Legislation News, Articles and Updates

Proposed legislation would empower DHS to modernize Continuous Diagnostics Mitigation cyber program

U.S. Congressman John Ratcliffe, R-Tex., yesterday introduced a bill that, if passed, would officially codify the Department of Homeland Security's (DHS) Continuous Diagnostics Mitigation (CDM) cybersecurity program, and allow the agency to modernize it as needed.

Massachusetts Senate passes data breach bill regulating consumer reporting agencies

By a 38-0 margin, the Massachusetts Senate last week unanimously passed S.2455, a bill that affords consumers enhanced protections in the event of a breach affecting a consumer reporting agency such as Equifax.

Report: Age verification tool for porn sites raises privacy concerns in UK

The UK-based digital watchdog organization Open Rights Group is expressing concern that an age verification tool for pornography sites could potentially expose users' sensitive data, according to a report from the BBC.

Proposed law would levy substantial penalties on breached credit reporting agencies

A newly proposed legislation introduced by two Democratic U.S. senators aims to impose stiff, mandatory penalties on credit reporting agencies (CRAs) like that fail to protect consumers' sensitive information from data breaches.

North Carolina introduces data breach legislation, after incidents rise in 2017

More than 5.3 million residents of North Carolina were victims of data breaches in 2017 - an escalating trend that has prompted state Attorney General Josh Stein (D) and state Rep. Jason Saine (R) to introduce newly proposed legislation to prevent further incidents and protect the public.

U.S. House passes legislation to create Cybersecurity and Infrastructure Security Agency

The U.S. House of Representatives on Monday unanimously passed H.R. 3359, a legislation that would redesignate DHS' National Protection and Programs Directorate as the Cybersecurity and Infrastructure Security Agency.

Legislation adding privacy protections to FISA passes through committee

The U.S. House Judiciary Committee on Wednesday approved the USA Liberty Act, which reauthorizes Section 702 of the Foreign Intelligence Surveillance Act, but with new privacy protections.

Study finds more than third of global orgs unsure if GDPR compliant

A recent study found 37 percent of global organizations are unsure if they need to comply with the EU's GDPR standards.

Self Drive Act looks to bring secure connected cars to road sooner

The U.S. House of Representatives Wednesday passed the first major legislation to speed up the rollout of self-driving cars with the passing of the Self Drive Act

21 EU members not complying with court ordered privacy rules: report

The global privacy advocacy group Privacy International has found that 21 European Union members continue to retain personal data despite going against both their own and EU legal mandates.

Sen. Shaheen pushes for government wide ban on Kaspersky software

Sen. Jeanne Shaheen (D-N.H.) is pushing for a federal government wide ban of security software developed by Russian cybersecurity firm Kaspersky Lab.

Proposed legislation discourages Russia-U.S. cyber pact, while prioritizing election security

A U.S. intelligence bill that recently passed committee in the Senate contains key provisions designed to defend the electoral process from Russian meddling and other foreign interference, as well as curtail any possible White House effort to form a joint cybersecurity unit with the Kremlin.

Betty Elliot, James McJunkin join NTSC board of directors

MoneyGram International CISO Betty Elliot and James W. McJunkin, vice president & CISO for Discover Financial Services have been named to the National Technology Security Coalition's (NTSC) Board of Directors.

Bipartisan bill aims to generate cyber hygiene best practices

The "Promoting Good Cyber Hygiene Act" would create a baseline of best practices, ensure those practices come under annual review and update and are published on a publicly accessible website.

Legislation bars DoD from using Kaspersky; FBI agents visit employees of Russian cyber firm

The U.S. Senate Armed Services Committee's annual defense spending bill reportedly contains a provision prohibiting the Defense Department from using any products from Moscow-based cybersecurity firm Kaspersky Lab.

China's controversial cybersecurity law goes into effect

China's new cybersecurity law went into effect on June 1, subjecting companies to stringent data privacy and protection guidelines, as key questions linger around how it will be enforced, and how businesses will be able to comply.

Activists propose buying lawmakers' browser histories after Congress revokes FCC privacy rules

Activists outraged over Congress passing a resolution that struck down new FCC rules defending the private data of telecom and ISP customers have pledged to purchase federal lawmakers' browser histories so they can publish them.

Telecom and ISP companies defend repeal of FCC privacy rules

In a conference call yesterday, a panel representing telecom and broadband service providers threw its support behind a resolution to roll back Federal Communications Commission rules designed to protect consumer data collected by telecom and ISP companies.

Lawmakers, rights groups react after Senate votes to kill FCC privacy protections

Digital rights and privacy groups reacted with indignation after the U.S. Senate passed a joint resolution that would undo FCC rules banning telecom and ISP companies from selling consumers' data without their consent.

Proposed law would require NYPD to disclose and evaluate surveillance tech

A pair of New York City Council members have proposed a law that would require the NYPD to disclose and evaluate the impact of the surveillance technologies it uses.

New York State revises its sweeping cyber regulation proposal for financial sector

The New York State Department of Financial Services (DFS) on Wednesday released a revised draft of an ambitious regulation designed to protect the state and its citizens from cyberattacks against financial institutions.

EU's privacy statutes preclude U.K.'s data retention legislation, court rules

The European Court of Justice ruled on Wednesday that the U.K.'s Data Retention and Investigatory Powers Act of 2014 is invalidated by European Union statutes that protect citizens from the indiscriminate collection and retention of electronic data.

Tech groups petition lawmakers to delay Rule 41 changes

A coalition of tech and privacy groups are calling on legislators to delay changes to Rule 41 that would allow judges to issue warrants to remotely access computers located in any jurisdiction.

U.S. Dept. of IoT? Experts debate need for Internet of Things regulation

Confronting the dangers posed by the Internet of Things, members of the House of Representatives' Energy and Commerce Committee held a hearing on Wednesday that examined the feasibility of regulating IoT devices.

French digital advocacy groups challenge Privacy Shield

Two French internet rights associations filed legal challenges against the EU-U.S. Privacy Shield, arguing the joint agreement doesn't go far enough in protecting citizens from digital spying.

Thai computer crime law criticized for imposing criminal penalties on ISPs

Thai telecommunication companies are bristling at a proposed law that would criminally punish ISPs for computer crimes perpetrated by their users, and place the burden of proof on these providers to defend themselves.

Tech big dogs enrolling in Privacy Shield

Google and Dropbox are the latest U.S. tech giants to register with the Privacy Shield.

Cross border computer probes gets nod in Switzerland

The Swiss intelligence service received permission to begin tapping phones and monitoring emails following a vote in the nation's parliament and approval by a public referendum.