On October 22, 2013, the National Institute of Standards and Technology (NIST) released its Preliminary Cybersecurity Framework (“Framework”), marking one of the final steps in creating the “voluntary” Framework envisioned in an Obama Administration Executive Order (EO) issued earlier this year. That EO, which was designed to strengthen the cybersecurity of the United States’ critical […]
Privacy & Cyber Regulatory Enforcement
FTC Chairwoman Reiterates Support for National Data Breach Law with FTC Enforcement Powers
At the National Consumers League Conference on identity theft, held on December 12, 2013 in Washington, D.C., Federal Trade Commission (“FTC”) Chairwoman Edith Ramirez pushed for a federal data breach law featuring the FTC as the “enforcer.” Chairwoman Ramirez engaged in a keynote discussion with former FTC Chairwoman Deborah Platt Majoras and made her position […]
Congress Considers Cybersecurity Bills
Earlier last week, House Homeland Security Committee Chairman Michael McCaul (R-TX) introduced H.R. 3696, a bill to amend the Homeland Security Act to make certain improvements regarding cybersecurity and critical infrastructure protection. The committee circulated the draft earlier this year, and had planned to mark up the bill when the Edward Snowden revelations became public. The bill […]
California Attorney General Announces Upcoming Best Practices Guidelines for Do-Not-Track Disclosures; Guidelines Will Not Delay New A.B. 370 Do-Not-Track Disclosure Requirements from Taking Effect on January 1, 2014
On December 10, 2013, the Privacy Enforcement and Protection Unit of the California Office of the Attorney General (CA AG) held a meeting in San Francisco for interested stakeholders to discuss best practices in light of the Assembly’s enactment of A.B. 370, California’s new do-not-track disclosure law that goes into effect on January 1, 2014. […]
New HHS OIG Report Raises Concerns about Oversight and Enforcement of HIPAA Security Rule
On Wednesday, December 4, 2013, the HHS Office of Inspector General (OIG) issued a report raising concerns about the adequacy of the HHS Office for Civil Rights’ (OCR) oversight and enforcement of HIPAA’s Security Rule. The Security Rule establishes the administrative, physical, and technical safeguards that covered entities and their business associates are required to implement […]