Tag archives: cyber

Proposed “Cyber Incident Reporting for Critical Infrastructure Act of 2021”

On August 27, 2021, the U.S. House Homeland Security Committee released a draft bill that would, among other things, establish a Cyber Incident Review Office (CIR Office) within the Cybersecurity and Infrastructure Security Agency (CISA), which is part of the U.S. Department of Homeland Security (DHS), and require critical infrastructure owners and operators to report … Continue reading

The CNIL publishes new guidelines on cookies and other similar technologies

Data Protection Report - digital privacy, CCPA and cybersecurityOn 4 July 2019, the CNIL published new guidelines on cookies and other similar technologies, repealing its 2013 cookie guidance in order to align its position with the GDPR’s new requirements on consent. These guidelines will be supplemented during the first quarter of 2020 by sectoral recommendations aimed at providing practical guidance to stakeholders on … Continue reading

ICO blog post on AI and solely automated decision-making

Data Protection Report - Norton Rose FulbrightThe ICO has published a blog post on the role of “meaningful” human reviews in AI systems to prevent them from being categorised as “solely automated decision-making” under Article 22 of the GDPR. That Article imposes strict conditions on making decisions with legal or similarly significant effects based on personal data where there is no … Continue reading

Pennsylvania Supreme Court holds common law duty for employers extends to protecting sensitive employee information

Data Protection Report - Norton Rose FulbrightOn November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. … Continue reading

UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK

Data Protection Report - Norton Rose FulbrightThe UK NIS Regulations (implementing the NIS Directive) come into force in the UK today (10 May 2018). These Regulations have received limited press attention, in part due to the emphasis that has been placed on GDPR implementation. However, the NIS Regulations represent a significant change in the legal environment relating to cybersecurity in the … Continue reading

NIS Directive Published: EU Member States Have Just Under Two Years to Implement

Data Protection Report - Norton Rose FulbrightThe Directive on Security of Network and Information Systems (known as the NIS Directive) was published in the Official Journal of the European Union on July 19, 2016. Member States will have until May 9, 2018 to implement this Directive into national laws and a further six months to identify “operators of essential services.” Summary … Continue reading

Council and European Parliament reach agreement on NIS Directive

Data Protection Report - Norton Rose FulbrightOn December 7, 2015, the Council of the European Union (the Council) reached an informal agreement with the European Parliament on a new EU directive on network and information security (NISD). The agreement marks the conclusion of two years of work, since the European Commission (the Commission) and the High Representative of the European Union … Continue reading

NLRB asserts employers must bargain with unions on breach response

Data Protection Report - Norton Rose FulbrightThe U.S. National Labor Relations Board (NLRB) recently filed complaints against the United States Postal Service (USPS), alleging that the USPS violated the National Labor Relations Act (NLRA) by failing to collectively bargain with its employees’ union regarding the postal service’s response to a 2014 data breach that reportedly affected over 800,000 current and former … Continue reading

Energy cybersecurity – a critical concern for the nation

Data Protection Report - Norton Rose FulbrightWe have long recognized that effects of cyber-attacks are not limited to the virtual space, and can affect our physical environment. For example, a stolen trade secret may lead to a competitor who copies the design, to lost sales, to lost jobs. However, the relationship between cybersecurity and physical security is far more direct and … Continue reading

White House presses for robust sharing of cyber-threat information

Data Protection Report - Norton Rose FulbrightOn February 13, 2015, President Obama spoke forcefully on cybersecurity threats at the Cybersecurity and Consumer Protection Summit, and signed an Executive Order designed to encourage the sharing of cyber-threat information through the formation of “hubs” – Information Sharing and Analysis Organizations (ISAOs). The President observed that much of the United States’ critical infrastructure runs … Continue reading

SEC’s cyber preparedness priorities on display in the agency’s cybersecurity examination initiative

Data Protection Report - Norton Rose FulbrightLast week, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert that summarized findings from the agency’s examinations of the practices employed by financial service firms to address cybersecurity risks. The focus and results of the OCIE’s evaluation offer firms insight into the types of information security and … Continue reading

Just what the doctor ordered: President outlines national breach law proposal

Data Protection Report - Norton Rose FulbrightLeading up to the President’s State of the Union, the White House previewed several potentially sweeping cybersecurity initiatives—including a proposed federal law that would create a single national breach notification standard, entitled the Personal Data Notification & Protection Act (the “Act”). The President argued that the proposed law will benefit consumers and alleviate the confusion … Continue reading
LexBlog