On May 4-6, 2022, the California Privacy Protection Agency held via video conference several public pre-rulemaking stakeholder sessions regarding the California Privacy Rights Act.
Continue Reading California Privacy Protection Agency Holds Pre-Rulemaking Stakeholder Sessions
Cybersecurity
Two States Enact Insurance Data Security Laws
In April 2022, Kentucky and Maryland enacted insurance data security legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law MDL-668.
Continue Reading Two States Enact Insurance Data Security Laws
India to Require Cybersecurity Incident Reporting Within Six Hours
On April 28, 2022, India issued new guidance relating to “information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet.”…
Continue Reading India to Require Cybersecurity Incident Reporting Within Six Hours
North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms
On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack. …
Continue Reading North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms
FDA Issues Draft Cybersecurity Guidance for Medical Devices
On April 8, 2022, the Food and Drug Administration issued Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions, a draft guidance document for industry and FDA staff. Industry stakeholders will have until July 7, 2022 to comment on the proposed guidance.
Continue Reading FDA Issues Draft Cybersecurity Guidance for Medical Devices
New Jersey Requires Employers to Notify Employees of the Use of Tracking Devices
On January 18, 2022, New Jersey Governor Phil Murphy signed into law Assembly Bill No. 3950, requiring employers to provide written notice to employees prior to the use of tracking devices in vehicles used by employees. The Act will go into effect on April 18, 2022.
Continue Reading New Jersey Requires Employers to Notify Employees of the Use of Tracking Devices
CPPA Holding Public Pre-Rulemaking Meetings on the CPRA on March 29 and March 30
On March 29 and 30, 2022, the California Privacy Protection Agency will hold public pre-rulemaking informational sessions regarding the California Privacy Rights Act via video conference.
Continue Reading CPPA Holding Public Pre-Rulemaking Meetings on the CPRA on March 29 and March 30
FTC Announces Proposed Settlement with CafePress over Alleged Data Breach Cover Up
On March 15, 2022, the FTC announced a proposed settlement with custom merchandise platform CafePress in connection with the company’s alleged failure to implement reasonable security measures, and its alleged attempt to cover up a 2019 data breach. …
Continue Reading FTC Announces Proposed Settlement with CafePress over Alleged Data Breach Cover Up
Cyber Incident Reporting Language in Omnibus Bill Headed to President Biden’s Desk
On March 11, 2022, the U.S. Senate passed an omnibus spending bill that includes language which would require certain critical infrastructure owners and operators to notify the federal government of cybersecurity incidents in specified circumstances. President Biden has until March 15, 2022, to sign the bill. This blog entry provides a summary of the bill.
Continue Reading Cyber Incident Reporting Language in Omnibus Bill Headed to President Biden’s Desk
SEC Proposes Cybersecurity Rules for Public Companies
On March 9, 2022, the Securities and Exchange Commission held an open meeting and proposed new cybersecurity disclosure rules for public companies by a 3-1 vote. …
Continue Reading SEC Proposes Cybersecurity Rules for Public Companies