Last week, the National Institute of Standards and Technology released version 1.1 of the Framework for Improving Critical Infrastructure Cybersecurity—more commonly known as the Cybersecurity Framework.
The first version of Cybersecurity Framework was initially issued in February 2014 as voluntary guidance for critical infrastructure organizations to better manage and reduce cybersecurity risk. Although it
Attorneys general from thirty-one states have signed a letter urging Congress to scrap a proposed federal breach notification law that was introduced by Rep. Blaine Lukemeyer (R-Mo.) and Rep. Carolyn Maloney (D-N.Y.) in an effort to create a national data breach notification and security standard. The proposed law, known as the Data Acquisition and Technology
Within days of realizing a data breach incident had occurred, Under Armour, Inc.—the owner of the popular calorie counting application, MyFitnessPal—began notifying its users of the breach that impacted approximately 150 million user accounts. According to the data breach notice, the MyFitnessPal team learned on March 25 that an unauthorized party acquired data associated
Last month, the North American Reliability Corporation (“NERC”) approved a settlement agreement between the Western Electric Coordinating Council (“WECC”) and an unnamed power company that imposed a penalty of $2.7 million on the power company for improper cybersecurity oversight after the company inadvertently allowed critical cyber security data to be exposed online for 70 days.
Going slow and steady may work out for you if you’re a tortoise competing against an overly confident hare. However, if you’re in the mobile device industry and have been lagging on sending out security updates, it’s time to pick up the pace. A new Federal Trade Commission report issued last month found that while
It is well known that secrets don’t make friends, and if you’re a public operating company, this is especially true for disclosures related to material cybersecurity issues. Last week, the Securities and Exchange Commission issued a guidance that serves as a reminder for public companies of their cybersecurity disclosure requirements under federal securities laws. The
In the last few years, the right to privacy has been hotly debated in the United States. What critics do not understand or appreciate is that the next technological paradigm is completely dependent on improvements both to the quality and quantity of data.
As connected things (IoT) explode in popularity, they make things such as
While no one thinks it’s a good idea to talk about breakups in the month of February, with the deadline approaching for certain federal agencies to comply with the digital identity requirements outlined in the National Institute of Standards and Technology’s Special Publication (SP) 800-63-3, agencies should prepare themselves to say goodbye to outdated,
On January 3, the Ninth Circuit Court of Appeals found that Section 1748.1 of the California Civil Code – which bars sellers from imposing surcharges for credit card payments, while still permitting discounts for payment by cash or other means – was an impermissible content-based restriction under the First Amendment of the United States Constitution