Last month, New York Gov. Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (Shield Act). The Shield Act expands the type of personal information covered by New York’s data breach notification law, amends the definition of a “breach of security of the system” and the notification requirement itself, enhances… Continue Reading
Tag Archives: Data security
An Overview of Blockchain Cybersecurity Risks and Issues
Posted in Block Chain, Blockchain, Data BreachOur blockchain colleagues recently published an article on the rapidly evolving landscape where blockchain intersects with data security and privacy. If you’ve ever wondered how blockchains can be considered secure even though hacks of cryptocurrency exchanges routinely make headlines, or whether distributing a permanent ledger to every participant in a network might run afoul of privacy laws… Continue Reading
European Data Protection Board Adopts Draft Guidelines on Territorial Scope of General Data Protection Regulation (GDPR)
Posted in Data Breach, European Union, International, Security Programs & PoliciesThe European Data Protection Board (EDPB) is an independent advisory body, established by the GDPR, that issues guidelines, recommendations, and best practices for the application of the GDPR. At its Third Plenary on September 26, the EDPB adopted new draft guidelines on the GDPR’s territorial scope. These guidelines should help provide a common interpretation of… Continue Reading
The Final Countdown – The EU General Data Protection Regulation
Posted in Data Breach, European Union, Privacy RegulationThe EU General Data Protection Regulation (GDPR) comes into force on May 25, 2018. The GDPR makes many important changes to European Union (EU) data protection law, but it is not a complete departure from existing principles. Many of the concepts with which organizations are familiar will continue to apply under the GDPR. Thus, the… Continue Reading
The Cyberlaw Podcast – Interview with Nicholas Schmidle
Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & PoliciesEpisode 215: The Zelig of Hacking Back Our interview is with Nick Schmidle, staff writer for the New Yorker. His report on cybersecurity work that goes to the edge of the law and beyond turns up some previously unreported material, including the tale of Shawn Carpenter, a cybersecurity researcher with a talent for showing up… Continue Reading
The Cyberlaw Podcast – News Roundup
Posted in Cybersecurity and Cyberwar, European Union, InternationalEpisode 204: News Roundup In our 204th episode of The Cyberlaw Podcast, the team bumbles forward without Stewart Baker, who is spending the week racing his offspring down mountain slopes somewhere in Utah. Brian Egan and Jamil Jaffer begin by covering a few implications of Special Counsel Mueller’s indictment from Friday – the legal theories of… Continue Reading
The Cyberlaw Podcast – Interview with Susan Landau
Posted in China, European Union, Privacy RegulationEpisode 201: Interview with Susan Landau The crypto wars return to The Cyberlaw Podcast in episode 201, as I interview Susan Landau about her new book on the subject, Listening In: Cybersecurity in an Insecure Age. Susan and I have been debating each other for decades now, and this interview is no exception. In the news… Continue Reading
GDPR: Belgium sets up new Data Protection Authority
Posted in Data Breach, European Union, International, Privacy RegulationOn 10 January, the Belgian Gazette published the Law of 3 December 2017 “setting up the authority for data protection” (the Law). The Law is the first legal text in Belgium applying various provisions of the EU’s General Data Protection Regulation (GDPR). Under the GDPR, EEA Member States must provide for one or more independent… Continue Reading
EU Court Denies Class Action for Data Protection in Schrems vs. Facebook Ireland Ltd – A Short-Lived Respite Until GDPR?
Posted in European Union, International, Privacy RegulationIn its judgment of January 26, the European Court interpreted EU rules on jurisdiction in a dispute referred from the Austrian Supreme Court between a ‘consumer’ – Maximilian Schrems – and Facebook Ireland Limited. The Court would not accept the consumer’s choice of forum for a class-action type proceeding and held that, when interpreting EU… Continue Reading
European Commission Keeps Up Pressure On GDPR
Posted in Data Breach, European Union, International, Privacy RegulationThe EU General Data Protection Regulation (GDPR) will apply to businesses operating in the EU from 25 May 2018 – in 100 days’ time. Senior Commissioners Ansip (Digital Single Market) and Jourová (Justice) yesterday announced guidelines and other materials to “facilitate a direct and smooth application of the new data protection rules across the EU [and beyond]… Continue Reading
The Cyberlaw Podcast – The Shane Roundup
Posted in Cybersecurity and Cyberwar, International, Privacy Regulation, Security Programs & PoliciesToday’s news roundup features Shane Harris of the Wall Street Journal, Brian Egan, and Alan Cohn discussing stories that Shane wrote last week. Out of the box, we work through the hall of mirrors that the Kaspersky hacking story has become. The Russian hacking story is biting more companies than just Kaspersky. Turns out that… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Ellen Nakashima
Posted in Data Breach, International, Security Programs & PoliciesEpisode 171. Implants in the Kremlin’s Snack Machines? Our guest, Ellen Nakashima, was coauthor of a Washington Post article that truly is a first draft of history, though not a chapter the Obama administration is likely to be proud of. She and Greg Miller and Adam Entous chronicle the story of Russia’s information operations attack… Continue Reading
Steptoe Cyberlaw Podcast – Debate with Greg Nojeim and Jamil Jaffer
Posted in Cybersecurity and Cyberwar, Data Breach, International, Security Programs & Policies155: Debating Hackback Episode 155 of the podcast offers something new: equal time for opposing views. Well, sort of, anyway. In place of our usual interview, we’re running a debate over hacking back that CSIS sponsored last week. I argue that US companies should be allowed to hack back; I’m opposed by Greg Nojeim, Senior… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Curtis Dukes and Tony Sager
Posted in Cybersecurity and Cyberwar, Data Breach, Security Programs & PoliciesEpisode 154: What cybersecurity experts tell their Moms about computer security In this week’s episode, we ask two acknowledged NSA cybersecurity experts, Curtis Dukes and Tony Sager, both from the Center for Internet Security, what they tell their family members about how to keep their computers, phones, and doorbells safe from hackers. Joining us for… Continue Reading
Steptoe Cyberlaw Podcast — Interview with John “Four” Flynn, Heather Adkins, and Troels Oerting
Posted in Cybersecurity and Cyberwar, International, Security Programs & PoliciesIn this episode, Stewart Baker goes to RSA and interviews the people that everyone at RSA is hoping to sell to – CISOs. In particular, John “Four” Flynn of Uber, Heather Adkins of Google, and Troels Oerting of Barclays Bank. We ask them what trends at RSA give them hope for the future, which make… Continue Reading
Cybersecurity and the Wassenaar Arrangement — What Needs to Be Done in 2017?
