After years of vigorous debate and numerous bills aimed at incentivizing cyber threat intelligence sharing having failed to become law, on December 18, 2015, President Obama signed an omnibus spending bill containing the Cybersecurity Information Sharing Act of 2015 (“CISA”). The statute is located in Title I of Division N of the bill, beginning on […]
Board Governance & Cyber Risk Management
Swire and Future of Privacy Forum Release White Paper for E.U. Regulators on U.S. Surveillance Law and Safe Harbor
Peter Swire, Alston & Bird Senior Counsel and professor at Georgia Institute of Technology Scheller College of Business, has released a new white paper through the Future of Privacy Forum titled “U.S. Surveillance Law, Safe Harbor, and Reforms Since 2013.” The paper is a submission to a forum sponsored by the Belgian Privacy Commission on […]
EU Institutions Reach Agreement on First Pan-European Legislation on Cybersecurity
On December 7, 2015, after more than two years of legislative consideration, the European Parliament and the European Council reached a political agreement concerning the Directive on Network and Information Security (“NIS Directive”). Under the NIS Directive, operators of essential services will be required to take appropriate security measures and report cybersecurity incidents. The amended draft NIS […]
FTC and FCC Sign Consumer Protection MOU
Since 2014, the Federal Communications Commission (FCC) has engaged in an increasing number of privacy and data security enforcement actions. The scope of the Commission’s jurisdiction over carriers has also dramatically increased – at least temporarily – following its recent net neutrality order, which reclassified broadband Internet access service as a telecommunications service under Title […]
Moody’s Identifies Cyber Risk As Key Factor in Credit Ratings
In a report released November 23, Moody’s Investors Service announced that the implications of cyber threats could start taking a higher priority in its credit analysis. Moody’s said it views cyber threats as similar to other extraordinary event risks, such as a natural disaster. “While we do not explicitly incorporate cyber risk as a principal […]