On June 21, 2022, President Biden signed into law, the State and Local Government Cybersecurity Act of 2021 and the Federal Rotational Cyber Workforce Program Act, two bipartisan bills aimed at enhancing the cybersecurity postures of the federal, state and local governments.
Continue Reading President Biden Signs Two Bills Aimed at Enhancing Government Cybersecurity
Cybersecurity
NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches
Posted on
On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events. …
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches
China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities
Posted on
The National Information Security Standardization Technical Committee of China recently issued a draft version of the Cybersecurity Standard Practice Guidelines – Technical Specification on Certification of Personal Information Cross-border Transfer Activities. This blog entry provides a summary of the Guidelines.
Continue Reading China Issues Draft Guidelines on Certification of Personal Information Cross-Border Transfer Activities
Vermont Enacts Insurance Data Security Law
Posted on
On May 27, 2022, Vermont Governor Phil Scott signed H.515, making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law. This blog entry provides a summary of the legislation.
Continue Reading Vermont Enacts Insurance Data Security Law
U.S. Issues Guidance to Companies Warning of Cybersecurity and Sanctions Risks Posed by IT Workers Directed by North Korea
Posted on
Posted in Cybersecurity
On May 16, 2022, the U.S. Department of State, U.S. Department of Treasury, and the Federal Bureau of Investigation issued combined guidance on efforts by North Korean nationals to secure freelance engagements as remote information technology workers by posing as non-North Korea nationals.
Continue Reading U.S. Issues Guidance to Companies Warning of Cybersecurity and Sanctions Risks Posed by IT Workers Directed by North Korea
California Privacy Protection Agency Holds Pre-Rulemaking Stakeholder Sessions
Posted on
On May 4-6, 2022, the California Privacy Protection Agency held via video conference several public pre-rulemaking stakeholder sessions regarding the California Privacy Rights Act.
Continue Reading California Privacy Protection Agency Holds Pre-Rulemaking Stakeholder Sessions
Two States Enact Insurance Data Security Laws
Posted on
In April 2022, Kentucky and Maryland enacted insurance data security legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law MDL-668.
Continue Reading Two States Enact Insurance Data Security Laws
India to Require Cybersecurity Incident Reporting Within Six Hours
Posted on
On April 28, 2022, India issued new guidance relating to “information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet.”…
Continue Reading India to Require Cybersecurity Incident Reporting Within Six Hours
North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms
Posted on
On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack. …
Continue Reading North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms
FDA Issues Draft Cybersecurity Guidance for Medical Devices
Posted on
Posted in Cybersecurity, Health Privacy
On April 8, 2022, the Food and Drug Administration issued Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions, a draft guidance document for industry and FDA staff. Industry stakeholders will have until July 7, 2022 to comment on the proposed guidance.
Continue Reading FDA Issues Draft Cybersecurity Guidance for Medical Devices