California v. Congress: Data Protection Law Showdown

When it comes to data protection laws, the United States has long lagged behind Europe, whose  General Data Protection Regulation (GDPR) came into effect in 2018 as the gold standard in data protection.  Also, in 2018, California passed the California Privacy Protection Act, further expanding it to the California Privacy Rights Act (CPRA) in 2020. […]

The post California v. Congress: Data Protection Law Showdown appeared first on Security Intelligence.

Continue reading California v. Congress: Data Protection Law Showdown

What CISOs Should Know About CIRCIA Incident Reporting

In March of 2022, a new federal law was adopted: the Cyber Incident Reporting Critical Infrastructure Act (CIRCIA). This new legislation focuses on reporting requirements related to cybersecurity incidents and ransomware payments. The key takeaway: covered entities in critical infrastructure will now be required to report incidents and payments within specified time frames to the […]

The post What CISOs Should Know About CIRCIA Incident Reporting appeared first on Security Intelligence.

Continue reading What CISOs Should Know About CIRCIA Incident Reporting

Who Is Legally Responsible for a Cyber Incident?

After a company discovers a cyber attack on its network, the finger-pointing begins. The CEO blames the chief information security officer (CISO). The CISO blames the financial officers for not setting aside enough money for cyber defenses. The chief information officer begins to look for a scapegoat further down the supply chain. Maybe they fire […]

The post Who Is Legally Responsible for a Cyber Incident? appeared first on Security Intelligence.

Continue reading Who Is Legally Responsible for a Cyber Incident?

3 strategies for addressing sensitive legal cybersecurity issues

Three years after enacting one of the most exacting cybersecurity regulations in the United States, the New York State Department of Financial Services (NYDFS) recently filed its first cybersecurity enforcement action. This enforcement action shows the importance of mitigating legal risks when addressing cybersecurity risks. NYDFS alleged that First American Financial, one of the country’s largest providers of title insurance, failed to properly address a known security vulnerability on its website that allowed millions of documents containing consumers’ nonpublic information to be exposed. After the vulnerability surfaced in a penetration test, First American misclassified the vulnerability as “low,” failed to investigate the vulnerability in the timeframe set by the company’s cybersecurity policy, the scope of documents that were exposed, and heed the recommendations of its in-house cybersecurity team. The timing of the NYDFS’s inaugural enforcement action shows that cybersecurity remains a key priority for government agencies, even during the COVID-19 […]

The post 3 strategies for addressing sensitive legal cybersecurity issues appeared first on CyberScoop.

Continue reading 3 strategies for addressing sensitive legal cybersecurity issues

Kaspersky Lab appeals to court of public opinion with ‘unbiased’ assessment of Russian law

The legal battle between Russian antivirus maker Kaspersky Lab and the U.S. government has quieted, but the court of public opinion is still open for arguments. Countering U.S. officials and critics who say otherwise, Kaspersky Lab on Tuesday released an analysis arguing that, under Russian law, the company would not be subject to certain demands from authorities for data. The analysis, done by Swedish law professor Kaj Hober, contends that Kaspersky Lab does not meet the Russian legal definition of an organization that disseminates information on the internet. Under Russian law, such organizations are required to grant authorities’ requests for metadata. Hober also contended that because Kaspersky Lab does not make software for the purpose of “receiving, transmitting, delivering or processing electronic messages” between internet users, the company would not be obligated to build technical features into products at the requests of Russian authorities. Kaspersky Lab had asked Hober to […]

The post Kaspersky Lab appeals to court of public opinion with ‘unbiased’ assessment of Russian law appeared first on CyberScoop.

Continue reading Kaspersky Lab appeals to court of public opinion with ‘unbiased’ assessment of Russian law

Facebook Accused of Violating Vietnam’s Cyber Law

Vietnam’s controversial cybersecurity law that tightens government control of the online environment just came into effect on Jan. 1 and it’s already claiming its first victim, writes the Financial Times. On Tuesday, the communist country a… Continue reading Facebook Accused of Violating Vietnam’s Cyber Law

Why tech companies wanted Senate Bill 315 vetoed

Georgia Senate Bill 315 aimed to make all unauthorized access to computers illegal—sounds good, right? Read why provisions in its fine print made tech and security companies more than uncomfortable.
Categories:

101
FYI

Tags: cybersecurity… Continue reading Why tech companies wanted Senate Bill 315 vetoed

China’s new law calls on private industry to hand over valuable cyber threat data

The new year marked the beginning of yet another Chinese cybersecurity law that could have a big impact on U.S.-based technology companies. Known as the “Public Internet Cybersecurity Threat Monitoring and Mitigation Measures,” the rules call on private companies conducting business in China to report and hand over cyberthreat information to the government’s Ministry of Industry and Information Technology (MIIT). China founded the MIIT in 2008 in order to regulate the country’s burgeoning information technology industry. The law instructs companies to turn over information regarding both cyberattacks they’ve faced and also any “cyber threat intelligence” they own. Cyber threat intelligence is typically collected by cybersecurity firms and software giants like Microsoft and used to strengthen security operations. The regulation states: “after cybersecurity threats are discovered by relevant professional organizations, basic telecommunication enterprises, cybersecurity enterprises, Internet companies, domain name registration management and service organs … information shall be submitted to MIIT, provincial, autonomous […]

The post China’s new law calls on private industry to hand over valuable cyber threat data appeared first on Cyberscoop.

Continue reading China’s new law calls on private industry to hand over valuable cyber threat data