The Department of Defense (DoD) has released Version 1.0 of the Cybersecurity Maturity Model Certification (CMMC), Appendices A-F, and an Overview Briefing. While Version 1.0 largely mirrors the draft Version 0.7, the final version includes notable revisions. Please click here to see the full client alert.
Cybersecurity
Ninth Circuit Rejects Facebook’s Article III Argument; Biometric Lawsuit Will Proceed
On August 8, 2019, the U.S. Court of Appeals for the Ninth Circuit issued yet another decision adopting relaxed standing requirements in privacy litigation, this time in a decision permitting a plaintiff to pursue claims under Illinois’s Biometric Information Privacy Act (BIPA). In Patel v. Facebook, the Ninth Circuit rejected arguments from Facebook Inc. (Facebook) that claims under the BIPA require assertions of real-world harm, and that BIPA claims only apply to conduct within Illinois. The ruling creates a circuit split on the standard for establishing Article III standing in BIPA litigation, which could prompt the U.S. Supreme Court to take up the issue.
DoD Increases DCMA Cybersecurity Responsibilities
The Department of Defense recently released a memorandum directing the Defense Contract Management Agency (DCMA) to implement and assess company-wide cyber compliance with the DFARS Safeguarding Clause and related security standard, NIST SP 800-171. For further analysis, visit our Government Contracts Legal Forum blog post.
U.K. Announces Fines Up To $24M For Cyber Noncompliance
The United Kingdom’s National Cyber Security Centre (“NCSC”) recently announced guidance whereby industries could be fined up to $24 million (£17 million) for not having effective cybersecurity measures in place. The penalties apply to critical infrastructure sectors including energy, transportation, water and healthcare. While the U.K. government stated that these penalties will be “a last …
New GDPR Guidance from EU Commission
The European Commission has recently released a new website providing guidance on the General Data Protection Regulation (“GDPR”) implementation requirements. The website provides a plethora of resources both to industry looking to become compliant with GDPR standards as well as to citizens looking to understand their data protection rights. Highlights of the website include a …
FBI and FTC on Privacy Risks Stemming from “Smart” Toys
Earlier this month, the Federal Bureau of Investigation (FBI) issued a public comment about privacy, cybersecurity, and safety risks associated with internet-connected toys. The FBI’s comment builds on the Federal Trade Commission’s recent amendment to the Children’s Online Privacy Protection Act (COPPA), which explicitly states that connected toys are deemed “websites or online services”…
CFAA Conviction for Accessing and Damaging Former Employer’s Computer System
Last week, a federal court sentenced a former systems administrator convicted of accessing his former employer’s computer network and uploading malicious code designed to disrupt and damage the company’s manufacturing operations.
Brian P. Johnson worked for years as an information technology specialist and systems administrator at Georgia-Pacific’s Port Hudson, LA facility. In February 2014, Georgia-Pacific…
Illinois’ First Settlement under Biometric Law; AMA Adopts Principles for Mobile Health Apps; Ecuador to Enact Data Privacy Law
Illinois State Court Issues First Settlement under Biometric Law
On December 1, 2016, the Cook County Circuit Court in Illinois approved what is being reported as the first settlement under the state’s Biometric Information Privacy Act, 740 ILCS 14/1 (BIPA or the Act). BIPA provides a private right of action against companies that fail to…
Privacy & Cybersecurity Weekly News Update – Week of October 15
Hospital pays $2.1MM HIPAA settlement; Dynamic IP addresses protected under EU laws; EU guidance on GDPR coming soon; California’s new privacy compliance tool; banking regulators consider cybersecurity; FCC privacy proposal comments; OMB’s new privacy office; DFARS finalizes Safeguarding Rule
Hospital pays $2.1M to settle alleged HIPAA violations
St. Joseph Health, a California-based health system, reached…
Privacy & Cybersecurity Weekly News Update
Hamburg DPA orders WhatsApp to stop sharing data with Facebook; GAO: HHS Needs to Improve is Digital Health Protection Rules; Notice and Choice Becoming Par for the Course for Interest-Based-Ads in Apps
German Data Protection Authority of Hamburg orders WhatsApp to stop sharing data with Facebook
On September 27, 2016, the Hamburg Commissioner for…