Header graphic for print
Global Media and Communications Watch The International Legal Blog for the Tech, Media and Telecoms Industry

Paul Otto

Posts by Paul Otto
Posted in Cybersecurity Harriet PearsonPaul Otto

National Association of Corporate Directors Updates Cyber-Risk Oversight Handbook

Earlier this year, the National Association of Corporate Directors (NACD) released an updated version of its Director’s Handbook on Cyber-Risk Oversight (Handbook). The updates add 16 pages of content to the previously 28-page document, including four additional appendices. While the use of and compliance with the Handbook is not mandatory, the Handbook is influential in shaping governance practices and thus … Continue Reading

Posted in Data Protection & Privacy Harriet PearsonPaul Otto

The “Final Final” is Here: NYDFS Cybersecurity Regulations

As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On February 16, NYDFS issued its Final Rules, following the initial proposed rules published in September 2016 and two rounds of feedback via industry complaints and public comment. The Final Rules … Continue Reading

Posted in Internet, Telecoms & Broadband Paul OttoTimothy Tobin

NTIA Highlights Promise and Policy Challenges of IoT, Seeks Additional Comments

On January 12, 2017, prior to the new administration taking power, the National Telecommunications and Information Administration (NTIA) within the Department of Commerce (Department) released a Green Paper on “Fostering the Advancement of the Internet of Things,” which assesses the technological and policy landscape of the Internet of Things (IoT). The Green Paper is expansive in scope, reflecting the broad … Continue Reading

Posted in Data Protection & Privacy Harriet PearsonPaul Otto

NIST Updates Cybersecurity Framework Guidance

In the past month, the National Institute of Standards and Technology (NIST) has issued a draft update to its flagship cybersecurity framework as well as new standalone guidance on how organizations can plan to recover from cybersecurity events. The publication of these documents demonstrates NIST’s ongoing focus on providing substantive guidance to the private and public sectors alike on cybersecurity … Continue Reading

Posted in Data Protection & Privacy Harriet PearsonPaul Otto

US Agencies Release Guidance for Securing the Internet of Things

The Internet of Things continues to draw broad interest from policymakers and regulators around the globe. Following on the heels of a major distributed denial-of-service attack in October 2016 that leveraged potentially millions of compromised IoT devices, members of Congress have sent letters to US federal agencies regarding the risks posed by insecure IoT devices and held a hearing about … Continue Reading

Posted in Data Protection & Privacy Paul Otto

Recap of the OCR/NIST Conference on Safeguarding Health Information

Representatives from government and the private sector discussed the present state of healthcare cybersecurity, and experts discussed practical strategies for implementing the HIPAA Security Rule at the ninth annual “Safeguarding Health Information: Building Assurance through HIPAA Security” conference held from October 19–20, 2016 and co-hosted by the National Institute of Standards and Technology (NIST) and the Department of … Continue Reading

Posted in Data Protection & Privacy Julie BrillHarriet PearsonPaul Otto

FTC Highlights How Agency’s Approach to Data Security Aligns with NIST Cybersecurity Framework

The Federal Trade Commission (FTC) recently presented an analysis of how its approach to data security over the past two decades compares with the Framework for Improving Critical Infrastructure Cybersecurity (NIST Framework) issued in 2014 by the National Institute of Standards and Technology (NIST) and strongly endorsed by the White House.

The FTC’s recent blog post on “The NIST Continue Reading

Posted in Data Protection & Privacy Paul Otto

Principles to Consider for your IoT Privacy and Security Program

Fifteen months after forming an Internet of Things (IoT) working group, on March 2, 2016, the Online Trust Alliance (OTA) released a final version of its IoT Framework (Framework) along with a companion Resource Guide that provides explanations and additional resources. The voluntary Framework sets forth thirty suggested guidelines that provide criteria for designing privacy, security, and sustainability into connected … Continue Reading

Posted in Data Protection & Privacy W. James DenvilPaul Otto

FTC Says Listen Up When Vulnerability Reports Come In

The FTC wants companies to listen. More precisely, the FTC wants companies to pay attention to and promptly to respond to reports of security vulnerabilities. That’s a key takeaway from the Commission’s recent settlement with ASUSTek (“ASUS”). In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS misrepresented its security practices and failed to reasonably secure its … Continue Reading

Posted in Data Protection & Privacy Paul OttoJared Bomberg

Key U.S. Cybersecurity Provisions Signed into Law

Last month, tucked into a 2,000-page spending bill, the Cybersecurity Information Sharing Act of 2015 (CISA) was enacted into law. Years in the making, CISA is intended to incentivize organizations to share cyber threat indicators with the federal government and to promote the dissemination of this information to organizations facing similar threats. CISA sponsors and supporters hope that such information … Continue Reading

