On April 21, 2023, the Tennessee legislature voted to enact the Tennessee Information Privacy Act (H.B. 1181).
Continue Reading Tennessee Privacy Law Recognizes CBPR and PRP Certifications
National Institute of Standards and Technology
NIST Releases New Framework for Managing AI and Promoting Trustworthy and Responsible Use and Development
On January 26, 2023, the National Institute of Standards and Technology released the Artificial Intelligence Risk Management Framework, which provides a set of guidelines for organizations that design, develop, deploy or use AI to manage its many risks and promote trustworthy and responsible use and development of AI systems.
Continue Reading NIST Releases New Framework for Managing AI and Promoting Trustworthy and Responsible Use and Development
NHTSA Publishes Final Cybersecurity Best Practices
On September 9, 2022, the National Highway Traffic Safety Administration announced its publication of final Cybersecurity Best Practices for the Safety of Modern Vehicles. …
Continue Reading NHTSA Publishes Final Cybersecurity Best Practices
New California Legislation Adds to Existing Smart Device Labeling Requirements
On September 6, 2022, the California legislature presented Assembly Bill 2392 to Governor Gavin Newsom. AB-2392, which has not yet been signed by Governor Newsom, would allow Internet-connected device manufacturers to satisfy existing device labeling requirements by complying with National Institute of Standards and Technology standards for consumer Internet of Things products.
Continue Reading New California Legislation Adds to Existing Smart Device Labeling Requirements
NIST Publishes New Draft Guidance on HIPAA Security Rule
On July 21, 2022, the National Institute of Standards and Technology released an updated draft of its HIPAA Security Rule guidance. …
Continue Reading NIST Publishes New Draft Guidance on HIPAA Security Rule
DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
On September 22, 2021, Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo released a joint statement on the Department of Homeland Security’s issuance of preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives. The Preliminary Goals identify nine overarching control system cybersecurity performance goals, each containing specific objectives to support the deployment and operation of secure control systems.
Continue Reading DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms
UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect
On October 1, 2021, Connecticut’s two new data security laws went into effect. The new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program.
Continue Reading UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect
NIST Holds a Two-Day Public Workshop on Cybersecurity Labeling Programs for Internet of Things Devices and Software
On September 14 and 15, 2021, the National Institute of Standards and Technology held a public workshop, as part of its effort to create a consumer labeling program to communicate the security capabilities of consumer Internet of Things devices and software development practices, as mandated by the Biden administration’s May 2021 Executive Order on Improving the Nation’s Cybersecurity. …
Continue Reading NIST Holds a Two-Day Public Workshop on Cybersecurity Labeling Programs for Internet of Things Devices and Software
New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021
Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks.
Continue Reading New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021
White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems
On July 28, 2021, President Biden signed a National Security Memorandum that formally establishes an Industrial Control Systems Cybersecurity Initiative and directs the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and the Department of Commerce’s National Institute of Standards and Technology, in collaboration with other agencies, to develop and issue cybersecurity performance goals for critical infrastructure.
Continue Reading White House Issues Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems