Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Michael Gruden

Subscribe to all posts by Michael Gruden

National Archives Issues New, But Limited, CUI Contract Guidance

Posted in Cybersecurity / Data Security
The Information Security Oversight Office (“ISOO”) within the National Archives and Records Administration (“NARA”) recently issued guidance for all non-executive branch entities  (such as elements of the legislative or judicial branches of the Federal Government; state, tribal or local government elements; and private organizations including contractors) concerning controlled unclassified information (“CUI”).  Specifically, the ISOO  issued… Continue Reading

U.K. Announces Fines Up To $24M For Cyber Noncompliance

Posted in Cybersecurity / Data Security
The United Kingdom’s National Cyber Security Centre (“NCSC”) recently announced guidance whereby industries could be fined up to $24 million (£17 million) for not having effective cybersecurity measures in place.  The penalties apply to critical infrastructure sectors including energy, transportation, water and healthcare.  While the U.K. government stated that these penalties will be “a last… Continue Reading

New GDPR Guidance from EU Commission

Posted in GDPR
The European Commission has recently released a new website providing guidance on the General Data Protection Regulation (“GDPR”) implementation requirements.  The website provides a plethora of resources both to industry looking to become compliant with GDPR standards as well as to citizens looking to understand their data protection rights.  Highlights of the website include a… Continue Reading

FERC Proposes to Require Expanded Cyber Security Incident Reporting

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Uncategorized
The Federal Energy Regulatory Commission (“FERC”) recently proposed that the North American Electric Reliability Corporation (“NERC”), which is responsible for promulgating and enforcing FERC-approved mandatory electric reliability standards, revise its Critical Infrastructure Protection (“CIP”) standards to require additional circumstances under which reporting of cybersecurity incidents is mandatory.   FERC’s goal is to enhance the awareness of… Continue Reading