Privacy & Data Security

New Executive Order on Cybersecurity Promises Major Changes Ahead for Government Contractors … and Beyond

May 14, 2021

On May 12, 2021, President Biden signed a landmark Executive Order to improve and modernize the federal government’s cybersecurity infrastructure. The Executive Order comes in the wake of numerous cyber incidents targeting the United States, including the so-called SolarWinds, Microsoft Exchange, and Colonial Pipeline incidents. The Executive Order will directly affect government contractors, including companies that sell software to the government or provide IT services. More broadly, but less directly, the Executive Order is likely…

Petronella Technology Blog

Colonial Pipeline Pays $5M Ransom to Hacker Group

By Craig Petronella

May 14, 2021

If this isn’t a cautionary tale about the importance of cybersecurity, then we aren’t sure what is. It was reported that Colonial Pipeline, who was the victim of DarkSide, a new-ish Russian ransomware group, paid the $5 million dollar ransom on Friday, the day before they shut down their 5,500-mile pipeline. Paying a ransom, while not illegal, is generally recommended against by the FBI because paying the ransom just encourages the groups to target more…

Inside Privacy

Senators Markey and Cassidy Introduce Bill to Update the Children’s Online Privacy Protection Act

By Lindsey Tonsager, Sarah Guerrero & Danielle Kehl

May 14, 2021

This week, Senators Ed Markey (D-Mass.) and Bill Cassidy (R-La.) introduced the Children and Teens’ Online Privacy Protection Act, which would update the Children’s Online Privacy Protection Act (COPPA). COPPA is the comprehensive federal children’s privacy law enacted in 1998 that regulates the collection, use, and disclosure of personal information online from children under 13.…

Trade Secrets Trends

The Emerging Role of Trade Secrets in Life Sciences

By Julia Milewski

May 14, 2021

Changing Patent Protections U.S. and foreign patent systems have suffered legislative and judicial reverses as to subject matter eligibility for patenting, a rising bar of obviousness due to increasing skill of the art, insights aided by artificial intelligence (AI) tools, procedural artifacts for no-risk post grant invalidation by granting agencies, and awakening of once dormant antitrust and public policy limits. Although patents must be pursued when copying is inevitable, trade secrets can provide an important…

Eye On Privacy

NIST Plans to Update HIPAA Security Guidance – Asks for Comments

By Julia Kadish, Susan Ingargiola & Ariana Stobaugh

May 14, 2021

Recently, the National Institute of Standards and Technology (NIST) requested comments to its Resource Guide for implementing the HIPAA Security Rule. (i.e., SP 800-66). This Guide, first released in 2008, summarizes the HIPAA Security Rule standards and explains the structure and organization of the Security Rule.…

Taft Privacy & Data Security Insights

Strengthening U.S. Cyber Security – New Executive Order

By Scot Ganow

May 14, 2021

In response to recommendations contained in the Solarium Commission report and the Solar Winds cybersecurity incident, President Biden issued an Executive Order on May 12, 2021, outlining new requirements for information technology providers that do business with the federal government. The purpose of the requirements are to protect federal networks from malicious cyber-attacks and to improve information-sharing between the U.S. government and the private sector on cyber issues, thereby strengthening the United States’ ability to…

RopesDataPhiles

EU Proposals May Limit the Use of Artificial Intelligence

By Clare Sellars

May 14, 2021

https-www-ropesdataphiles-com-wp-content-uploads-sites-36-2020-05-other_biometrics_ss_1504768037-jpg

The European Commission (EC) may be set to propose extensive new legislation – potentially later this week – which, among other things, would ban the use of facial recognition technology for surveillance purposes and the use of algorithms that influence human behavior, according to recently leaked draft documents. The proposals would also introduce new rules regarding high-risk artificial intelligence (AI). Although the use of AI systems is regarded as beneficial in many areas of society,…

Online & On Point

Executive Order on Cybersecurity Sets Aggressive Timeline

By Andrew Tuggle, David Vance Lucas & Sarah Sutton Osborne

May 14, 2021

https-onlineandonpoint-babc-blogs-com-wp-content-uploads-sites-40-2021-05-gettyimages-1135771498-320x180-jpg

The Colonial Pipeline cyberattack prompted the issuance of a long-awaited executive order (EO) on improving U.S. cybersecurity. The EO mandates that, within six months, all federal agencies implement multi-factor authentication (MFA) and both at-rest and in-transit encryption. It also calls for agencies to comprehensively log, share, and analyze information about cyber incidents and creates a Cyber Safety Review Board to that end. The EO sets deadlines for agencies to write guidelines for securing software and…

Privacy, Cybersecurity & Technology Law Perspectives

Employee charged with COVID relief fraud? Questions for GCs

By Byron J. McLain & Hawwi W. Edao

May 14, 2021

The United States Department of Justice (DOJ) already has publicly charged almost 500 defendants with criminal offenses based on fraud schemes connected to the COVID-19 pandemic. Unfortunately, these prosecutions can have unintended consequences on unsuspecting businesses, as many of these accused individuals actually work as employees for uninvolved companies. As employees, they may have utilized their access to confidential employee or client information at work to create the allegedly fraudulent business applications to the…

Data Privacy Dish

Is an outsourced call center a processor or controller under the GDPR?

By David A. Zetoony

May 14, 2021

Data Management Technology and Big Data as Art

A controller refers to the entity that determines the “purpose and means” of how personal data will be processed. Determining the “purpose” of processing refers to deciding why information will be processed. Determining the “means” of processing refers to deciding how information will be processed.1 That does not necessarily mean, however, that a controller needs to make every decision about how processing will occur. The European Data Protection Board (EDPB) distinguishes between “essential means”…

Privacy & Data Security

New Executive Order on Cybersecurity Promises Major Changes Ahead for Government Contractors … and Beyond

Colonial Pipeline Pays $5M Ransom to Hacker Group

Senators Markey and Cassidy Introduce Bill to Update the Children’s Online Privacy Protection Act

The Emerging Role of Trade Secrets in Life Sciences

NIST Plans to Update HIPAA Security Guidance – Asks for Comments

Strengthening U.S. Cyber Security – New Executive Order

EU Proposals May Limit the Use of Artificial Intelligence

Executive Order on Cybersecurity Sets Aggressive Timeline

Employee charged with COVID relief fraud? Questions for GCs

Is an outsourced call center a processor or controller under the GDPR?

Privacy & Data Security Blogs

Stay Connected

Company

Products

Support

New to the Network