Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Michael Gruden

Michael Gruden

Michael Gruden is an associate in Crowell & Moring’s Privacy and Cybersecurity and Government Contracts groups and is resident in the Washington, D.C. office.

Michael is admitted in New York only; practicing under the supervision of D.C. Bar members.

Read Michael's bio on Crowell & Moring's website

Subscribe to all posts by Michael Gruden

Upcoming NIST Hosted DFARS Safeguarding Clause & CUI Training – October 18, 2018

Posted in Cybersecurity / Data Security
The National Institute of Standards and Technology (“NIST”) is hosting a cybersecurity workshop on the Defense Federal Acquisition Regulation System (“DFARS”) Safeguarding Clause and related regulations on Thursday, October 18, 2018.  The workshop, in coordination with the Department of Defense (“DoD”) and the National Archives and Records Administration (“NARA”), will provide an overview of Controlled… Continue Reading

Colorado’s New Data Privacy Bill Increases Notification and Safeguarding Requirements

Posted in Cybersecurity / Data Security, Privacy
The Colorado legislature recently passed a new data privacy law, House Bill 18-1128, which heightens requirements for corporate and public entities handling personal information of Colorado residents.  Effective September 1, 2018, the law aims to strengthen consumer data privacy by 1) shortening the time frame required to notify affected Colorado residents and the Attorney General… Continue Reading

Is Government Data at Risk? Study Finds Industry Cybersecurity Lagging Government

Posted in Cybersecurity / Data Security
Security ratings firm BitSight recently released a report citing a gap in cybersecurity performance between the U.S. Government and contractors.  The report was the result of a comparative security assessment between 1,212 randomly selected government contractors and 122 federal agencies. The assessment found that federal agencies were at least 15 points better than the mean for… Continue Reading

National Archives Issues New, But Limited, CUI Contract Guidance

Posted in Cybersecurity / Data Security
The Information Security Oversight Office (“ISOO”) within the National Archives and Records Administration (“NARA”) recently issued guidance for all non-executive branch entities  (such as elements of the legislative or judicial branches of the Federal Government; state, tribal or local government elements; and private organizations including contractors) concerning controlled unclassified information (“CUI”).  Specifically, the ISOO  issued… Continue Reading

U.K. Announces Fines Up To $24M For Cyber Noncompliance

Posted in Cybersecurity / Data Security
The United Kingdom’s National Cyber Security Centre (“NCSC”) recently announced guidance whereby industries could be fined up to $24 million (£17 million) for not having effective cybersecurity measures in place.  The penalties apply to critical infrastructure sectors including energy, transportation, water and healthcare.  While the U.K. government stated that these penalties will be “a last… Continue Reading

New GDPR Guidance from EU Commission

Posted in GDPR
The European Commission has recently released a new website providing guidance on the General Data Protection Regulation (“GDPR”) implementation requirements.  The website provides a plethora of resources both to industry looking to become compliant with GDPR standards as well as to citizens looking to understand their data protection rights.  Highlights of the website include a… Continue Reading

FERC Proposes to Require Expanded Cyber Security Incident Reporting

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Uncategorized
The Federal Energy Regulatory Commission (“FERC”) recently proposed that the North American Electric Reliability Corporation (“NERC”), which is responsible for promulgating and enforcing FERC-approved mandatory electric reliability standards, revise its Critical Infrastructure Protection (“CIP”) standards to require additional circumstances under which reporting of cybersecurity incidents is mandatory.   FERC’s goal is to enhance the awareness of… Continue Reading