On October 22, 2013, the National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework (“Framework”), marking one of the final steps in creating the “voluntary” Framework envisioned in an Obama Administration Executive Order (EO) issued earlier this year. That EO, which was designed to strengthen the cybersecurity of the United States’ critical […]
Data Security
New Malaysian Data Privacy Law
After enactment in 2010, Malaysia’s Personal Data Protection Act, and implementing regulations, finally went into effect on November 15, 2013. The law applies to the processing of “personal data” by entities operating in Malaysia but generally does not apply to data processed entirely outside of Malaysia.[1] Additionally, official registration requirements will extend to many classes […]
California’s New Privacy Law Covering Utility ‘Smart Meter’ Data Takes Effect on January 1, 2014
On January 1, 2014, California’s new “smart meter” privacy law goes into effect, which may impact Internet Service Providers, financial institutions and other businesses that handle or receive smart meter data. On October 5, 2013, California Governor Brown approved the law passed by the Assembly (A.B. 1274) that will require certain non-utility businesses to obtain the […]
Department of Defense Publishes Safeguarding Rule Requiring Contractors to Follow NIST Security Standards, Report Cybersecurity Incidents
On November 18, the U.S. Department of Defense (“DoD”) published a final safeguarding rule (the “UCTI Safeguarding Rule”) applicable to contractors in possession of unclassified yet nonpublic technical information (“UCTI”) that requires them to, at a minimum, satisfy the security controls specified in NIST Special Publication (SP) 800-53 in order to safeguard UCTI. Additionally, the UCTI Safeguarding […]
Kim Peretti Interviewed by BankInfoSecurity about Her Discussion at the 2013 Fraud Summit
On October 22, Alston & Bird’s Kim Peretti, Security Incident Management & Response Team co-chair, spoke at the 2013 Fraud Summit in a session titled “Post-Fraud Investigation: Effective, Efficient, Defensible.” Her presentation focused on how organizations must ensure they are prepared to respond effectively, efficiently and defensibly when they detect fraudulent activity. Following the conference, […]