Tag Archives: Legislation

Scope of Preemption in Proposed Data Security Legislation is Uncertain

According to a recent analysis by the Congressional Research Service (“CRS”), the extent of state law preemption in recent federal legislative proposals relating to data security is unclear.  Several bills introduced in the 114th Congress would impose federal data security or breach notification requirements on covered entities, similar to existing requirements in nearly every state. … Continue Reading

Congress Passes the Cybersecurity Act of 2015

The Cybersecurity Act of 2015 (the “Act”) was passed by Congress today as part of the 2016 omnibus spending package.  The Act is very similar to the Cybersecurity Information Sharing Act (“CISA,” S. 754), which passed the Senate on October 27 and was the subject of our previous analysis, although there are some important differences … Continue Reading

Senators Introduce Online Terrorist Activity Reporting Bill

Senators Feinstein (D-CA) and Burr (R-NC) introduced legislation today that would impose reporting duties on entities that “obtain[] actual knowledge of any terrorist activity.”  The bill applies to entities “engaged in providing an electronic communication service or a remote computing service to the public,” which includes social media companies.  Those entities are required to report … Continue Reading

A Closer Look at CISA’s Cybersecurity Information-Sharing Provisions

As we reported on October 27, the U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754).  If enacted into law, CISA would, among other things, establish a voluntary framework for the sharing of cybersecurity threat information between and among the federal government and private entities.  CISA must now be reconciled with two similar … Continue Reading

Senate Passes Cybersecurity Information Sharing Legislation

The U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754) today.  In material part, the bill: establishes a voluntary framework for real-time information sharing of “cyber threat indicators” and “defensive measures” between private organizations (defined to also include state and local governments) and the federal government; with respect to information sharing among private … Continue Reading

Fiat-Chrysler Recalls 1.4 Million Vehicles In Response to Security Vulnerability

Last Friday, Fiat Chrysler announced the recall of 1.4 million vehicles to fix security vulnerabilities, further highlighting the importance of properly addressing cybersecurity issues created by the use of connected devices.  The recall follows an article published last Tuesday by Wired magazine which described methods used by security researchers to remotely access a Jeep Cherokee, … Continue Reading

House Passes Cybersecurity Information Sharing Bills

Yesterday the U.S. House of Representatives passed the National Cybersecurity Protection Advancement Act (NCPAA), a bill that would provide liability protections for companies sharing cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC).  A related bill, the Protecting Cyber Networks Act (PCNA), was passed by the House on … Continue Reading

House Committees Approve Information Sharing and Data Breach Notice Bills, Setting Stage for Floor Vote

Earlier this week, an information-sharing bill and a data breach bill passed through committee votes in the House, setting the stage for potentially significant legislative action on key cybersecurity issues in the near future.  On Tuesday, the House Homeland Security Committee approved the National Cybersecurity Protection Advancement Act by a unanimous voice vote, following a … Continue Reading

Covington at #SXSW 2015: Members of Congress Discuss Future of Privacy

Although Senator Rand Paul (R-KY) may have received the most attention for his attendance at South by Southwest (“SXSW”) Interactive, many other members of Congress were represented this year.  Continuing our coverage of the conference, this past weekend we attended a panel on “The Future of Privacy,” featuring congressional representatives Darrell Issa (R-CA), Suzan DelBene … Continue Reading

Bipartisan Data Security Bill Put Forth For Review

By Lala Qadir A bipartisan data security bill was unveiled last week as part of a renewed push to create standardized requirements around data breach and security issues.  Both co-sponsors of the bill, Representative Marsha Blackburn (R-TN) and Representative Peter Welch (D-VT), are members of the House Subcommittee on Commerce, Manufacturing, and Trade, and Blackburn … Continue Reading

Congressional Privacy Bill: Commercial Privacy Rights Act of 2015

By Caleb Skeath As we reported yesterday, the Congressional Privacy Bill has been released, following the release of the White House’s proposal for a privacy bill in late February.  The bill contains the Commercial Privacy Rights Act of 2015, the Congressional counterpart to the White House’s proposal, along with data breach notification provisions and the … Continue Reading

