On July 27, 2017, the French Data Protection Authority imposed a fine of 40,000 euros on a French affiliate of the rental car company, The Hertz Corporation, for failure to ensure the security of website users’ personal data.
Continue Reading CNIL Fines Rental Car Company for Data Security Failure Attributable to Third-Party Service Provider
Service Provider
New York Publishes FAQs and Key Dates for Cybersecurity Regulation
Earlier this month, the New York State Department of Financial Services published FAQs and key dates for its cybersecurity regulation for financial institutions that became effective on March 1, 2017.
Continue Reading New York Publishes FAQs and Key Dates for Cybersecurity Regulation
New Mexico Enacts Data Breach Notification Law
On April 6, 2017, New Mexico became the 48th state to enact a data breach notification law, leaving Alabama and South Dakota as the two remaining states without such requirements. The Data Breach Notification Act (H.B. 15) goes into effect on July 1, 2017. …
Continue Reading New Mexico Enacts Data Breach Notification Law
President Trump Nullifies FCC Broadband Consumer Privacy Rules
On April 3, 2017, President Trump signed a bill which nullifies the Broadband Consumer Privacy Rules promulgated by the FCC in October 2016 . …
Continue Reading President Trump Nullifies FCC Broadband Consumer Privacy Rules
Webinar Recording Available on the NYDFS Regulations
On March 9, 2017, AllClear ID hosted a webinar with Hunton & Williams partner Lisa J. Sotto on the new cybersecurity regulations from the New York State Department of Financial Services. This blog post provides a link to the recording and presentation materials. …
Continue Reading Webinar Recording Available on the NYDFS Regulations
FTC Study Recommends Wider Implementation of DMARC to Combat Phishing Attacks
On March 3, 2017, the FTC announced the results of a study about online businesses’ use of proper email authentication technology to prevent phishing attacks. …
Continue Reading FTC Study Recommends Wider Implementation of DMARC to Combat Phishing Attacks
FCC Stays Implementation of Data Security Rules
On March 1, 2017, the Federal Communications Commission, under the new leadership of Chairman Ajit Pai, voted 2-1 to issue a temporary stay of the data security obligations of the FCC’s Broadband Consumer Privacy Rules, which were to go into effect March 2, 2017. The temporary stay will remain in place until the FCC is able to act on pending petitions for reconsideration. …
Continue Reading FCC Stays Implementation of Data Security Rules
China Publishes Draft Measures for Security Review of Network Products and Services
On February 4, 2017, the Cyberspace Administration of China published a draft of its proposed Measures for the Security Review of Network Products and Services. Under the Cybersecurity Law of China, if an operator of key information infrastructure purchases network products and services that may affect national security, a security review is required. The draft is open for comment until March 4, 2017.
Continue Reading China Publishes Draft Measures for Security Review of Network Products and Services
House of Representatives Passes Email Privacy Act
On February 6, 2017, the House of Representatives suspended its rules and passed by voice vote H.R 387, the Email Privacy Act. The Email Privacy Act now moves to the Senate, where it will be considered by the Senate Judiciary Committee. …
Continue Reading House of Representatives Passes Email Privacy Act
NERC Releases Draft Standard for Cybersecurity Supply Chain Risk Management
On January 19, 2017, the North American Electric Reliability Corporation released a draft Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management which addresses “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.”…
Continue Reading NERC Releases Draft Standard for Cybersecurity Supply Chain Risk Management