Last week, we discussed the Federal government’s first steps toward implementing the Cybersecurity Information Sharing Act (CISA). Among the guidance documents released by the Department of Homeland Security and the Department of Justice were the Privacy and Civil Liberties Interim Guidelines. This guidance is designed to apply Fair Information Practice Principles (FIPPs) to Federal agency… Continue Reading
Legislation
Subscribe to Legislation RSS FeedCyber Threat Information Sharing Guidelines Released by DHS
Posted in Cybersecurity, Cybsersecurity Information Sharing Act (CISA), Legislation, SecurityThis week, the Federal government took the first steps toward implementation of the The Cybersecurity Information Sharing Act (CISA), enacted into law last December. CISA aims to encourage sharing of cyber threat indicators and defensive measures among private companies and between the private sector and the Federal government by providing liability protection for sharing such information… Continue Reading
Judicial Redress Act passes the House with the Senate Amendments
Posted in European Union, Federal Trade Commission, Judicial Redress Act, Legislation, Privacy Shield, Safe Harbor, Umbrella Agreement, UncategorizedThe amended Judicial Redress Act has passed the House and is on its way to the president to be signed into law. The Act, which we covered in an earlier blog post, gives citizens of foreign countries the same rights as US citizens in connection with the use by the US government of their personal data,… Continue Reading
(So) What if there’s no Safe Harbor 2.0?
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, EDPS, Employee Privacy, EU Data Protection Regulation, European Court of Justice, European Union, Federal Trade Commission, Legislation, Privacy Regulation, Safe HarborThere’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially illegal personal data transfers to the US. But if it doesn’t happen, the US is actually not any worse… Continue Reading
Happy New Year – Cybersecurity Information Sharing Act
Posted in Cybersecurity, Legislation, Privacy Regulation, Security, UncategorizedJust at the end of 2015, the Cybersecurity Information Sharing Act (CISA) was enacted into law as part of the omnibus spending measure passed by Congress and signed by President Obama at right before Christmas. The legislation combines elements from the versions of CISA that passed the House in April of 2015 and the… Continue Reading
EU Parliament Committee calls on the Commission for immediate action on US data transfers
Posted in Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Safe Harbor, Social MediaThe EU Parliament committee that is charged with considering data protection matters (LIBE) has issued a press release calling on the European Commission to take action before the end of 2015 to come up with alternatives to Safe Harbor. Importantly, LIBE has also called on the Commission to reassess whether the European Court of Justice’s… Continue Reading
EU Data Protection Regulation – Did you know there’s an app for that?
Posted in EU Data Protection Regulation, European Union, LegislationAs EU data protection watchers know, the draft General Data Protection Regulation (which has been around long enough to be universally referred to by its acronym, GDPR) exists in three major versions, with a fourth version recently released by the office of the European Data Protection Supervisor (EDPS). The EDPS is the EU’s own internal… Continue Reading
FCC Chairman Tom Wheeler Speaks about Cybersecurity at RSA Conference
Posted in Cybersecurity, Legislation, Privacy Regulation, SecurityAs cyber week continues in Washington, Federal Communications Commission Chairman Tom Wheeler traveled to the west coast to speak about cybersecurity at the RSA Conference in San Francisco. Wheeler noted that the FCC has several charges to protect against cyber-attacks and similar threats, including the agency’s responsibility to protect the safety of communications networks generally,… Continue Reading
It’s Cyber Week in Washington, DC — and RSA Conference Week in San Francisco
Posted in Cybersecurity, Legislation, Privacy RegulationSecurity is on the agenda from coast to coast this week. Cybersecurity information sharing legislation will hit the House floor this week. H.R. 1731, the National Cybersecurity Protection Advancement Act was reported out of the House Committee on Homeland Security on April 17, and H.R. 1560, the Protecting Cyber Networks Act was moved by the… Continue Reading
One Less Carrot for Business: Council of European Union Limits the “One-Stop Shop” Mechanism in the Draft Data Protection Regulation
Posted in EU Data Protection Regulation, European Union, Legislation, Privacy RegulationThe draft Data Protection Regulation doesn’t offer many carrots to business – and a recent announcement by the Council of the European Union takes away one of the biggest carrots, the “One-Stop Shop” mechanism. The One-Stop Shop refers to the principle that businesses would have to deal with just a single national data protection authority instead of… Continue Reading
Privacy Monday – January 26, 2015
Posted in Cybersecurity, Data Breach, HIPAA/HITECH, Legislation, Privacy Monday, Privacy Regulation, UncategorizedGood Monday – The East Coast prepares for Apocalypse (Sn)ow. In the meantime, here are three privacy-related tidbits for your day. Privacy Concerns Cause Scale Back of Release of HealthCare.gov Data We spend a fair amount of time warning about third party vendors and the risk that such vendors can pose to sensitive data. … Continue Reading
Cybersecurity and Privacy in State of the Union Address
Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Legislation, Privacy Regulation, SecurityAs expected in his State of the Union address last night, President Obama made it very clear that cybersecurity is on his agenda for 2015. After stating that: “No foreign nation, no hacker should be able to shut down our networks, steal our trade secrets or invade the privacy of American families, especially our kids,”… Continue Reading
White House Proposes National Data Breach Notification Standard
