On December 18, 2020, federal financial regulatory agencies jointly announced a proposed rule that would impose new and expanded reporting requirements on supervised banking organizations that experience a “computer-security incident,” requiring notice within 36 hours of any computer-security incident that rises to the level of a “notification incident.” In a significant departure from current reporting […]
Search Results for: Cybersecurity Regulation
In Response to Covid-19, NYDFS Delays while CA AG Declines to Change CCPA Timing
According to a report from the International Association of Privacy Professionals, the California Attorney General has confirmed that enforcement of the California Consumer Privacy Act (CCPA) will not be delayed due to the Covid-19 pandemic. “We’re committed to enforcing the law as early as July 1,” said a representative of the Attorney General’s office according […]
New Hampshire Passes Insurance Data Security Law
New Hampshire recently passed its Insurance Data Security Law based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The law will go into effect January 1, 2020. New Hampshire is one of several states, including Alabama, Connecticut, Delaware, Michigan, Mississippi, Ohio, and South Carolina, that has passed an insurance data […]
Chairman Rogers and Ranking Member Ruppersberger Reintroduce Cyber Intelligence Sharing and Protection Act (CISPA)
House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) re-introduced the Cyber Intelligence Sharing and Protection Act (CISPA) this morning. The bill has been numbered H.R. 624. In their press release, Chairman Rogers and Ranking Member Ruppersberger confirmed that this bill is identical to the version that the full House of Representatives approved by […]
CISA Posts Notice of Proposed Rulemaking Under CIRCIA
On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM) implementing the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). For additional background on CIRCIA, see our prior advisory. CISA is required to issue a final rule by October 4, 2025. Who is required to report covered […]