Cyber

Nearly 300 firms submitted certifications for the EU-US Privacy Shield data transfer program in advance of the September 30 safe harbor deadline, which provides them nine months to ensure their third party partners have the same levels of data protection as required under the Shield. However, some firms have balked at certifying, in part due […]

In this commentary, Jack Balkin, the Knight Professor of Constitutional Law and the First Amendment at Yale Law School, and Jonathan Zittrain, a professor at Harvard Law School, suggest the creation of a fiduciary requirement for tech firms that gather and store significant amounts of data from the public. The approach would establish a legal […]

The SWIFT interbank messaging system will require its banking partners to implement baseline security controls, but observers say the plan’s lack of detail calls into question how well the new policy can be implemented and enforced. More at Search Security

According to a new survey by Bay Dynamics and Osterman Research, corporate boards say federal and state regulatory requirements are more important than the threat of a breach when it comes to cybersecurity planning. Eighteen percent of respondents said more government regulation was the top driver for prioritizing cybersecurity, compared to only three percent who […]

In this commentary, independent analyst and freelance writer Ariel Robinson says the Department of Homeland Security’s plan to develop a set of unifying principles for security the internet of things is duplicative and unnecessary. Instead of creating yet another set of government guidelines, DHS would be better served to drive awareness and adoption of existing […]

The Department of Health and Human Services has entered into a cooperative agreement with the National Health Information Sharing and Analysis Center to build an infrastructure for sharing cybersecurity threat and prevention information. Under the agreement, HHS is providing $350,000 in funding to the center to build the information sharing environment. More at Federal Times

A breach of the United States Public Health Service Commissioned Corps’ systems has potentially exposed the personal information of current, former, and retired members of the agency. The breach involved a system used to process employee payroll, leave, time, and attendance. Surgeon General Vivek Murthy notified employees of the breach in an email. More at […]

The Department of Homeland Security has completed key activities related to the Cybersecurity Act, including developing enterprise-wide logical access policies and procedures for its national security systems; ensured logical access controls and multi-factor authentication are implemented; and established software inventory policies. However, according to the DHS Office of Inspector General, not all components used data […]

Chinese authorities—including the Cyberspace Administration of China; the General Administration of Quality Supervision, Inspection and Quarantine of China; and the Standardization Administration of China—have announced that the government will introduce new mandatory national standards for regulating cybersecurity, personal information protection, cyber information sharing, and other fields. More at Security Magazine

The Canadian government has launched an effort to engage the public for their ideas on identifying gaps and opportunities for strengthening cybersecurity, and trends and challenges in the evolving cyber landscape. Technology lawyers hope the public engagement will result in new national standards for digital security. More at Security Magazine