Posted in Cybersecurity and Cyberwar, International, Security Programs & PoliciesCyber threats move at Internet speed and so must cyber responders, to protect networks and data across the globe. Imagine the impact on cybersecurity if responders, innovators, and developers were told to pause and apply for an export license before responding to a threat. With a new round of international negotiations about to begin for… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Dominic Rochon and Patricia Kosseim
Posted in Cybersecurity and Cyberwar, Data Breach, InternationalOur interview features a classic “please don’t read this” headline: “Worthwhile Canadian Initiatives.” We explore multiple worthwhile Canadian initiatives with Dominic Rochon, deputy chief of policy and communications for CSE, Canada’s version of the NSA and with Patricia Kosseim, general counsel and director general for policy at the Office of Canada’s Privacy Commissioner. Among other… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Corin Stone
Posted in Cybersecurity and Cyberwar, International, Privacy RegulationOur guest for episode 148 of the podcast is Corin Stone, the Executive Director of the National Security Agency. Corin handles some tough questions – should the new team dump PPD-28, how is morale at the agency after the Snowden and Shadowbroker leaks, and will fully separating Cyber Command from NSA mean new turf fights? … Continue Reading
Steptoe Cyberlaw Podcast – Interview with Davis Hake and Nico Sell
Posted in Cybersecurity and Cyberwar, International, Security Programs & PoliciesEpisode 145: What Donald Trump and “Occupy Wall Street” have in common We interview two contributors to CSIS’s Cybersecurity Agenda for the 45th President. Considering the track record of the last three Presidents, it’s hard to be optimistic, but Davis Hake and Nico Sell offer a timely look at some of the most pressing policy… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Steven Weber and Betsy Cooper
Posted in Cybersecurity and Cyberwar, InternationalIn this week’s episode, we guess at the near-term future with Betsy Cooper and Steve Weber of UC Berkeley’s Center for Long Term Cybersecurity. In all of their scenarios, the future is awash in personal data; the only question is how it’s used. I argue that it will be used to make us fall in… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Frank Cilluffo
Posted in Cybersecurity and Cyberwar, Data BreachThe episode features a vigorous and friendly debate between me and Frank Cilluffo over his Center’s report on active defense, titled “Into the Gray Zone.” It’s a long and detailed analysis by the Center for Homeland and Cyber Security at GW University. My fear: the report creates gray zones for computer defense that should not… Continue Reading
Steptoe Cyberlaw Podcast – Interview with Robert Silvers
Posted in Blockchain, Cybersecurity and Cyberwar, International, Security Programs & PoliciesOur guest for the episode is Rob Silvers, the assistant secretary for cybersecurity policy at DHS. He talks about what the government can and should do about newly potent DDOS attacks and the related problem of the Internet of Things. The only good news: insecure debrillators and pacemakers may kill you, but they haven’t yet been… Continue Reading
Data Portability under EU GDPR: A Financial Services Perspective
Posted in International, Privacy RegulationPhilip Woolfson and I wrote an article for PL&B International about data portability, a new requirement of data protection law which will be introduced when the European Union General Data Protection Regulation (GDPR) applies on May 25, 2018. Under this new regulation, data subjects have acquired a right to data portability (RDP). This article looks… Continue Reading
An EU General Data Protection Guide for the Insurance and Financial Services Sector
Posted in International, Privacy RegulationTo help prepare for the application of the European regulation on the protection of individuals with regard to the processing of personal data and on the free movement (the EU General Data Protection Regulation or GDPR), which will enter into force on May 25, 2018, Guy Soussan, Philip Woolfson, and I authored a commentary on the GDPR… Continue Reading