Proposed “Cyber Incident Reporting for Critical Infrastructure Act of 2021”
Posted in CybersecurityTag archives: cyber
Posted in CybersecurityAdventures in cyber litigation: Frozen crypto-assets and the role of cyber insurance
Posted in Cybersecurity
For some time, cyber exposure has been at or near the top of every major company’s risk register.… Continue reading
The CNIL publishes new guidelines on cookies and other similar technologies
Posted in Compliance and risk management
On 4 July 2019, the CNIL published new guidelines on cookies and other similar technologies, repealing its 2013 cookie guidance in order to align its position with the GDPR’s new requirements on consent. These guidelines will be supplemented during the first quarter of 2020 by sectoral recommendations aimed at providing practical guidance to stakeholders on … Continue reading
Cyber law firm of the year nomination
Posted in General
We are pleased to report that Norton Rose Fulbright has been shortlisted for cyber law firm of the year at the 2019 Insurance Insider Cyber Rankings Awards.… Continue reading
ICO blog post on AI and solely automated decision-making
Posted in Compliance and risk management
The ICO has published a blog post on the role of “meaningful” human reviews in AI systems to prevent them from being categorised as “solely automated decision-making” under Article 22 of the GDPR. That Article imposes strict conditions on making decisions with legal or similarly significant effects based on personal data where there is no … Continue reading
Pennsylvania Supreme Court holds common law duty for employers extends to protecting sensitive employee information
On November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. … Continue reading
Norton Rose Fulbright – cyber law firm of the year nomination
Posted in General
We are grateful to our clients and industry contacts for nominating us as cyber law firm of the year at the 2018 Insurance Insider Cyber Rankings Awards. The winner will be determined from the results of a wide-ranging survey of insurers and brokers and will be announced on September 21, 2018.… Continue reading
UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK
The UK NIS Regulations (implementing the NIS Directive) come into force in the UK today (10 May 2018). These Regulations have received limited press attention, in part due to the emphasis that has been placed on GDPR implementation. However, the NIS Regulations represent a significant change in the legal environment relating to cybersecurity in the … Continue reading
NIS Directive Published: EU Member States Have Just Under Two Years to Implement
Posted in Regulatory response
The Directive on Security of Network and Information Systems (known as the NIS Directive) was published in the Official Journal of the European Union on July 19, 2016. Member States will have until May 9, 2018 to implement this Directive into national laws and a further six months to identify “operators of essential services.” Summary … Continue reading
Council and European Parliament reach agreement on NIS Directive
Posted in Cybercrime, Regulatory responseOn December 7, 2015, the Council of the European Union (the Council) reached an informal agreement with the European Parliament on a new EU directive on network and information security (NISD). The agreement marks the conclusion of two years of work, since the European Commission (the Commission) and the High Representative of the European Union … Continue reading
NLRB asserts employers must bargain with unions on breach response
The U.S. National Labor Relations Board (NLRB) recently filed complaints against the United States Postal Service (USPS), alleging that the USPS violated the National Labor Relations Act (NLRA) by failing to collectively bargain with its employees’ union regarding the postal service’s response to a 2014 data breach that reportedly affected over 800,000 current and former … Continue reading
Energy cybersecurity – a critical concern for the nation
We have long recognized that effects of cyber-attacks are not limited to the virtual space, and can affect our physical environment. For example, a stolen trade secret may lead to a competitor who copies the design, to lost sales, to lost jobs. However, the relationship between cybersecurity and physical security is far more direct and … Continue reading
White House presses for robust sharing of cyber-threat information
Posted in Compliance and risk management, General
On February 13, 2015, President Obama spoke forcefully on cybersecurity threats at the Cybersecurity and Consumer Protection Summit, and signed an Executive Order designed to encourage the sharing of cyber-threat information through the formation of “hubs” – Information Sharing and Analysis Organizations (ISAOs). The President observed that much of the United States’ critical infrastructure runs … Continue reading
SEC’s cyber preparedness priorities on display in the agency’s cybersecurity examination initiative
Last week, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert that summarized findings from the agency’s examinations of the practices employed by financial service firms to address cybersecurity risks. The focus and results of the OCIE’s evaluation offer firms insight into the types of information security and … Continue reading
Just what the doctor ordered: President outlines national breach law proposal
Leading up to the President’s State of the Union, the White House previewed several potentially sweeping cybersecurity initiatives—including a proposed federal law that would create a single national breach notification standard, entitled the Personal Data Notification & Protection Act (the “Act”). The President argued that the proposed law will benefit consumers and alleviate the confusion … Continue reading
