Codification of the NISPOM and replacement of JPAS Two significant changes are underway by the Defense Counterintelligence and Security Agency (DCSA) – both of which require the immediate attention of businesses that hold a U.S. security clearance or are in the process of application for a clearance. The first change is the codification of the National Industrial Security Program Operating Manual (NISPOM). As background, the NISPOM has been the key guidance for protecting classified and…

This is the seventh alert in a series of Bradley installments on privacy and cybersecurity developments arising from the COVID-19 pandemic. Click to read the first, second, third, fourth, fifth, and sixth installments. Sen. Mark Warner (D-Va.) has re-introduced a bill to create the Public Health Emergency Privacy Act (PHEPA). First introduced in May 2020, the bill died in committee. This time, Warner is joined by 11 cosponsors in the…

The days of only seeing biometric techniques in spy films are well behind us. A simple thumbprint can open a phone. Systems like Alexa can recognize your voice and play your favorite music. Some banks even allow customers to make payments by using voice command and fingerprint recognition. In 2008, Illinois became the first state to enact a comprehensive law concerning biometric information.  The Illinois Biometric Information Privacy Act regulates the collection, use, safeguarding, handling,…

The New York Department of Financial Services (DFS) has issued a Cyber Insurance Risk Framework (the “Framework”) of best practices for carriers. The first of its kind, the Framework tells carriers to establish formal strategies for measuring and managing cyber risks. It applies to all insurance carriers — not only those who write cyber policies, but also those who may be exposed to silent cyber risks — referring to potential cyber-related losses under…

Many relief programs have been implemented over the past year in response to COVID-19, and keeping up with the changing requirements for these programs can be daunting. A new twist in the requirements is the mandate for implementation of privacy requirements under the Emergency Rental Assistance Program. Here are some details about the Emergency Rental Assistance Program, and how to ensure compliance with the privacy requirements. What is the Emergency Rental Assistance Program? On December…

Aspiring college students spend enormous amounts of time trying to unlock the magic formula that leads to those magic words: Congratulations, you’ve been accepted! But, for many students, the focus on admissions does not stop once they matriculate. Starting in 2015, schools such as Harvard, Yale, Penn, and Stanford saw a dramatic uptick in students requesting to view their admissions records under the Family Educational Rights and Privacy Act (FERPA). Pursuant to FERPA, a student…

Virginia is primed to become the next U.S. state to pass comprehensive data-privacy legislation with striking similarities to the California Consumers Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and the E.U.’s General Data Protection Regulation (GDPR). The legislation, known as the Consumer Data Protection Act, passed the Virginia House of Delegates on January 29 by a vote of 89-9. On February 3, the Virginia Senate unanimously approved an identical bill 39-0. All that…