Collaborate Disseminate
A coalition of state attorneys general have sent a letter to Meta asking them to do more to help users whose accounts have been hacked or taken over. The letter to Meta’s Chief Legal Officer begins: Dear Ms. Newstead: We, the undersigned attorn… Continue reading 41 State Attorneys General tell Meta to do better in preventing and mitigating account takeovers
Three recent data breach disclosures involving patient data all exceeded HIPAA’s 60-day deadline to notify HHS and individuals. Yakima Valley Radiology A breach involving the Washington state radiology service was added to Karakurt’s leak s… Continue reading Three recent breach disclosures remind of us how seldom timely breach notification is enforced under HITECH
David DiMolfetta reports: A new White House directive that gives agencies the legal power to prevent Americans’ sensitive data from falling into the hands of foreign adversaries is getting mixed reviews, with industry executives saying it could risk mu… Continue reading Biden’s new data security order leaves industry officials, privacy advocates scratching their heads
TO THE CONGRESS OF THE UNITED STATES: Pursuant to the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code, I hereby report t… Continue reading Message to the Congress on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern
Jennifer Hennessy and Christopher Taylor of Foley & Lardner write: In an important development for HIPAA-regulated entities looking for practical assistance in understanding, implementing, and enhancing compliance with the HIPAA Security Rule, the … Continue reading NIST Publishes Final “Cybersecurity Resource Guide” on Implementing the HIPAA Security Rule
Hunton Andrews Kurth write: As we pass the two-month anniversary of the effectiveness of the U.S. Securities and Exchange Commission’s (“SEC’s”) Form 8-K cybersecurity reporting rules under new Item 1.05, this blog post provides a high-level summary of… Continue reading An Update on the SEC’s Cybersecurity Reporting Rules
Suzanne Smalley reports: Over the course of the last week, 118 class action lawsuits were filed against data brokers who allegedly failed to respond to requests from about 20,000 New Jersey law enforcement personnel asking to remove their personal info… Continue reading New Jersey law enforcement officers sue 118 data brokers for not removing personal info
Canada’s intent to ban the Flipper Zero wireless tool over car thefts is, on the one hand, an everyday example of poorly researched government action. But it may also be …read more Continue reading Canada Bans Flipper Zero Over What It Imagines It Does
Statement to be submitted by the Electronic Frontier Foundation, accredited under operative paragraph No. 9 of UN General Assembly Resolution 75/282, on behalf of 124 signatories. We, the undersigned, representing a broad spectrum of the global securit… Continue reading Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty
Brandon Vigliarolo reports: Organizations that sell IT services to Uncle Sam are peeved at proposed changes to procurement rules that would require them to allow US government agencies full access to their systems in the event of a security incident. T… Continue reading IT suppliers hacked off with Uncle Sam’s demands in aftermath of cyberattacks