacks a top priority during the 2023 legislative session. It comes after a wave of such attacks hit institutions across the Empire State, with the computer systems of a major Brooklyn hospital network and those of the Suffolk County…
2023 New Year’s Resolution: Don’t Get “Whacked” By A State AG for Cybersecurity Compliance
Joe Lazzarotti of Jackson Lewis writes: It usually happens after a reported data breach. The organization experiencing the breach sends notifications to affected individuals, as well as federal and or state agencies where appropriate and perhaps other parties. Not long thereafter, the organization receives an inquiry from one or more government agencies. These inquiries typically…
Nevada Gaming Commission Adopts Cybersecurity Regulations
Joseph Lazzarotti of JacksonLewis writes: On December 22, 2022, the Nevada Gaming Commission (NGC) adopted regulations creating new cybersecurity requirements for certain gaming operators. This action joins agencies in other jurisdictions moving quickly to protect consumers and their personal information in the gaming industry. The NGC adopted the October 17, 2022 version of the regulations, which become effective January…
PA: Media’s reporting on breach led to new state data breach law
Rick Earle reports: An exclusive Target 11 investigation into a massive data breach last year has led to a new state law meant to protect every citizen of the Commonwealth. Target 11 Investigator Rick Earle broke the story of that data breach last April and now because of his reporting, state lawmakers passed legislation requiring timely notification of…