What Multinational Companies Need to Know about Collecting Personal Information from Their Employees in...
The Personal Information Protection Law, which is considered the first comprehensive law on personal information protection in People’s Republic of China, came into effect on 1 November 2021. Prior to PIPL, mandatory requirements on the cross-border transfer of personal information were outlined mainly in the PRC Cybersecurity Law, and applied only to “critical information infrastructure” […]
In testimony before the House Science, Space, and Technology Subcommittee on Research and Technology, Gregory Wilshusen, director of information security issues for the Government Accountability Office, identified several actions the federal government must take to strengthen U.S. cybersecurity. GAO recommends the government: Implement risk-based entity-wide information security programs Improve its cyber incident detection, response, and […]
Federal Banking Regulators Issue Advanced Notice of Proposed Rulemaking on Enhanced Cyber Risk Management...
The Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency are seeking comments on an advance notice of proposed rulemaking regarding a set of potential enhanced cybersecurity risk-management and resilience standards. The standards would apply to large and interconnected entities, as well as to services provided by […]
The Federal Acquisition Security Council (FASC) has issued a final rule to implement the requirements of the laws that govern the operation of the FASC, the sharing of supply chain risk information, and the exercise of the FASC’s authorities to recommend issuance of removal and exclusion orders to address supply chain security risks. This rule […]
In a new report, Mayer Brown examines key issues in cybersecurity and data privacy affecting businesses. In addition to federal regulations and oversight, firms can expect scrutiny from litigants, regulators, Congress, contractual counterparties and other stakeholders. The key issues reviewed in the report include ongoing regulatory scrutiny of cybersecurity and data privacy across a wide […]
DHS’s National Integration Center Generally Performs Required Functions but Needs to Evaluate Its Activities...
According to a new report from the Government Accountability Office, the Department of Homeland Security’s National Cybersecurity and Communications Integration Center has taken steps to implement each of its 11 statutorily required cybersecurity functions, such as being a federal civilian interface for sharing cybersecurity-related information with federal and nonfederal entities. NCCIC’s programs include monitoring network […]
The Health & Human Services’ Office of Inspector General reports that Maryland did not adequately secure its Medicaid data and information systems in accordance with Federal requirements and guidance. Although Maryland had adopted a security program for its MMIS, numerous significant system vulnerabilities existed. These vulnerabilities remained because Maryland did not implement sufficient controls over […]
In a recent report, the Congressional Research Service examined cybersecurity-related legislation and congressional hearings from the 112th, 113th, and 114th Congresses, including five pieces of cybersecurity legislation signed into law in December 2014 and multiple bills under consideration in the current session. This report provides links to cybersecurity legislation and relevant committee hearings in the […]
Critical Infrastructure Protection: Actions Needed to Enhance DHS Oversight of Cybersecurity at High-Risk Chemical...
The Chemical Facility Anti-Terrorism Standards (CFATS) program within the Department of Homeland Security (DHS) evaluates high-risk chemical facilities’ cybersecurity efforts via inspections that include reviewing policies and procedures, interviewing relevant officials, and verifying facilities’ implementation of agreed-upon security measures. In a recent audit, GAO found that the CFATS program has guidance designed to help the […]
Norton Rose Fulbright and global risk advisory company Willis Towers Watson have created an interactive guide to the legal and insurance-based tools that can be used to manage data privacy risks in vendor contracts. The guide allows users to navigate between subjects, and explore the details of five overarching data privacy issues in vendor contracts: […]