Consumer Protection Connection

Consumer Protection
Connection

Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Cybersecurity Update

Posted in Cybersecurity
As connected products are increasingly integrated into everyday life, measures to address the security of Internet of Things (IoT) devices continue to evolve. Some of the latest initiatives include the following. NTIA issues guidance on cybersecurity communications Last month, as part of an ongoing multi-stakeholder initiative, a working group of the National Telecommunications and Information Administration (NTIA) issued guidance… Continue Reading

White House Issues New Cybersecurity Executive Order

Posted in Cybersecurity
On May 11, President Trump issued Executive Order Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, which centers on federal networks, critical infrastructure, and the nation’s overall cybersecurity. The order largely expands on cybersecurity recommendations developed during the Obama administration. The order calls for a review of vulnerabilities and preparedness by the Secretary of… Continue Reading

Are Your Security Tools Up to Date?

Posted in Cybersecurity, Data Security, Privacy
The effects of the massive cyberattack using ransomware known as “Wanna Cry” are still being felt all over the world. Tens of thousands of organizations have been infected, including the UK’s National Health Service, which ran some services on an emergency-only basis the day the attack began in earnest. Some security experts surmise that the… Continue Reading

Government Agencies to be Rated on Cybersecurity Using NIST Framework

Posted in Cybersecurity
The Trump administration has announced that it will impose new metrics on federal agencies related to cybersecurity.  Agencies and departments will be required to comply with the framework developed by the National Institute of Standards and Technology (NIST) and report back to the Department of Homeland Security (DHS), the Office of Management and Budget (OMB),… Continue Reading

NIST Issues New Update to Cybersecurity Framework

Posted in Cybersecurity
On January 10, 2017, the National Institute of Standards and Technology (NIST) released an update to its Cybersecurity Framework, first issued in 2014. The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The new draft provides details on managing cyber supply… Continue Reading

Avoid Being Held Hostage: FTC Releases Ransomware Guidance

Posted in Cybersecurity
New research from security company Kaspersky Labs suggests that the use of ransomware is now so widespread that nearly every moment, a ransomware attack is being launched somewhere in the world on businesses and consumers. Ransomware, or malicious software that infiltrates computer systems and uses tools like encryption to deny access or hold data “hostage”… Continue Reading

NTIA Announces Multistakeholder Workshop on IoT Security Patching

Posted in Cybersecurity, Data Security
The National Telecommunications and Information Administration (NTIA) has announced it is convening a series of multistakeholder meetings concerning Internet of Things (IoT) Security Upgradability and Patching. The initial meeting will be held in Austin, Texas, on October 19, 2016. An associated Federal Register notice (expected to be published September 19, 2016) describes the short-term goal… Continue Reading

Shielded: EU Approves Privacy Pact with the U.S., Fee Schedule Proposed

Posted in Cybersecurity, Privacy
The European Commission (EC) approved the EU–U.S. Privacy Shield on Tuesday, July 12, after European Union member states, through the Article 31 committee, approved the pact the previous week (more on the draft adequacy decision back in March here and the earlier agreement laying out the Privacy Shield here). The decision will allow U.S. companies that… Continue Reading

Supreme Court Requires Plaintiffs to Show Harm or Risk of Harm, Not Bare Procedural Violation, to Get Statutory Damages

Posted in Cybersecurity, Data Security, Litigation, Privacy
Joe Ravi | CC-BY-SA 3.0 Last year, we noted that the Supreme Court had granted certiorari in a case that could limit the ability of plaintiffs to sue defendants over bare statutory violations without the showing of actual injury. The case implicates a wide variety of statutes that grant monetary awards to successful plaintiffs on… Continue Reading

NTIA Steps into IoT Debate

Posted in Cybersecurity, Privacy
Continuing its tradition of active involvement in digital economy questions, the Department of Commerce’s (DOC) National Telecommunications and Information Administration (NTIA) issued a request for public comment on questions posed by the growth of the Internet of Things (IoT). The explosive growth of connected products, anticipated to reach 25 billion by 2020, is one reason… Continue Reading

New Year, New Cyber Law

Posted in Cybersecurity
In the rush of holidays and storms around the country (and weirdly warm weather here in D.C.), it was easy to miss that Congress finally approved the Cybersecurity Information Sharing Act (CISA).  The bill was included in the middle of its omnibus spending package, the Consolidated Appropriations Act, 2016, Pub. L. 114–113 (Dec. 18, 2015),… Continue Reading

In Commission Win, Appeals Court Agrees that FTC Can Regulate Business Data Security Practices Under Unfairness Authority

Posted in Cybersecurity, Data Security, Privacy
In a closely watched case where the Federal Trade Commission (FTC) pursued Wyndham Worldwide Corporation for several data breaches that led to millions of dollars in fraudulent charges on customers’ payment cards, the U.S. Court of Appeals for the Third Circuit on Monday agreed with the Commission’s broad interpretation of its “unfairness” authority (opinion here).… Continue Reading

FTC Issues Data Security Guidance

Posted in Cybersecurity, Data Security
The U.S. Federal Trade Commission (FTC) issued new data security guidance for businesses on June 30, 2015. The publication, Start With Security: A Guide for Business, consolidates other guidance from the FTC that reflects its position that security by design, much as privacy by design, should be integrated into business processes. The guidance isn’t new,… Continue Reading

High Court to Decide If Congress Can Let Consumers Sue Over Publication of Inaccurate Personal Information Without Concrete Damages

Posted in Cybersecurity, Data Security, Litigation, Privacy
The Supreme Court of the United States granted certiorari late last month in a case with important implications for consumer privacy and for the ability of Congress generally to create wholly new protections for consumers. Plaintiffs must always show that they have standing – a legally-protected interest that allegedly has been violated – before a federal… Continue Reading

House Passes Cyber Information Sharing Bills

Posted in Cybersecurity, Data Security, Privacy
This week, the U.S. House of Representatives passed two cybersecurity information sharing bills that gained qualified support from the Obama Administration.  Together, the bills (the Protect Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement Act (NCPAA)) would authorize companies to share cyber threat information and defensive measures with each other and the government,… Continue Reading

Managing “Cyber” – A New Guide for Companies on Cybersecurity and Addressing Cyberthreats and Cybercrime

Posted in Cybersecurity, Data Security
The Paris-based International Chamber of Commerce (ICC) today released a new guide to help companies manage their cybersecurity, including how to address cyberthreats and how to prevent cybercrime. The ICC Cyber security guide for business, prepared by the ICC’s Commission on the Digital Economy, was written to help companies address the new types of risks… Continue Reading

Data Breaches: Not Just for States and the FTC Anymore

Posted in Cybersecurity, Data Security, Privacy
The Federal Communications Commission (FCC) announced today that AT&T Services, Inc., will pay $25 million to resolve an investigation into whether the company violated Sections 201(b) and 222 of the Communications Act relating to consumer privacy at AT&T call centers in Mexico, Colombia, and the Philippines. According to the FCC’s order and consent decree, call… Continue Reading
.
Consumer Protection Connection