White House Privacy Bill Is Released

The White House’s much anticipated draft privacy legislation has now been released.   We are digesting its content now and will post an update with some additional comments shortly. The draft appears to include an expansive definition of “personal data.”  In addition, early press reports note that the draft bill would require companies to inform consumers and … Continue Reading

Data Breach Notification Bills Introduced in House and Senate

By Caleb Skeath Last week, Reps. Joe Barton (R-TX) and Bobby Rush (D-IL) re-introduced the Data Accountability and Trust Act (DATA Act) in the House of Representatives.  The bill (H.R. 580), which has been introduced several times in previous years, would provide a nationwide data security standard, backed by FTC enforcement and civil penalties, as … Continue Reading

House Debates Federal Data Breach Legislation

This morning, the House Subcommittee on Commerce, Manufacturing, and Trade, chaired by Rep. Michael Burgess (R-TX), held a hearing to determine what elements should be included in federal data breach legislation.  Despite the momentum for legislation created by high-profile breaches at retailers like Target and Home Depot, and most recently at Sony, ongoing efforts in … Continue Reading

House Subcommittee to Hold Hearing and Begin Drafting Data Breach Bill

Tomorrow at 10:00 a.m., the House Subcommittee on Commerce, Manufacturing, and Trade will hold a hearing to determine what elements should be included in federal data-breach legislation.  The following witnesses are scheduled to testify: Elizabeth Hyman, Tech America Executive Vice President of Public Policy Jennifer Glasgow, Acxiom Chief Privacy Officer Brian Dodge, Retail Industry Leaders Association … Continue Reading

Bill Restricting the NSA’s Data Collection Practices Blocked in the Senate

By Randall Friedland Yesterday, the USA Freedom Act (S. 2685), a bill aimed at curbing the National Security Agency’s (“NSA”) data collection practices, fell two votes short of the 60 votes necessary for cloture in the Senate.  The bill was largely blocked by Senate Republicans who expressed concern that the legislation would harm the government’s … Continue Reading

Calif. Gov. Brown Signs 8 Bills to Strengthen Privacy Protections

On Tuesday, September 30th, California Governor Jerry Brown signed into law 8 bills his office says were designed to “strengthen privacy [ ] protections.” Among the bills is AB 2306, which prevents the attempt to capture an image or sound recording in an offensive manner through the use of any technological device. Among other things, … Continue Reading

Florida Enacts Stringent Breach Notice Law

Last Friday, Florida’s governor signed into law the Florida Information Protection Act of 2014 (“FIPA”), a bill repealing Florida’s existing data security breach notice law and replacing it with what will be one of the nation’s most stringent breach notice laws.  This post summarizes the key aspects of the new law, which becomes effective July … Continue Reading

EU Justice Ministers Reach A Common Position on Aspects of the Draft EDPR

On June 6, 2014, the Justice and Home Affairs Council of the European Union (the “Council”), representing individual EU Member States, reached a common position on certain important aspects of the draft European Data Protection Regulation (the “Regulation”).  Specifically, the Council reached an agreement on rules governing transfers of personal data outside the EU, set … Continue Reading

Senate Judiciary Subcommittee To Examine “Stalking Apps”

Tomorrow, the Senate Judiciary Subcommittee on Privacy, Technology and the Law will hold a hearing on legislation reintroduced in March by Senator Al Franken (D-MN), the Location Privacy Protection Act of 2014.  The bill would regulate the development, operation, and sale of “stalking apps” and also would require companies to get consumer permission before collecting … Continue Reading

Obama Administration and House Intelligence Committee Announce Proposals to Reform NSA Bulk Collection Program

After months of debating how to reform the National Security Agency’s bulk telephony metadata program, the Obama administration confirmed on Tuesday that it will ask Congress to pass legislation that restructures the program and ends the government’s practice of retaining bulk phone records. Under the proposal, as described in media reports, the NSA would end … Continue Reading
LexBlog