As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On February 16, NYDFS issued its Final Rules, following the initial proposed rules published in September 2016 and two rounds of feedback via industry complaints and public comment. The Final Rules … Continue Reading
On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures”) for public comment: the Draft Measures remain open for comments until 4 March 2017. The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect on 1 June … Continue Reading
On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures“) for public comment: the Draft Measures remain open for comments until 4 March 2017. The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect from … Continue Reading
The New York Department of Financial Services (NYDFS) just issued major revisions to the cybersecurity regulations for financial institutions that were due to come into effect on January 1, 2017. To allow covered institutions more time to implement the rules, the effective date will now be March 1, 2017, with a series of staggered implementation dates beyond this. There are … Continue Reading
Have you visited our online client cybersecurity resource portal: Ready, Set, Respond? Designed by our cross-practice team of global practitioners to provide in-house counsel with the tools they need to prepare for the inevitable cybersecurity incident and quickly and easily stay up to date on the evolving state of cybersecurity regulation around the world, the portal is regularly updated … Continue Reading
The Internet of Things continues to draw broad interest from policymakers and regulators around the globe. Following on the heels of a major distributed denial-of-service attack in October 2016 that leveraged potentially millions of compromised IoT devices, members of Congress have sent letters to US federal agencies regarding the risks posed by insecure IoT devices and held a hearing about … Continue Reading
Hogan Lovells’ Winnik International Telecoms & Internet Forum explored how the Internet of Things (IoT) may continue to expand the scope of cybersecurity concerns. Cybersecurity risks for the IoT were previously synonymous with enterprise products. Now these risks extend to consumer devices, services and applications.
According to cybersecurity leaders attending the forum, the IoT market needs new, market-driven approaches to … Continue Reading
Representatives from government and the private sector discussed the present state of healthcare cybersecurity, and experts discussed practical strategies for implementing the HIPAA Security Rule at the ninth annual “Safeguarding Health Information: Building Assurance through HIPAA Security” conference held from October 19–20, 2016 and co-hosted by the National Institute of Standards and Technology (NIST) and the Department of … Continue Reading
Cyber risk has been high on the agenda of financial services regulators for some time now. In the UK, the FCA specifically addressed its concerns in its 2015/2016 Business Plan and it has an on-going programme of work which includes working with the PRA and Bank of England on visibility of IT resilience and risks at board level, and with … Continue Reading
Three Commissioners from the Federal Communications Commission (“FCC”) found areas of both agreement and disagreement in a wide-ranging discussion at the CTIA Super Mobility conference last week in Las Vegas. The discussion among Commissioners Mignon Clyburn, Ajit Pai, and Michael O’Rielly, moderated by CTIA President and CEO Meredith Attwell Baker, covered LTE-U, the Internet of Things, infrastructure, free data, competition, … Continue Reading
The Federal Trade Commission (FTC) recently presented an analysis of how its approach to data security over the past two decades compares with the Framework for Improving Critical Infrastructure Cybersecurity (NIST Framework) issued in 2014 by the National Institute of Standards and Technology (NIST) and strongly endorsed by the White House.
The Department of Health and Human Services (HHS) released guidance on July 11, 2016, intended to help the healthcare industry prepare for and respond to ransomware attacks. Specifically, this guidance clarifies: (1) that a ransomware attack is considered a “security incident” under HIPAA, and (2) that a ransomware attack will typically be considered a “breach” by HHS unless entities are … Continue Reading
On 6 July 2016, a second draft of the People’s Republic of China Cyber Security Law was released to the public for comment following its second reading by the Standing Committee of the National People’s Congress. The deadline for submitting comments on the second draft is 4 August 2016.
Given the growing cyber threat globally, the Chinese move towards more … Continue Reading
With attention to connected car cybersecuity issues increasing globally, the European Union Agency for Network and Information Security (ENISA) is leading the EU’s first bloc-wide initiative to identify cybersecurity rules of the road for connected cars. On July 13, ENISA announced a study aimed at creating a comprehensive list of cybersecurity policies, tools, standards, and measures to enhance security in … Continue Reading
Julie Brill, Hogan Lovells partner, and co-head of our global privacy and Cybersecurity practice, recently commented on the EU-US Privacy Shield for the EurActiv publication. Her comments are republished here, with permission:
The free flow of data is essential to an ever-growing segment of the global economy. Yet some policymakers and advocates, citing privacy concerns, have called for shutting off … Continue Reading
Please join us for our June 2016 Privacy and Cybersecurity Events.
Anticipating a new phase of development across the region we are delighted to share our latest briefing discussing the key trends and issues.
Fifteen months after forming an Internet of Things (IoT) working group, on March 2, 2016, the Online Trust Alliance (OTA) released a final version of its IoT Framework (Framework) along with a companion Resource Guide that provides explanations and additional resources. The voluntary Framework sets forth thirty suggested guidelines that provide criteria for designing privacy, security, and sustainability into connected … Continue Reading
Hogan Lovells announced last week that Julie Brill will join the firm as a partner and co-director of the Privacy and Cybersecurity practice on 1 April. Brill is a Commissioner at the Federal Trade Commission and her service will conclude on 31 March.
As co-director of the Privacy and Cybersecurity practice, Brill succeeds co-director and founding partner Christopher Wolf, who … Continue Reading
The FTC wants companies to listen. More precisely, the FTC wants companies to pay attention to and promptly to respond to reports of security vulnerabilities. That’s a key takeaway from the Commission’s recent settlement with ASUSTek (“ASUS”). In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS misrepresented its security practices and failed to reasonably secure its … Continue Reading
The Cybersecurity Information Sharing Act of 2015 (CISA) provides limited liability protection and information disclosure protections for private-to-private and private-to-government cybersecurity information sharing. On February 16, 2016, two key U.S. agencies released a set of documents describing how CISA’s provisions are expected to work in practice. The materials released by the Department of Homeland Security (DHS) and the Department of … Continue Reading
On February 9, 2016, President Obama directed his Administration to implement a Cybersecurity National Action Plan (CNAP), calling it a “bold reassessment of the way we approach security in the digital age.” Certainly, the cybersecurity budget increase associated with CNAP is significant: the 2017 Presidential Fiscal Year budget will be $19 billion—35% above that of Fiscal Year 2016.
What is … Continue Reading
This week the Secretary of State for Health, Jeremy Hunt, announced that the Government will be investing £4.2 billion in digital health initiatives. The investment is part of the Government’s latest drive to create a “paperless” National Health Service (NHS) by 2020.
The full details of the funding are still being agreed between the Department of Health and NHS England. … Continue Reading