Author: Anand Raj Shah (page 1 of 2)

OMB Releases Report on Federal Cybersecurity Risk

Share

This is the first post in a DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.

The White House Office of Management and Budget (OMB) released in May 2018 its report to the president on federal cybersecurity risk determination. The report, which responds to the President’s May 2017 Executive Order 13800, entitled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” comes as several key reports also required by Executive Order 13800 have been recently released in full or in summary form. The Federal Cybersecurity Risk Determination Report and Action Plan concludes that the recent government-wide cybersecurity risk assessment conducted by the OMB, in collaboration with the Department of Homeland Security (DHS), confirms the need for the U.S. government to take “bold approaches” to improve federal cybersecurity.

Continue reading

Sedona Conference Working Group on Data Security and Privacy Liability Releases Draft Incident Response Guide

Share

The Sedona Conference®, a nonprofit research and educational think tank dedicated to the advanced study of law, particularly in information governance, has released its Incident Response Guide , open for public comment through June 19, 2018.  Drafted by Working Group on Data Security and Privacy Liability (WG11), the guide is meant to serve as a practical resource for practitioners dealing with the legal, technical, and policy issues related to data-related incidents – from distributed denial-of-service to ransomware attacks.

Continue reading

FTC Announces Expanded Settlement with Uber

Share

The FTC withdrew its August 2017 administrative complaint and proposed consent agreement with Uber Technologies, Inc. (Uber) and issued a revised complaint against Uber Technologies, Inc. Uber has accepted a revised proposed consent agreement which will be subject to public comment for 30 days.

Continue reading

Legislative Spotlight: Self-Driving Cars Part 1

Share

The House of Representatives passed H.R. 3388, the “Safely Ensuring Lives Future Deployment and Research in Vehicle Evolution Act” or the “SELF DRIVE Act” last month. The bill would remove regulatory barriers to develop self-driving or autonomous cars by giving the National Highway Traffic Safety Administration (NHSTA) authority to establish federal safety, design, and performance standards for automated cars, excluding commercial vehicles, such as trucks and buses. States would still be responsible for the vehicle registration, driver’s licensing, insurance, and safety and emissions inspections. The bill would also allow states to impose stricter performance requirements than those set by NHTSA.

We have outlined the privacy and cybersecurity provisions of this bill, as well as the NHTSA’s voluntary security standards for self-driving cars.

Continue reading

U.S. Government Restricts the Use of Kaspersky Cybersecurity Software

Share

Earlier this month, the Department of Homeland Security (DHS) issued a binding order restricting the government’s use of cybersecurity software developed by Moscow-based Kaspersky Labs.

Government departments and agencies have 90 days to remove or discontinue use of any Kaspersky Labs software products—but the buck doesn’t stop there. Kaspersky boasts more than 400 million users and 270,000 corporate clients, meaning organizations that provide any services involving federal information systems would be wise to investigate whether they, either directly or indirectly, use Kaspersky products and services. Continue reading

Fact Sheet: NYDFS Cyber Regulations

Share

The New York Department of Financial Services’ Cyber Requirements for Financial Services Companies, 23 NYCRR 500 (“Cyber Regulations”) went into effect on March 1, 2017. The Cyber Regulations are intended to require financial companies to assess their internal cybersecurity risks and develop a cybersecurity program to protect customer information and their IT systems, as well as respond, recover, and report cyber threats. The Cyber Regulations establish a comprehensive set of proactive cybersecurity standards for companies to follow, involving everything from appointing a designated Chief Information Security Officer (CISO) to submitting an annual compliance notice, and conducting penetration testing and vulnerability assessments.

Here is an overview of some key terms, requirements and deadlines under these new regulations.

Continue reading

Older posts

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy