Effective November 2, 2018, a new Ohio breach law will provide covered entities a legal safe harbor in certain data breach-related claims brought in an Ohio court or under Ohio law if, at the time of the breach, the entity maintains and complies with a cybersecurity program that (1) contains administrative, technical, and physical safeguards for the protection of personal information, and (2) reasonably conforms to one of the “industry-recognized” cybersecurity frameworks enumerated in the law.
Continue Reading

On November 1, 2018, Senator Ron Wyden released a draft bill, the Consumer Data Protection Act, that seeks to “empower consumers to control their personal information.” The draft bill imposes heavy penalties on organizations and their executives, and for certain thresholds would require senior company executives to file annual data reports with the Federal Trade Commission.
Continue Reading

At its October monthly meeting, the Federal Energy Regulatory Commission adopted new reliability standards addressing cybersecurity risks associated with the global supply chain for Bulk Electric System Cyber Systems. The new standards expand the scope of the mandatory and enforceable cybersecurity standards applicable to the electric utility sector.
Continue Reading

As reported on the Insurance Recovery Blog, Hunton Andrews Kurth insurance practice head, Walter Andrews, recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach.
Continue Reading

The U.S. Department of Commerce’s National Institute of Standards and Technology recently announced that it is seeking public comment on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The document is to be the first in a planned series of publications that will examine specific aspects of the IoT topic.
Continue Reading

On September 30, 2018, the U.S., Mexico and Canada announced a new trade agreement aimed at replacing the North American Free Trade Agreement. Notably, the USMCA’s chapter on digital trade recognizes “the economic and social benefits of protecting the personal information of users of digital trade” and will require the U.S., Canada and Mexico to each “adopt or maintain a legal framework that provides for the protection of the personal information of the users.” In adopting such a framework, the USMCA directs the Parties to consider the principles and guidelines of relevant international bodies, and formally recognizes the APEC Cross-Border Privacy Rules as “a valid mechanism to facilitate cross-border information transfers while protecting personal information.”
Continue Reading