Posted in Data Protection & Privacy Paul Otto

Online Trust Alliance Releases Internet of Things Trust Framework

One of the most common devices in the emerging Internet of Things (IoT) was reportedly discovered to have a bug. According to the research firm Fortinet, a popular fitness tracker was vulnerable to wireless attacks through its unsecured Bluetooth port. A savvy attacker could install malware wirelessly within ten seconds—simply by coming within a few feet of the tracker. When … Continue Reading

Posted in Data Protection & Privacy Paul Otto

NIST Outlines Methods for Protecting Data from Cyber Attacks

Consider this increasingly common scenario: an employee visits an apparently legitimate website. Unbeknownst to them, the website is hosted by an organized crime group. By visiting the site, the employee has allowed the group to quietly install ransomware on their organization’s file system. Malicious code begins to encrypt files on the server, before moving laterally to encrypt other servers on … Continue Reading

Posted in Data Protection & Privacy Jared BombergPaul Otto

U.S. Senate Passes Cybersecurity Information Sharing Legislation

After a prolonged debate and months-long consideration of amendments, on Tuesday the Senate passed S. 754, which includes the Cybersecurity Information Sharing Act (“CISA”) of 2015, by a vote of 74-21. CISA has the support of the White House and many industry stakeholders, but some of the most well-recognized privacy advocacy organizations oppose it. The House of Representatives must now … Continue Reading

Posted in Data Protection & Privacy Paul Otto

Help for mHealth: U.S. Department of Health launches HIPAA Discussion Portal

The HHS Office for Civil Rights (OCR) has launched an online portal designed to solicit questions from mHealth developers regarding compliance with Health Insurance Portability and Accountability Act (HIPAA) privacy and security requirements. The portal is designed to demystify HIPAA for app developers while providing guidance to regulators about which aspects of HIPAA may require clarification.

OCR emphasized that the … Continue Reading

Posted in Data Protection & Privacy Paul Otto

Recap of the OCR/NIST Conference on Safeguarding Health Information

Government officials and experts from the private sector discussed enabling precision medicine and efforts to bolster patients’ rights to access medical records, and also emphasized the importance of controlling access to protected health information (PHI) at the eighth annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference held from September 2–3, 2015, and co-hosted by the National Institute of … Continue Reading

Posted in Data Protection & Privacy Paul Otto

NIST Requests Input on Revised Cryptographic Standards

On August 12, the National Institute of Standards and Technology (NIST) published a Request for Information (RFI) to help develop the next generation of technical encryption standards used by the U.S. Government and federal contractors to protect sensitive information. The new standard will update Fair Information Processing Standard (FIPS) 140-2, which has provided the baseline requirements for the development, testing, … Continue Reading

Posted in Data Protection & Privacy, Spectrum, Telecoms & Broadband Mark BrennanPaul Otto

FCC Seeks Comment on Cybersecurity Recommendations for Communications Providers

The U.S. Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau (Bureau) has requested public input on a recent report on Cybersecurity Risk Management and Best Practices (Report) by the Communications Security, Reliability and Interoperability Council (CSRIC) for communications providers.  The Report represents the latest example of the U.S. government’s continued attention to these issues following the President’s 2013 … Continue Reading

Posted in Policy & Regulation Paul OttoHarriet PearsonH. Deen KaplanBeth Peters

Executive Order Authorizes Economic Sanctions as New Tool for U.S. Cyber Defense

On 1 April 2015, President Obama signed an Executive Order authorizing the imposition of sanctions on individuals and entities determined to be responsible for or complicit in malicious cyber-enabled activities constituting a significant threat to the national security, foreign policy, or economic health or financial stability of the United States.

Read More: Executive Order Authorizes Economic Sanctions as New Tool Continue Reading

Posted in Data Protection & Privacy Paul OttoJared Bomberg

Key Government Task Force Launches Effort to Address Cybersecurity Challenges Facing the Digital Economy

On March 16, the U.S. Commerce Department’s Internet Policy Task Force (IPTF) published a Request for Public Comment for input on the key cybersecurity issues affecting the digital ecosystem and digital economic growth. The IPTF aims to coordinate and facilitate consensus-based multistakeholder processes to generate collective guidance and identify best practices. Through this effort, the IPTF seeks to broaden the … Continue Reading