In 2016, the dangers presented by an increasingly digital world clearly were on display. A cyber-attack using an army of Internet of Things devices interfered with the operations of major commercial websites. And the Presidential Election was plagued with allegations of state-sponsored cybersecurity hacking (for which the Obama Administration just issued sanctions against the Russian
December 2016
Congress asserts itself
By Gabe Neville
The article below was published in The Hill on December 27th.
Congress, and particularly the House of Representatives, appears poised to assert itself in a way not seen for decades.
The legislative branch is seen by some as a weak institution, important mostly for its ability to influence the agencies of the executive branch (where…
Reports Suggest New York DFS to Revise Proposed Cyber Regulations and Delay Implementation
Based on reports citing New York Department of Financial Services (“DFS”) sources (see here and here), DFS may propose a revised version of its first-in-the-nation cybersecurity regulations on December 28, 2016. That revision would be followed by a new 30-day comment period, with the revised regulations scheduled to take effect on March 1, 2017.…
Industry Reacts to New York’s Proposed Cybersecurity Regulation for Financial Services Institutions
On December 19, 2016, the New York State Assembly Standing Committee on Banks heard testimony about a proposed regulation introduced by the New York State Department of Financial Services that would require financial services companies to develop and implement cybersecurity programs to defend against cyber-attacks. As we covered when Governor Andrew Cuomo announced this first-in-the-nation…
Twenty-First Century Cures Act Includes HIPAA Provisions
On December 13, 2016, President Obama signed the 21st Century Cures Act (“Cures Act”), Pub. L. 114-255, which aims to expand medical research and expedite the approvals of drug therapies for patients. The Cures Act also contains several provisions related to the HIPAA Privacy and Security Rules. None of these provisions make substantive changes to…
China Seeks Comment on Seven Draft Cybersecurity and Data Privacy National Standards
By Tim Stratford and Yan Luo
China’s National Information Security Standardization Technical Committee (“NISSTC”), a standard-setting committee jointly supervised by the Standardization Administration of China (“SAC”) and the Cyberspace Administration of China (“CAC”), released seven draft national standards related to cybersecurity and data privacy for public comment on December 21, 2016. The public comment period…
Data Breach Allegations Sufficient for Standing After Spokeo, Court Says
On Monday, the U.S. District Court for the District of Kansas ruled that the named plaintiff for a putative class of CareCentrix employees whose personal information was compromised had alleged enough harm for standing under Spokeo, Inc. v. Robins. The case is Hapka v. CareCentrix, Inc.
In early 2016, a phishing attack compromised defendant CareCentrix’s systems,…
Supreme Court Says False Claims Act Does Not Enact So Harsh a Rule: Dismissal Not Required for Violation of FCA’s Seal Requirement, But Still Available
Earlier this month, in State Farm Fire & Casualty Co. v. United States ex rel. Rigsby, the Supreme Court held that the False Claims Act (“FCA or Act”) does not require that a FCA qui tam complaint be dismissed because of a violation of the seal requirement. Writing for a unanimous Court to resolve the…
Six Months After the Brexit Referendum: Preparations in Brussels
By Jean De Ruyt
On Thursday, December 15, at the end of the traditional end-of-year European Council, the 27 “remaining” heads of state or government of the EU had a short meeting, without Theresa May, to set out how the Brexit process would be handled by “the 27,” once the UK has notified its intent to leave the EU.…
New Guidance on Contractor Risk Management Under the Human Trafficking Rule Released
On December 7, the Office of Management and Budget, the Department of Labor, and the Office to Monitor and Combat Trafficking in Persons in the Department of State, issued a proposed memorandum titled “Anti-Trafficking Risk Management Best Practices & Mitigation Considerations.” The document is intended, at least in part, to “promote clarity and consistency in…