DBR ON DATA

Security, Privacy and Information Governance

Category: Security



Page 2 of 9

Data Breach Notification Laws Now Enacted in All 50 States

Share

South Dakota and Alabama are the last of the 50 states to have enacted breach notification laws, along with Washington, D.C., Guam, Puerto Rico and the Virgin Islands. South Dakota became the 49th state to enact a data breach notification law when Governor Dennis Daugaard signed Senate Bill 62 into law on March 21. It goes into effect on July 1, 2018. On March 28, 2018, Alabama Governor Kay Ivey signed into law Alabama Senate Bill 318, effective May 1, 2018. Below are the parameters of these new data breach notification laws.

Continue reading

Attorneys General Call for Congress to Avoid Possible Federal Preemption of State Data Breach and Security Laws

Share

The draft bill, “Data Acquisition and Technology Accountability and Security Act,”  has led  32 state attorneys general to release a letter urging Congress to avoid preempting state data breach and data security laws.

On February 16, 2018, Representatives Blaine Luetkemeyer (R-MO) and Carolyn Maloney (D-NY) introduced the  draft bill in the House of Representatives, which would establish, (i) sweeping standards for data protection across various industries, (ii) federal post-data breach notification requirements, and (iii) establish a process that covered entities must follow to notify law enforcement, regulators, and victims following different types of data breaches.

Continue reading

Social Engineering Fraud and Cyber Insurance – Are You Covered?

Share

Spoofing and phishing are part of what is known as social engineering fraud. Social engineering fraud is typically a type of computer fraud where an employee is misled into believing he or she is communicating with a vendor and is tricked into sending money due that vendor to the fraudster. Many organizations take proactive measures to protect themselves through enhanced IT measures, employee training and the purchase of computer fraud and other types of cyber insurance.

A recent district court action in Washington illustrates how social engineering works and highlights the importance of understanding the limitations of the types of insurance coverages companies may have. The case is currently on appeal before the 9th U.S. Circuit Court of Appeals.

Continue reading

Enforcement Actions Launched by Securities and Exchange Commission – Heightened Scrutiny of Blockchain and Cryptocurrency Companies

Share

A recent flurry of activity by the Securities and Exchange Commission (SEC) in court, and strong talk on the Hill, gives a clear indication that the U.S. regulatory agency is making a significant push to rein in the current wild-west atmosphere of investments in Blockchain and cryptocurrency companies.

In the wake of the DAO Report issued by the SEC in July 2017, the agency released several Investor Alerts to warn the public of the risks associated with investing in initial coin offerings (ICOs), including an alert to warn investors to be careful about advertisements by celebrities promoting ICOs and other Blockchain-related investments. Moreover, the SEC chairman and his counterpart at the Commodity Futures Trading Commission (CFTC) have recently released statements and op-eds and appeared before the U.S. Senate Banking Committee to elevate the awareness of lawmakers and the public of some of these risks.

Continue reading

DOJ Announces Federal Indictment in Massive Cyberfraud Enterprise

Share

The Department of Justice announced the unsealing of a federal indictment charging 36 individuals for their alleged roles in the Infraud Organization, an Internet-based cybercriminal enterprise that is alleged to have engaged in a large-scale cyberfraud.   The indictment alleges that the enterprise caused more than $530 million in actual losses to consumer, businesses, and financial institutions.

Continue reading

NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18

Share

On February 14, 2018, the National Institute of Standards and Technology (NIST) released a draft of its NIST Interagency Report 8200 (NISTIR 8200), which is intended to inform policymakers and standards participants in developing and implementing cybersecurity standards in and for IoT devices and systems.  At a high level, the draft report is intended to:

  • provide a functional description for IoT (Section 4);
  • describe several IoT applications that are representative examples of IoT (Section 5);
  • summarize the cybersecurity core areas and provides examples of relevant standards (Section 6);
  • describe IoT cybersecurity objectives, risks, and threats (Section 7);
  • provide an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
  • map IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).

Continue reading

« Older posts Newer posts »

© 2018 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

Disclaimer/Privacy Policy