Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds

Others contend that loosening things up could have dangerous consequences, and the administration should go the opposite direction.

The post Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds appeared first on CyberScoop.

Continue reading Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds

Banks must report major cyber incidents within 36 hours under finalized regulation

Banks must report major cybersecurity incidents to federal officials within 36 hours under a rule that U.S. financial regulators finalized on Thursday. Beginning in May 2022, financial executives will need to be more forthcoming about computer system failures and interruptions, such as ransomware or denial-of-service attacks that have the potential to disrupt customers’ ability to access their accounts, or impact the larger financial system. The rule, dubbed the Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, was cemented by the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation. There is currently no specific window that banks must repot such incident to the agencies in question. The final approval comes as Congress weighs broader reporting rules for critical infrastructure owners and operators, and as the Transportation Security Administration has begun imposing reporting requirements on […]

The post Banks must report major cyber incidents within 36 hours under finalized regulation appeared first on CyberScoop.

Continue reading Banks must report major cyber incidents within 36 hours under finalized regulation

Breach notification window, accountability are focus of coming fight on cyber legislation in Congress

Battle lines are drawn in Congress over legislation that would require companies to report some cyber incidents to the federal government, with industry groups lining up to support a House of Representatives bill poised to create fewer challenges for business leaders than a similar proposal in the Senate. The debate involves questions about how quickly companies would have to report attacks, what kinds of specific intrusions would trigger notification and whether failure to comply with the rules would lead to financial penalties. The idea of breach notification legislation gained momentum following last year’s discovery of the SolarWinds hack that compromised nine federal agencies and some 100 companies, as well as the Colonial Pipeline ransomware attack in May. At issue are such questions as whether companies have 24 or 72 hours to report an incident, along with who would be on the hook outside of critical infrastructure owners and operators, if […]

The post Breach notification window, accountability are focus of coming fight on cyber legislation in Congress appeared first on CyberScoop.

Continue reading Breach notification window, accountability are focus of coming fight on cyber legislation in Congress