Posted in Cybersecurity, Data Breach, Data Breach Notification, Federal Trade Commission, Legislation, Privacy RegulationWritten by Cynthia Larose, CIPP and Ari Moskowitz, CIPP This has been a big week for cybersecurity announcements from Washington. In what the White House has called a series of “SOTU Spoilers,” President Obama announced his intention to follow through on some of the recommendations in his administration’s Big Data report — the culmination of… Continue Reading
Privacy Monday – January 12, 2015
Posted in Cybersecurity, Data Breach Notification, Data Compliance & Security, Employee Privacy, Federal Trade Commission, Legislation, Privacy Monday, Privacy Regulation, SecurityThree privacy/security stories that you should know as you start your week: President Obama to Offer Cybersecurity/Privacy Previews to State of the Union Proposals In a series of speeches this week, President Obama will preview important issues to appear in his January 20th State of the Union address. A White House official said… Continue Reading
For the New Year – A New Mintz Matrix of State Data Breach Notification Laws
Posted in Data Breach, Data Breach Notification, Legislation, Privacy Regulation, UncategorizedMake sure to get your January 2015 Mintz Matrix! Available here for downloading and always linked through the blog right hand navigation bar. Things you will not want to miss: California has significantly amended its breach notification requirements Kentucky’s new data breach law (2014) is expanded effective January 1 As always, this chart is… Continue Reading
On the Fifth Day of Privacy, California (and Delaware) gave to me
Posted in 12 Days of Privacy, Children, Cloud Computing, Data Breach Notification, Legislation, Privacy Regulationsing it with me now…. Five Golden Rules…….(well, five new privacy laws/requirements) There are five significant new privacy laws/amendments that will be effective as of New Year’s Day — January 1, 2015 — and four are from California. Pull up a chair, brew that cup of tea. It’s time to review and prepare.
Privacy Monday: December 8, 2104 – The Twelve Days of Privacy 2014
Posted in 12 Days of Privacy, Cybersecurity, Data Compliance & Security, EU Data Protection Regulation, Insurance, Legislation, Mobile Privacy, Privacy Litigation, Privacy Monday, Privacy Regulation, UncategorizedOur series last year was a reader favorite, so we decided to put our prognosticator hats on again and present: Rather than look back at 2014, starting tomorrow, the Privacy & Security blog will count down The 12 Days of Privacy, looking ahead to what we might expect in 2015 and what we might… Continue Reading
My company isn’t a search engine. Why should I care about Google Spain?
Posted in Data Breach, Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Privacy Litigation, Privacy RegulationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) Google – along with the rest of us – is still considering the implications of the European Court of Justice’s May 13, 2014 decision that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis… Continue Reading
Minnesota Proposes Expansive Amendment to Data Breach Notification Law
Posted in Data Breach, Data Breach Notification, LegislationTwo days ago, we heard that Target Corporation has brought in an information security heavy hitter to oversee the company’s post-breach data security and technology operations. Now we learn that its home base of operations, Minnesota, is the latest state to propose a legislative reaction to the Target data breach. The Minnesota legislature has introduced an… Continue Reading
Congress Moves Critical Infrastructure Cybersecurity Bill
Posted in Cybersecurity, LegislationOn Wednesday, the House Homeland Security Committee passed a substitute bill for H.R. 3696, the National Cybersecurity and Critical Infrastructure Protection Act of 2013. The committee substitute bill was broadly supported by both parties. As it presently stands, H.R. 3696 delegates to the Department of Homeland Security the responsibility for civilian cybersecurity research and development, incident detection… Continue Reading
California Moves to Restrict Collection of Consumer Personal Information Online: the Process, History and Politics Behind Senate Bill 383
Posted in Data Compliance & Security, Legislation, Privacy Litigation, Privacy RegulationWritten by Jake Romero The California Senate has passed a bill restricting the information that certain online retailers can collect in connection with consumer purchases. Senate Bill 383 would amend Sections 1747.02 and 1747.08 of the California Civil Code to address the collection of customer information in connection with credit card purchases in online transactions… Continue Reading
New Timeline for Adoption of Definitive EU Data Protection Regulation
Posted in European Union, Legislation, Privacy RegulationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The European Commission announced yesterday that it is working towards a revised timeline for the adoption of a definitive Data Protection Regulation by the end of 2014. While Commissioner Viviane Reding’s press release about finalizing the Regulation by the end of 2014 has been… Continue Reading
On the 9th Day of Privacy, the European Union Gave to Me . . .
Posted in Data Breach Notification, Data Compliance & Security, Employee Privacy, European Union, Legislation, Privacy Regulation. . . a delayed delivery notice for the biggest package of the holiday season! Written by Susan Foster, Solicitor, England & Wales/Admitted in California, CIPP-E (LONDON) Major changes are on the way in Europe that will have a significant impact on companies anywhere in the world that collect or process personal data of residents… Continue Reading
Data Brokers Under Scrutiny
Posted in Legislation, Privacy RegulationThe Senate Commerce Committee released this morning its majority staff report, A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes, on the practices data brokers use to collect and sell personal information of consumers and how those practices affect the privacy of hundreds of millions of Americans. … Continue Reading