The End of the Password: The Future of Company Security

At Microsoft Ignite 2018, an annual conference for developers and IT professionals, heavily emphasized its system’s security improvements. In the spotlight, Microsoft focused on its movement away from a password usage system through the Authenticator app. The Microsoft Authenticator app works by utilizing an addition factor, such as a fingerprint, PIN, or facial biometric, allowing administrators to default to the Microsoft Authenticator app first, rather than asking for a password. During the conference, Microsoft indicated that passwords are a “short-term game” as most security… Continue Reading

Congress Continues to Grapple with Election Interference

The Secure Elections Act may be back on the table once again. The bipartisan bill was introduced “to protect the administration of Federal elections against cybersecurity Threats.” In large part, the bill was intended to combat concerns that Russia and other state and private actors could exploit vulnerabilities in backend election systems, including voter registration databases, ballot creation systems, election voting services, voting machine configuration systems, absentee processing and reporting and tabulation software. The bill’s sponsors hope to pass a version of the… Continue Reading

Understanding the California Consumer Privacy Act (CCPA): Part Two

The California Consumer Privacy Act of 2018 (CCPA) signed into law on June 28, 2018 is the nation’s toughest privacy law to date and could serve as a model for other states.With 18 months to go before its implementation, many things could happen prior to its effective date to change its current form and anticipated effect.  But before contemplating any changes, it’s important to understand its present form. Who Is Regulated by the CCPA The CCPA will regulate “Businesses,” defined as for-profit entities that have… Continue Reading

Understanding the California Consumer Privacy Act (CCPA): Part One

In 2020, California Consumers will be granted new online privacy protections under a first-of-its-kind California law. A sweeping new privacy law — the California Consumer Privacy Act of 2018 (CCPA) is the nation’s toughest privacy law and could serve as a model for other states. The bill came to a vote in both houses on June 28, 2018. The assembly voted 69-0 to approve it shortly after the Senate approved it 36-0 , and was signed by Gov. Jerry Brown the same day. The CCPA… Continue Reading

Firewall’s Up: South Carolina Passes First-of-its-Kind Insurance Data Security Act

South Carolina recently became the first state to pass legislation modeled closely on the Insurance Data Security Model Law that was approved by the National Association of Insurance Commissioners (NAIC) last October. Amid the rising incidence of cyberattacks, cyber security is a key issue facing the insurance sector. South Carolina has taken a proactive step in protecting their business and customers from possible data breaches. The South Carolina Department of Insurance (SCDOI) Data Security Act, signed by the Governor on May 3, 2018, will become… Continue Reading

New York AG Seeks to Require Privacy Violation Notifications

While the law has adapted to the reality of cyberattacks and data breaches, in the wake of recent revelations about Facebook use of personal information, New York’s Attorney General intends to propose legislation to address Privacy Violations — where personal information is obtained or used by organizations in violation of a platform’s terms of service, or the law. Facebook has recently acknowledged that data analytics firm Cambridge Analytica collected personal information of 50 million Facebook users without their consent as part of a political influence… Continue Reading

New York’s New Cyber Law Is Beginning to Byte

In late 2016, in response to the “ever-growing threat” posed to information and financial systems, the New York State Department of Financial Services (DFS) proposed cybersecurity regulations to “promote the protection of customer information and information technology systems of regulated entities.” The DFS defined “covered entities” as any person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law, or the Financial Services Law of New York.  Banks, insurance companies, and… Continue Reading

April Brings Showers … and Changes to State Data Breach Notification Laws

Over the past few weeks there have been noteworthy changes to data breach notification acts within several states. Of importance, New Mexico enacted its first notification law while Tennessee and Virginia amended existing legislation. New Mexico On April 6, 2017 New Mexico enacted HB 15, the Data Breach Notification Act, making it the 48th state to pass a notification law. The Act goes into effect on June 16, 2017, leaving Alabama and South Dakota as the only states without notification requirements. The Act, drawing… Continue Reading

CISA Passes as Part of Omnibus Spending Bill

Congress recently passed the Cybersecurity Information Sharing Act of 2015 (CISA) as part of Division N of H.R. 2029, Public Law 114-113 the Consolidated Appropriations Act, 2016, (CAA). As previously reported, on October 27, 2015 the United States Senate passed a different version of CISA, S.754, which without requiring such information sharing, would create a system for federal, state and local agencies to receive threat information from private companies in real time and for the private sector to receive such information in addition and as… Continue Reading

Controversial Cybersecurity Information Sharing Act Passes Senate, Will Likely Become Law

On October 27, 2015, the United States Senate passed S.754, the Cybersecurity Information Sharing Act (CISA or the Act) 74-21. Without requiring such information sharing, CISA would create a system for federal agencies to receive threat information from private companies in real time. However, the bill is not without controversy. As we discussed in August the Department of Homeland Security raised concerns in July and August that the “real time collaboration” requirement in CISA would not permit them to scrub personal information… Continue Reading