Government Regulations & FISMA

Subscribe to Government Regulations & FISMA via RSS

On June 20, 2014, Florida enacted the Florida Information Protection Act of 2014 (FIPA) to strengthen its data breach notification law. The amendments, which take effect July 1, will make Florida one of the strictest jurisdictions for reporting deadlines (which shortens to 30 days) and the types of information that trigger notification obligations (Which now

We are pleased to announce the publication of a report titled “Data Law Trends & Developments: E-Discovery, Privacy, Cyber-Security & Information Governance.” The report explores recent trends and anticipated future developments on critical issues related to the intersection of technology and the law, which affect a wide range of companies and industries. In addition, the report highlights key cases and issues to watch in 11 areas of data law, including: information governance, cybersecurity, social media, technology-assisted review, criminal law, regulatory, cooperation, privacy, cross border transfers, bring your own device (BYOD), and privilege.
Continue Reading Crowell & Moring Releases “Data Law Trends & Developments” and Announces Expanded “Data Law Insights” Blog

On May 7, 2014, the Department of Health and Human Services Office of Civil Rights (“OCR”) announced the latest in a string of increasingly aggressive settlements of alleged Health Insurance Portability and Accountability Act (“HIPAA”) violations. The twin settlements with New York and Presbyterian Hospital (“NYP”) and Columbia University (“CU”) are the largest settlements to

After a year of development, NIST has released the long-awaited Cybersecurity Framework, which promises to have significant implications for the public and private sectors alike. The final version retains much of the Framework Core set forth in the draft version and provides a blueprint to align cybersecurity efforts (along with the accompanying Roadmap document

In a January 15, 2014 update, the National Institutes of Standards and Technology (“NIST”) announced that it would eliminate contentious privacy provisions in Appendix B of the Preliminary Cybersecurity Framework. The appendix was originally intended “to protect individual privacy and civil liberties” as part of the February 2012 Executive Order 13636 requiring NIST

A DFARS final rule (Nov. 18, 2013) on the safeguarding of unclassified, controlled technical information requires contractors, among other things, to report within 72 hours of discovery any “cyber incident” (an action that results in an actual or potentially adverse affect on an information system and/or the information residing therein), preserve relevant data for at

With the HIPAA Final Rule now in place, business associates as well as subcontractors must comply with the entire Security Rule (among other aspects of HIPAA) and face direct liability for the failure to do so. Some entities may be surprised to learn they are subject to HIPAA given the recently expanded definition of “business

2013 has been a historic year for cybersecurity, privacy and data breach issues. From the President’s Executive Order, to the revised NIST security & privacy controls, and to the groundbreaking Mandiant report on cyber espionage, the pressure is on for companies to secure their handling of sensitive data.

In order to mitigate the risk of

With no comprehensive cybersecurity legislation nearing the finish line, Congress and federal agencies have attempted to fill the void with a series of piecemeal laws, regulations, and polices leaving both the public and private sector with fragmented — even inconsistent — guidance on how to defend cyberspace.  As we discuss in our recent article, “

Following its key cyber role in President Obama’s Executive Order No. 13636 issued this February, the National Institute of Standards and Technology (NIST) again seized the reins on federal cybersecurity standards on April 30, issuing the 457-page tome, Security and Privacy Controls for Federal information Systems and Organizations, that not only provides the “most