Growing concern over the risk of cyberattack on our energy infrastructure continues to spur legislative and administrative action. In the last two weeks alone, both chambers of Congress and the Federal Energy Regulatory Commission (FERC) have made advancements with regard to proposals for strengthening the security of the national electric grid.
July 2015
New data security law in Connecticut imposes new requirements on businesses, regulated entities, and state contractors
On June 11, 2015, Connecticut Governor Dannel Malloy signed Senate Bill 949 (“S.B. 949”) into law. This new law imposes a various new requirements relating to data breach response and notification, including imposing a hard 90-day deadline for data breach reporting and requiring that entities regulated by the Connecticut Insurance Department to implement and maintain a “comprehensive information security program” to protect personal information. The various sections of S.B. 949 take effect in stages, with some having taken effect on July 1, 2015, and others becoming effective as late as October 1, 2017.
Russia signs controversial “right to be forgotten” bill into law
Russian President Vladimir Putin has signed into law the “right to be forgotten” legislation, which allows individuals in Russia to demand removal of a search engine’s links to personal information deemed irrelevant or inadequate. The law will go into effect on January 1, 2016.
FCC clarifies TCPA restrictions on robocalls and text messages
On July 10, 2015, the Federal Communications Commission (FCC) released a 105 page omnibus declaratory ruling and order (“Order”) under the Telephone Consumer Protection Act (“TCPA”) that, among other things, permits banks and other financial institutions to call consumers on their wireless telephones using autodialer equipment and pre-recorded messages (“robocalls”) and also send texts without prior written consent in certain limited circumstances. The Order was effective upon its release.
Federal Financial Institutions Examination Council issues Cybersecurity Assessment Tool to evaluate cybersecurity risks and preparedness
On June 30, 2015, the Office of the Comptroller of Currency (“OCC”) announced that the Federal Financial Institutions Examination Council (“FFIEC”) issued a Cybersecurity Assessment Tool that would allow institutions to evaluate their risks and cybersecurity preparedness in OCC Bulletin 2015-31.
China’s proposed Cyber Security Law to have far reaching consequences for businesses operating in the country
On July 6, 2015, China’s top legislative body – the National People’s Congress – published a draft Cyber Security Law that, if enacted in its current form, will have far-reaching consequences for businesses operating in China.
The draft expressly provides that the law will apply equally to both Chinese and international businesses.
Breach notice law in the Netherlands takes effect on 1 January 2016
Today the Royal Decree setting the date of entry into force of the Bill on Notification of data leaks was published. The law will take effect on 1 January 2016 and introduces an obligation on data controllers in the Netherlands…
European Union data protection regime reform: What should businesses be doing now to get ready? – web seminar
On Wednesday, July 29, 2015, Norton Rose Fulbright partners Boris Segalis and Marcus Evans will present a web seminar on European Union (EU) General Data Protection Regulation reform.