In a new post on the Covington Digital Health blog, our colleagues discuss a new European Cloud in Health Advisory Council whitepaper calling for a review of European healthcare data protection rules holding back greater adoption of cloud computing and AI; and for more discussion about the ethics and governance of re-use of patient data for research and planning. To read … Continue Reading
Representative Marsha Blackburn (R-TN) has introduced a bill, the “Balancing the Rights of Web Surfers Equally and Responsibly Act of 2017” (“BROWSER Act,” H.R. 2520) that would create new online privacy requirements. The BROWSER Act would require both ISPs and edge providers (essentially any service provided over the Internet) to provide users with notice of … Continue Reading
Last week, New Mexico and Tennessee both passed legislation updating each state’s requirements for notifying residents following a data breach. New Mexico’s new law, H.B. 15, makes it the 48th U.S. state to enact a state data breach notification law, leaving Alabama and South Dakota as the only states that have not enacted similar laws. … Continue Reading
On April 11, 2017, the Cyberspace Administration of China (“CAC”) released a draft of the Measures on Security Assessment of Cross-border Data Transfer of Personal Information and Important Data (“the Draft Measures”) for public comment (official Chinese version available here). The comment period ends on May 11, 2017. The issuance of the long-anticipated Draft Measures … Continue Reading
By Stephen Kiehl Continuing their focus on drone privacy issues, Senator Edward J. Markey (D-Mass.) and Rep. Peter Welch (D-Vt.) introduced legislation in the House and Senate this month that would require drone operators to create policies covering data collection and retention and require warrants for law enforcement agencies to conduct surveillance by drone. The … Continue Reading
Senators Ed Markey (D-MA) and Richard Blumenthal (D-CT) reintroduced a pair of bills today relating to the cybersecurity of cars and aircraft, which would impose affirmative security, disclosure, and consent requirements on manufacturers and air carriers. The Security and Privacy in Your Car (“SPY Car”) Act and Cybersecurity Standards for Aircraft to Improve Resilience (“Cyber … Continue Reading
On March 2nd, Democratic members of the House Energy and Commerce Committee introduced three pieces of legislation that would expand the Federal Communications Commission’s (FCC) authority over the cybersecurity practices of communications network providers. The first bill, the “Securing IoT Act of 2017” (introduced by Rep. Jerry McNerney (D-CA)), would expand the FCC’s certification authority … Continue Reading
Yesterday, the Department of Homeland Security (“DHS”) and Department of Justice released final guidance as required by Title I of the Cybersecurity Act of 2015 (“CISA”), which was enacted into law this past December. The guidance was prepared in consultation with several additional federal agencies, and includes four separate documents. We summarize each of the … Continue Reading
Last week, Tennessee Governor Bill Haslam (R) signed S.B. 2005 into law, amending Tennessee’s breach notification law to broaden the scope of information covered and require quicker notifications of the state’s residents. Most notably, when the amendments enter into force on July 1, 2016, Tennessee will become the only U.S. state that could require notification … Continue Reading
By Monika Kuschewsky Today, a German law to strengthen the private enforcement of certain data protection provisions that aim to protect consumers (the Law) entered in to force, following its publication in the Official Journal yesterday. We previously reported on the draft law here. The Law empowers certain qualified associations to seek injunctive relief against companies … Continue Reading
By Hannah Lepow Maryland is poised to become the second state in the country to ban businesses from contractually prohibiting customers from posting bad reviews online. The Nondisparagement Clauses in Consumer Contracts bill passed the state House on February 19 by an overwhelming majority and now goes on to the state Senate. Maryland’s law substantially … Continue Reading
On December 17, 2015, Senators Reed (D-RI) and Collins (R-ME) introduced the Cybersecurity Disclosure Act of 2015 (S. 2410), which has been referred to the Committee on Banking, Housing, and Urban Affairs. According to the press release accompanying the bill, it “seeks to strengthen and prioritize cybersecurity at publicly traded companies by encouraging the disclosure … Continue Reading
According to a recent analysis by the Congressional Research Service (“CRS”), the extent of state law preemption in recent federal legislative proposals relating to data security is unclear. Several bills introduced in the 114th Congress would impose federal data security or breach notification requirements on covered entities, similar to existing requirements in nearly every state. … Continue Reading
The Cybersecurity Act of 2015 (the “Act”) was passed by Congress today as part of the 2016 omnibus spending package. The Act is very similar to the Cybersecurity Information Sharing Act (“CISA,” S. 754), which passed the Senate on October 27 and was the subject of our previous analysis, although there are some important differences … Continue Reading
Senators Feinstein (D-CA) and Burr (R-NC) introduced legislation today that would impose reporting duties on entities that “obtain[] actual knowledge of any terrorist activity.” The bill applies to entities “engaged in providing an electronic communication service or a remote computing service to the public,” which includes social media companies. Those entities are required to report … Continue Reading
As we reported on October 27, the U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754). If enacted into law, CISA would, among other things, establish a voluntary framework for the sharing of cybersecurity threat information between and among the federal government and private entities. CISA must now be reconciled with two similar … Continue Reading
The U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754) today. In material part, the bill: establishes a voluntary framework for real-time information sharing of “cyber threat indicators” and “defensive measures” between private organizations (defined to also include state and local governments) and the federal government; with respect to information sharing among private … Continue Reading
Last Friday, Fiat Chrysler announced the recall of 1.4 million vehicles to fix security vulnerabilities, further highlighting the importance of properly addressing cybersecurity issues created by the use of connected devices. The recall follows an article published last Tuesday by Wired magazine which described methods used by security researchers to remotely access a Jeep Cherokee, … Continue Reading
Yesterday the U.S. House of Representatives passed the National Cybersecurity Protection Advancement Act (NCPAA), a bill that would provide liability protections for companies sharing cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC). A related bill, the Protecting Cyber Networks Act (PCNA), was passed by the House on … Continue Reading
Earlier this week, an information-sharing bill and a data breach bill passed through committee votes in the House, setting the stage for potentially significant legislative action on key cybersecurity issues in the near future. On Tuesday, the House Homeland Security Committee approved the National Cybersecurity Protection Advancement Act by a unanimous voice vote, following a … Continue Reading
As part of our continuing coverage of the Congressional Privacy Bill, we provide below a deeper examination and explanation of Title II of the bill, the Do Not Track Kids Act of 2015. The Do Not Track Kids Act of 2015 amends the Children’s Online Privacy Protection Act (“COPPA”) by making its protections more expansive … Continue Reading
Although Senator Rand Paul (R-KY) may have received the most attention for his attendance at South by Southwest (“SXSW”) Interactive, many other members of Congress were represented this year. Continuing our coverage of the conference, this past weekend we attended a panel on “The Future of Privacy,” featuring congressional representatives Darrell Issa (R-CA), Suzan DelBene … Continue Reading
By Lala Qadir A bipartisan data security bill was unveiled last week as part of a renewed push to create standardized requirements around data breach and security issues. Both co-sponsors of the bill, Representative Marsha Blackburn (R-TN) and Representative Peter Welch (D-VT), are members of the House Subcommittee on Commerce, Manufacturing, and Trade, and Blackburn … Continue Reading
By Caleb Skeath As we reported last this week, the Congressional Privacy Bill (S. 547/H.R. 1053) contains provisions that would establish a national data breach notice law, along with the Commercial Privacy Rights Act of 2015 and the Do Not Track Kids Act of 2015. Following our analysis of the Commercial Privacy Rights Act, we … Continue Reading
