Archives: Cybersecurity

“Cyber Shield Act” Calling for IoT Device Certification Reintroduced in Congress

By Micaela McMurrough and Jayne Ponder on March 26, 2021 Posted in Congress, Cybersecurity

Sen. Ed Markey (D-MA) and Rep. Ted Lieu (D-CA-33) reintroduced the Cyber Shield Act on March 24, 2021. The proposed legislation is not new to Congress; Sen. Markey and Rep. Lieu previously introduced the Cyber Shield Act in both 2017 and 2019. However, the bill never made it to a vote in either the House … Continue Reading

EDPB Publishes Draft Guidelines on Data Breach Notification Examples

By Mark Young, Lars Lensdorf and Nicholas Shepherd on February 1, 2021 Posted in Cybersecurity, Data Breaches, Data Privacy, EU Data Protection, European Union, GDPR, Privacy and Data Security

On January 18, 2021, the European Data Protection Board (“EDPB”) published its draft Guidelines 01/2021 on Examples regarding Data Breach Notification (“Guidelines”) (available here). The Guidelines aim to assist data controllers in responding to and assessing the risk of personal data breaches, providing “practice-oriented, case-based guidance” which draws from the experiences of European supervisory authorities … Continue Reading

German Federal Government Passes Draft Law Amending Germany’s Information Technology Laws

By Moritz Hüsch and Anna Oberschelp de Meneses on January 15, 2021 Posted in Cybersecurity, Cybersecurity

On December 16, 2020, the German Federal Government passed a draft law that substantially amends some of Germany’s information technology laws (“IT laws”). These amendments aim to adapt the current legal framework to the increasing digitalization of products and services, the proliferation of IoT products, and the appearance of new cybersecurity threats. The draft law … Continue Reading

Proposed New EU Cyber Rules Introduce More Onerous Requirements and Extend to More Sectors

By Mark Young, Paul Maynard and Marianna Drake on January 15, 2021 Posted in Cybersecurity

In addition to releasing the new EU Cybersecurity Strategy before the holidays (see our post here), the Commission published a revised Directive on measures for high common level of cybersecurity across the Union (“NIS2”) and a Directive on the resilience of critical entities (“Critical Entities Resilience Directive”). In this blog post, we summarize key points … Continue Reading

Four Key Cyber Takeaways from The CPRA

By Alexandra Scott and Lindsey Tonsager on January 5, 2021 Posted in California Privacy Rights Act, Cybersecurity, Cybersecurity, Data, Data Security, State Legislatures

Last year, Californians passed proposition 24, also known as the California Privacy Rights Act (“CPRA”). That law makes several changes to the California Consumer Privacy Act (“CCPA”), including some that relate to an organization’s cybersecurity practices.… Continue Reading

The EU’s Cybersecurity Strategy for the Next Decade

By Kristof Van Quathem and Anna Oberschelp de Meneses on December 23, 2020 Posted in Cybersecurity, Cybersecurity, European Union

On December 16, 2020, the European Commission released the EU’s cybersecurity strategy for the next decade (see press release here and report here).… Continue Reading

The European Union Agency for Cybersecurity Publishes a Draft Certification Scheme for Cloud Services

By Kristof Van Quathem and Anna Oberschelp de Meneses on December 23, 2020 Posted in Cybersecurity, Cybersecurity

On December 22, 2020, the European Union Agency for Cybersecurity (“ENISA”) published a draft scheme for cloud services (see press release here and scheme here). Cloud services that meet the security requirements of the scheme will be able to obtain a certification attesting their level of cybersecurity. The draft scheme is available for public consultation … Continue Reading