1st state to adopt model insurance data security law: South Carolina
2nd state: Ohio legislation with 8 modifications SB 273 (OH | 2018)
The model law: NAIC
Monthly Archives: December 2018
Lege TREND. State passes Equifax Fix. State Attorney General Proposes More Fixes. 2 Key Points.
In 2018, Vermont passed a data breach notification bill to address the Equifax data breach.
Vermont’s Attorney General is Recommending the following additional legislative fixes:
- Create a new statewide office, Chief Privacy Officer, charged with ensuring the state establishes best practices for handling Vermonters’ personal information
- the position would advocate for additional privacy protections for citizens & hear concerns
- Stronger protections for student data by educational…
Lege TREND. State wants to save costs. Move to Digital Records. Procurement Opportunity.
New Jersey is looking to save costs by moving to exclusively digital records, making the state government paperless.
The caveat: data security risks
What was the legislative plan to get to a paperless NJ state government?
- The Govenror made it a goal for his administration
- Legislation creates a task force to make recommendations and suggestionts to address concerns, like data security
- Task Force 15 person membership includes:
- secretary of state
- state treasurer
- director of the New…
Lege TREND. Top Data Security State Legislation in 2019.
- California Privacy Act. Will other states replicate it? Is it the US solution for GDPR?
- Federal Preemption. Will Congress pass federal data breach notification standards?
- Data Privacy Requirements for Internet of Things. Privacy standards for your home thermostat, etc… See California’s SB 327 (2018)
- Will small businesses get a carve out bill? See S770 (115th Congress)
- Federal Preemption of Data Encryption Standards for Business
Lege TREND. Experts speak. What should an ideal data security law look like? 9 quick points
According to lawyers wirting in the Harvard Business Review, a data security regulatory system should:
- focusing more on systemic ways to address cyber threat
- not treat businesses punitively
- require the federal government to take a more active role in cyber defense
- require the federal government to share cybersecuity knowledge with the private sector
- require agencies to “issue pragmatic, cost-effective operational guidance to companies on how to defend against evolving risks”
- incentivizing…
3 Reasons Government Help Needed to Stop Data Breaches. Businesses Are Victims Too.
- Thinking on these laws is backwards. Laws should switch from punishing coporations to realizing in data breaches, companies are most likely also victims of criminal activity
- it is not a fair framework to punish companies
- and it is not effective enforcement
- Limited cyber experts. It is impossible for “every company in America to have sufficient internal cyber expertise to manage the risk.”
- The robbery analogy. When a bank is robbed, do we blame the bank? No.
Should cyber security bills include "fake news"?
Stanford researchers and other professors looking at this federal definition of cybersecurity:
Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation
think that the definition is outdated and needs to reflect the use of…
Lege TREND. Anatomy of a BlockChain Task Force.
The New Jersey Senate passed a Block Chain Task Force bill S2297 (NJ |2018) that will determine whether:
- NJ should be using Blockchain technology to modernize government systems
- it would safeguard personal data is good for NJ
- if it would help with service delivery
- whether it would be good for local governments
Touted benefits of blockchain/distributed ledger storage? could also help safeguard government systems from cyber-security attacks
3 Reasons a State Chamber of Commerce Supported a Data Security Bill
What did the Michigan Chamber of Commerce tout as reasons to support a Data Security bill, HB 6405 (MI | 2018) that required businesses to do certain new tasks concerning data breaches:
- The Chamber likes a specific time frame to notify affected persons
- The chamber did not like phrasing, within a reasonable time
- Is ok with “reasonable mandates” on businesses
- The Chamber supports “.. a consumers’ right to know that their personal identifying information was compromised”
Bill that reigns in BOTS. Read the Bill. Adapt it to your state.
S3288 (115th Congress) creates an offense of Aggravated damage to a critical infrastructure computer & allows for forfeiture of assets related to bots.
Morning Cybersecurity | Sen. Sheldon Whitehouse, meanwhile, complained that the Trump administration hasn’t collaborated with him on bipartisan legislation (S. 3288) to take down botnets.