Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Category Archives: Government Regulations & FISMA

Subscribe to Government Regulations & FISMA RSS Feed

The PRC Cybersecurity Law Takes Effect

Posted in Cybersecurity / Data Security, Government Regulations & FISMA
The first comprehensive data protection framework in China’s history, the PRC Cybersecurity Law, takes effect today, June 1, 2017, despite concerns from businesses around the world about the law’s stringency and scope. The law will carry with it the authority to impose fines up to approximately $145,000.00 per violation in addition to various administrative and… Continue Reading

What’s Next For Federal Anti-SLAPP Legislation

Posted in Cybersecurity / Data Security, Government Regulations & FISMA
Congress may re-introduce federal anti-SLAPP legislation this session.  Similar bills in 2009, 2012, and 2015 never made it out of committee.  Our Law360 article identifies several areas to improve on a fourth attempt to enact a universal anti-SLAPP law.  The article also highlights the constant battle between First Amendment rights and rights to protect one’s… Continue Reading

FTC’s New Online Quiz: Which Federal Laws Apply to Your App?

Posted in Government Agencies, Government Regulations & FISMA, Health IT, Privacy
On Tuesday, the FTC simultaneously released a “Mobile Health App Interactive Tool” and “Best Practices,” to help mobile health app developers navigate the maze of federal regulation, including data privacy regulation.  The tool walks developers through a series of high level questions about the nature of their app, and uses the answers to those questions… Continue Reading

Crowell & Moring’s 2016 Litigation & Regulatory Forecasts: What Corporate Counsel Need to Know for the Coming Year

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Internet of Things, Privacy
Crowell & Moring LLP is pleased to release its “2016 Litigation & Regulatory Forecasts: What Corporate Counsel Need to Know for the Coming Year.” The reports examine the trends and developments that will impact corporations in the coming year—from the last year of the Obama administration to how corporate litigation strategy is transforming from the… Continue Reading

Interim Rule Could Expand Already Onerous DFARS Cyber Requirements

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors, Rules
Yesterday, the DoD published an Interim Rule that, if finalized as drafted, would expand the already onerous requirements of the DFARS Safeguarding Clause to a broader array of potentially 10,000 defense contractors.  Citing “recent high-profile breaches of federal information,” the DoD’s Interim Rule emphasizes the need for clear, effective, and consistent cybersecurity protections in its… Continue Reading

Recent FTC Safe Harbor Enforcement Takeaways

Posted in Cybersecurity / Data Security, Government Agencies, Government Regulations & FISMA, Privacy
The Federal Trade Commission (FTC) has struck again in the data privacy world, this time at 13 companies that allegedly misrepresented in their privacy statements that they were U.S.-EU or U.S.-Swiss Safe Harbor certified. This latest enforcement sweep demonstrates the FTC’s privacy focus and reinforces the need for companies to make accurate public representations. The… Continue Reading

Economic Espionage: A Real Risk for Universities

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Privacy, Public Sectors
The recent arrests of Chinese nationals for alleged economic espionage are raising eyebrows across American industries, who are rightfully asking how they can protect themselves from becoming the next foreign target. U.S. universities have been key figures in these headlines. The risk of economic espionage is a serious one for higher education because universities are… Continue Reading

Three State Data Breach Laws Set to Change This Summer

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy
With Memorial Day unofficially kicking off summer, those keeping up on recent changes to state data breach laws are eyeing their calendars, as a series of state amendments are due to come into effect.  Beginning on July 1, both Nevada and Wyoming will expand their definitions of personal information.  One month later on August 1,… Continue Reading

Supreme Court to Consider Congressionally-Conferred Privacy Breach Standing

Posted in Data Breach, Government Regulations & FISMA, Information Management, Privacy, Social Media
One year ago, data broker Spokeo, Inc. asked the Supreme Court to reconsider the Ninth Circuit’s revival of a putative class action against it for willfully violating the Fair Credit Reporting Act (“FCRA”) by publishing personal information without notice.  This week, the Court heeded that request, granting certiorari.  In doing so, it has paved the… Continue Reading

The “Sense of the Senate” is Pro-Internet of Things

Posted in Government Agencies, Government Regulations & FISMA, Internet of Things, Privacy
On Monday, the Senate passed Resolution 110, calling for the development of a national strategy that incentivizes and accelerates the country’s use of the “Internet of Things,” or IoT.  The Resolution comes amidst increased attention on the IoT industry, including the first Congressional hearings on the subject in both the House and the Senate.  The… Continue Reading

Cyber Executive Order Continues the Push for Public-Private Partnerships

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy, Public Sectors
In conjunction with his remarks at the White House Summit on Cybersecurity at Stanford University earlier this month, President Obama signed Executive Order 13691, entitled “Promoting Private Sector Cybersecurity Information Sharing.”  Published in the Federal Register last week, the Order is intended to encourage and facilitate cybersecurity information sharing within the private sector, and also… Continue Reading

Senate Hearing Examines Internet of Things

Posted in Government Regulations & FISMA, Internet of Things, Public Sectors
Last week, the Senate Committee on Commerce, Science, and Transportation convened to hold a hearing on “The Connected World: Examining the Internet of Things.” Signaling that Congress may be interested in delving into this area, Senators pressed witnesses about the best ways to strike a balance between fostering innovation and protecting consumer interests. Senators and… Continue Reading

President Obama Announces Major Cyber and Privacy Legislation

Posted in Criminal Law, Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy
President Obama recently proposed several new laws reflecting the administration’s increased focus on privacy and cyber issues. The proposals seek to create a consistent national data breach notification law (to replace the current patchwork of 47 state laws), to encourage cyber threat information sharing, and to update cybercrime enforcement. Although Immediate reactions to the proposed… Continue Reading

