Password Protected

Data Privacy & Security News and Trends

CA IoT Cybersecurity Bill Heads To Governor’s Desk The bill (SB-327), if signed by Gov. Brown, will take effect on January 1, 2020. It is aimed at securing connected devices. The bill states that, “a manufacturer of a connected device shall equip the device with a reasonable security feature or features.” House Approves Financial Sector Data Breach Bill On Sept. 13 the House Financial Services Committee approved bill (H.R. 6743) to…
NIST has published Special Publication (SP) 1800-5, “IT Asset Management” to help financial service companies monitor and manage IT assets.  According to the release: “The example solution…gives companies the ability to track, manage, and report on information assets throughout their entire life cycle. This can ultimately increase cybersecurity resilience by enhancing the visibility of assets, identifying vulnerable assets, enabling faster response to security alerts, revealing which applications are actually being used, and reducing help desk…
The convergence of the General Data Protection Regulation and the investigation into Russian interference in the 2016 election has created a perfect privacy storm. Social media platforms’ complacency on this front, and the resulting public backlash, have further amplified the pressure on legislatures to react.  Although state legislatures have been quick to do so (most notably California, which passed a sweeping new privacy law in June), Congress has not. Recently, Senator Mark Warner (D-VA) issued…
CTIA, a trade association representing the wireless communications industry, recently announced a new cybersecurity certification program for IoT cellular-connected devices. The announcement comes shortly after NIST hosted a workshop in July regarding Considerations for Managing IoT Cybersecurity and Privacy Risks. CTIA states, “[t]he program will protect consumers and wireless infrastructure, while creating a more secure foundation for smart cities, connected cars, mHealth and other IoT applications.” Tom Sawanobori, SVP and Chief Technology Officer at CTIA…
On August 14, 2018, President Trump signed into law S. 770, the “NIST Small Business Cybersecurity Act.”  This Act requires the National Institute of Standards and Technology (NIST) to develop and disseminate resources for small businesses to help reduce their cybersecurity risks. The Act states that the resources should be: “Generally applicable and usable by a wide range of small business concerns; Vary with the nature and size of the implementing small business concern, and…
The eighteen month transitional period under the New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies expires on September 4, 2018. These requirements apply to entities, “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.”  In less than a month, these Covered Entities subject to Part 500 are required to be…
The U.S. Treasury recently released a report identifying improvements that would support nonbank financial institutions but also embrace innovation and technology.  Among other things, the report recommends the creation of a national data breach notification standard and the development of effective national and international Fintech policies, including Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) efforts. In addition to the aforementioned, the report outlines roughly 80 suggestions meant to: • “Embrace the efficient and responsible use of…
This post originally appeared in our sister publication, Insurance Recovery Blog. For the second time in ten days, a federal appeals court ruled a crime insurance policy provides coverage for losses arising from a business email compromise. In American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America, No. 17-2014, 2018 WL 3404708 (Sixth Circuit July 13, 2018), the Sixth Circuit held that Travelers was obligated to provide coverage for a…
Personal information has become the prey of relentless poachers. In light of the influx of data breaches, state legislatures are taking action.  Not surprisingly, now every state has enacted data breach notification laws, which are triggered when personal information is breached.  Read below for a summary of relevant state legislation recently adopted or laws recently amended that pertaining to data breach notification. Arizona Arizona amended its data breach notification law, effective July 21, 2018.…
On August 1, 2018, NIST will withdraw eleven SP 800 publications that are considered out of date.  These publications will not be revised.  According to NIST the following publications will be withdrawn: SP 800-13 (October 1995), Telecommunications Security Guidelines for Telecommunications Management Network SP 800-17 (February 1998), Modes of Operation Validation System (MOVS): Requirements and Procedures SP 800-19 (October 1999), Mobile Agent Security SP 800-23 (August 2000), Guidelines to Federal Organizations on Security Assurance and…