Privacy Regulation

Subscribe to Privacy Regulation

On May 12, 2021, President Biden signed a landmark Executive Order to improve and modernize the federal government’s cybersecurity infrastructure. The Executive Order comes in the wake of numerous cyber incidents targeting the United States, including the so-called SolarWinds, Microsoft Exchange, and Colonial Pipeline incidents. The Executive Order will directly affect government contractors, including companies

Brian Egan hosts this episode of the podcast, as Stewart Baker is hiking the wilds of New Hampshire with family. Nick Weaver joins the podcast to discuss the week in ransomware, as DOJ gets serious, and the gangs do too. Justice has a new ransomware task force,  and the gangs have asked  for $50

Our interview is with Kim Zetter, author of the best analysis to date of the weird messaging from NSA and Cyber Command about the domestic “blind spot” or “gap” in their cybersecurity surveillance. I ask Kim whether this is a prelude to new NSA domestic surveillance authorities (definitely not, at least under this

Our news roundup for this episode is heavy on China and tech policy. And most of the news is bad for tech companies. Jordan Schneider tells us that China is telling certain agencies, not to purchase Teslas or allow them on the premises, for fear that Elon Musk’s famously intrusive record-keeping systems will give

This week we interview Eliot Higgins, founder and executive director of the online investigative collective Bellingcat and author of We Are Bellingcat.

Bellingcat has produced remarkable investigative scoops on everything from Saddam’s use of chemical weapons to exposing the Russian FSB operatives who killed Sergei Skripal with Novichok, and, most impressive, calling a

This episode features an interview with Jason Fagone, journalist and author of The Woman Who Smashed Codes: A True Story of Love, Spies, and the Unlikely Heroine Who Outwitted America’s Enemies. I wax enthusiastic about Jason’s book, which features remarkable research, a plot like a historical novel, and deep insights into what

On January 29, 2021 and February 3, 2021, respectively, the Virginia House of Delegates and Virginia Senate passed the Virginia Consumer Data Protection Act (VCDPA). The legislation, if signed into law by the governor, would be the first comprehensive privacy law enacted by a state since California enacted the California Consumer Privacy Act (CCPA) and, more recently, the California Privacy Rights Act (CPRA). Though the VCDPA is not slated to take effect until January 1, 2023, it will be important for companies to understand the complicated provisions of the VCDPA much earlier, so they can begin instituting any necessary changes in their internal and public-facing policies and their information practices. The VCDPA’s passage may also spur other states to enact their own privacy laws, which until now have been mired in legislative purgatory.

Some of the more significant aspects of the VCDPA are summarized in this post.

Continue Reading Virginia Poised to Become Second State with Comprehensive Privacy Law

This episode features a deep dive into the National Security Agency’s self-regulatory approach to overseas signals intelligence, or SIGINT. Frequent contributor David Kris takes us into the details of the SIGINT Annex that governs NSA’s collections outside the US. It turns out to be a surprising amount of fun as we stop to examine

The US has never really had a “cyberczar.” Arguably, though, the UK has. The head of the National Cyber Security Center combines the security roles of NSA and DHS’s CISA. To find out how cybersecurity issues look from that perspective, we interview Ciaran Martin, the first director of the NCSC.

In the news

It’s a story that has everything, except a reporter able to tell it. A hostile state attacking the US power grid is a longstanding and quite plausible national security concern.

The Trump administration was galvanized by the threat, even seizing Chinese power equipment at the port to do a detailed breakdown and then issuing