Snapchat Settlement Highlights Continued FTC Scrutiny of Privacy and Security Representations

Posted in Cybersecurity / Data Security, Data Breach, Government Regulations & FISMA, Information Management, Privacy, Sanctions
The Federal Trade Commission (FTC) has been at it again, settling on December 31, 2014 with Snapchat over privacy and data security concerns stemming from its text and video mobile messaging services. The settlement is instructive for gauging the FTC’s enforcement priorities and illustrates the steep costs a company can face when the FTC alleges… Continue Reading

Florida Continues Trend to Strengthen Breach Laws

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Public Sectors
On June 20, 2014, Florida enacted the Florida Information Protection Act of 2014 (FIPA) to strengthen its data breach notification law. The amendments, which take effect July 1, will make Florida one of the strictest jurisdictions for reporting deadlines (which shortens to 30 days) and the types of information that trigger notification obligations (Which now… Continue Reading

Crowell & Moring Releases “Data Law Trends & Developments” and Announces Expanded “Data Law Insights” Blog

Posted in Accessibility, Admissibility, Cloud Computing, Cooperation/Meet & Confer, Criminal Law, Cybersecurity / Data Security, Data Breach, Ethics, Government Agencies, Government Contracting, Government Regulations & FISMA, Information Management, Preservation, Privacy, Privilege/Rule 502, Proportionality, Public Sectors, Rules, Sanctions, Social Media, Spoliation, Technology Assisted Review, Transnational Discovery
We are pleased to announce the publication of a report titled “Data Law Trends & Developments: E-Discovery, Privacy, Cyber-Security & Information Governance.” The report explores recent trends and anticipated future developments on critical issues related to the intersection of technology and the law, which affect a wide range of companies and industries. In addition, the… Continue Reading

Navigating a Hostile Regulatory Climate: Practical Lessons Following OCR’s Latest $4.8 MM HIPAA Settlements

Posted in Cybersecurity / Data Security, Government Agencies, Government Regulations & FISMA, Public Sectors
On May 7, 2014, the Department of Health and Human Services Office of Civil Rights (“OCR”) announced the latest in a string of increasingly aggressive settlements of alleged Health Insurance Portability and Accountability Act (“HIPAA”) violations. The twin settlements with New York and Presbyterian Hospital (“NYP”) and Columbia University (“CU”) are the largest settlements to… Continue Reading

The “Cyber Framework” Arrives

Posted in Cybersecurity / Data Security, Government Agencies, Government Regulations & FISMA, Privacy, Public Sectors
After a year of development, NIST has released the long-awaited Cybersecurity Framework, which promises to have significant implications for the public and private sectors alike. The final version retains much of the Framework Core set forth in the draft version and provides a blueprint to align cybersecurity efforts (along with the accompanying Roadmap document with… Continue Reading

NIST Eliminates Privacy Appendix from Cybersecurity Framework

Posted in Cybersecurity / Data Security, Government Agencies, Government Regulations & FISMA, Privacy, Public Sectors
In a January 15, 2014 update, the National Institutes of Standards and Technology (“NIST”) announced that it would eliminate contentious privacy provisions in Appendix B of the Preliminary Cybersecurity Framework. The appendix was originally intended “to protect individual privacy and civil liberties” as part of the February 2012 Executive Order 13636 requiring NIST to establish… Continue Reading

New DFARS Safeguards and Reporting Requirements

Posted in Cybersecurity / Data Security, Government Agencies, Government Contracting, Government Regulations & FISMA
A DFARS final rule (Nov. 18, 2013) on the safeguarding of unclassified, controlled technical information requires contractors, among other things, to report within 72 hours of discovery any “cyber incident” (an action that results in an actual or potentially adverse affect on an information system and/or the information residing therein), preserve relevant data for at… Continue Reading

Guess What? You’re Now Subject to HIPAA (Yes, You!): The Broad Reach of HIPAA over Business Associates

Posted in Cybersecurity / Data Security, Government Regulations & FISMA, Privacy
With the HIPAA Final Rule now in place, business associates as well as subcontractors must comply with the entire Security Rule (among other aspects of HIPAA) and face direct liability for the failure to do so. Some entities may be surprised to learn they are subject to HIPAA given the recently expanded definition of “business… Continue Reading

Cybersecurity and Data Privacy in 2013: Contracting in a Time of Increased Scrutiny

Posted in Cloud Computing, Cybersecurity / Data Security, Government Regulations & FISMA, Privacy, Public Sectors
2013 has been a historic year for cybersecurity, privacy and data breach issues. From the President’s Executive Order, to the revised NIST security & privacy controls, and to the groundbreaking Mandiant report on cyber espionage, the pressure is on for companies to secure their handling of sensitive data. In order to mitigate the risk of… Continue Reading

Regulating Cybersecurity On A Piecemeal Basis—Can The Executive Order Harmonize The Cyber Law Patchwork?

Posted in Cybersecurity / Data Security, Government Agencies, Government Regulations & FISMA, Privacy, Rules
With no comprehensive cybersecurity legislation nearing the finish line, Congress and federal agencies have attempted to fill the void with a series of piecemeal laws, regulations, and polices leaving both the public and private sector with fragmented — even inconsistent — guidance on how to defend cyberspace.  As we discuss in our recent article, “Regulating… Continue Reading

NIST Now “King of the Hill” on Cyber Standards

Posted in Cybersecurity / Data Security, Government Agencies, Government Regulations & FISMA, Privacy, Public Sectors
Following its key cyber role in President Obama’s Executive Order No. 13636 issued this February, the National Institute of Standards and Technology (NIST) again seized the reins on federal cybersecurity standards on April 30, issuing the 457-page tome, Security and Privacy Controls for Federal information Systems and Organizations, that not only provides the “most comprehensive… Continue Reading