Collaborate Disseminate
Ashden Fein, Micaela McMurrough, Caleb Skeath, Robert Huffman, John Webster Leslie, and Shayan Karbassi of Covington and Burling write: On March 27, 2024, the U.S. Cybersecurity and Infrastructure Security Agency’s (“CISA”) Notice of Proposed Rulemakin… Continue reading CISA Issues Notice of Proposed Rulemaking for Critical Infrastructure Cybersecurity Incident Reporting
Hunton Andrews Kurth writes: On March 19, 2024, Utah’s Governor Spencer J. Cox signed Senate Bill (SB) 98 (the “Bill”), Online Data Security and Privacy Amendments, into law. The Bill amends the Protection of Personal Information Act (§13-44-101 et seq… Continue reading Utah Enacts Amendments to State Breach Notification Law
Hunton Andrews Kurth writes that on March 13, 2024, the Federal Communications Commission’s updates to the FCC data breach notification rules (the “Rules”) went into effect despite legal challenges. The rules were adopted in December 2023 pursuant to a… Continue reading FCC Updated Data Breach Notification Rules Go into Effect Despite Challenges
Josh Hansen and Alfred Saikali of Shook, Hardy & Bacon write: The Florida legislature passed a bill that provides immunity to companies that suffer a data breach. The immunity is conditioned on the company: (1) complying with the notice requirement… Continue reading Florida Legislature Passes Data Breach Immunity Legislation
Attorney General Todd Rokita is filing a lawsuit on behalf of the people of Indiana against Apria Healthcare LLC for a massive data breach that impacted at least 42,000 Hoosiers and 1.8 million people nationwide. Apria is a provider of home healthcare … Continue reading Indiana Attorney General Files Suit Against Apria Healthcare
Hunton Andrews Kurth write: As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of… Continue reading An Update on the SEC’s Cybersecurity Reporting Rules
Alexander Boyd , Colin H. Black of Polsinelli PC write: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal informa… Continue reading Looking Ahead to the FTC’s Implementation of the Data Breach Notification Rule for Nonbanking Financial Institutions
Eduardo Baptista reports: China on Friday proposed a four-tier classification to help it respond to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders. The contingency plan comes am… Continue reading China issues draft contingency plan for data security incidents
Chris Riotta reports: The U.S. Federal Communications Commission voted Wednesday along party lines to update 16-year-old privacy protection rules and expand breach notification requirements as part of an effort to provide law enforcement and the public… Continue reading FCC Approves Major Updates to Data Breach Notification Rules
Naomi Diaz reports: The American Hospital Association said HHS’ plan to levy financial penalties in the event of a cyberattack on a healthcare organization would be counterproductive. In a Dec. 6 statement, the AHA said it is advocating for the H… Continue reading AHA opposes HHS’ plan for cybersecurity fines