DBR ON DATA

Security, Privacy and Information Governance

Author: Anand Raj Shah

Legislative Spotlight: Self-Driving Cars Part 1

Share

The House of Representatives passed H.R. 3388, the “Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution Act” or the “SELF DRIVE Act” last month. The bill would remove regulatory barriers to develop self-driving or autonomous cars by giving the National Highway Traffic Safety Administration (NHSTA) authority to establish federal safety, design, and performance standards for automated cars, excluding commercial vehicles, such as trucks and buses. States would still be responsible for the vehicle registration, driver’s licensing, insurance, and safety and emissions inspections. The bill would also allow states to impose stricter performance requirements than those set by NHTSA.

We have outlined the privacy and cybersecurity provisions of this bill, as well as the NHTSA’s voluntary security standards for self-driving cars.

Continue reading

U.S. Government Restricts the Use of Kaspersky Cybersecurity Software

Share

Earlier this month, the Department of Homeland Security (DHS) issued a binding order restricting the government’s use of cybersecurity software developed by Moscow-based Kaspersky Labs.

Government departments and agencies have 90 days to remove or discontinue use of any Kaspersky Labs software products—but the buck doesn’t stop there. Kaspersky boasts more than 400 million users and 270,000 corporate clients, meaning organizations that provide any services involving federal information systems would be wise to investigate whether they, either directly or indirectly, use Kaspersky products and services. Continue reading

Fact Sheet: NYDFS Cyber Regulations

Share

The New York Department of Financial Services’ Cyber Requirements for Financial Services Companies, 23 NYCRR 500 (“Cyber Regulations”) went into effect on March 1, 2017. The Cyber Regulations are intended to require financial companies to assess their internal cybersecurity risks and develop a cybersecurity program to protect customer information and their IT systems, as well as respond, recover, and report cyber threats. The Cyber Regulations establish a comprehensive set of proactive cybersecurity standards for companies to follow, involving everything from appointing a designated Chief Information Security Officer (CISO) to submitting an annual compliance notice, and conducting penetration testing and vulnerability assessments.

Here is an overview of some key terms, requirements and deadlines under these new regulations.

Continue reading

Executive Orders Require Review of Federal IT and Cybersecurity Resources

Share

The Trump administration has issued two executive orders focusing on national cybersecurity. The first establishes the American Technology Council, tasking it with developing policy around the use of information technology by the federal government and providing insight into how information technology policy is delivered to the president.

The orders include aggressive deadlines for federal agencies to submit reports on the cybersecurity of critical infrastructure entities, which may be difficult to meet.

For more insight, read our detailed review of the executive orders.

Global Ransomware Attack: What Your Organization Needs to Know Now

Share

The WannaCry cyberattack on Friday, May 12, 2017 was the largest international ransomware attack to date.

Victims of the attack range in size—from Fortune 500 to small/medium-sized businesses—and industry—from academic institutions to large banks, health care providers and transportation networks. The U.K.’s health care regulatory agency, the National Health Service (NHS), was a major target. The attack’s devastating scale in exploiting data security vulnerabilities is a good reminder of how critical it is for health care organizations to conduct comprehensive security assessments immediately and regularly.

We took a close look at the WannaCry ransomware incident and have some tips for what organizations need to know to minimize their risk in this article.

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy