By Caleb Skeath

Congress approved a package of five cybersecurity bills after a series of votes in the House and Senate this week, increasing the likelihood that some cybersecurity-related legislation will be signed into law by the end of this year. None of the bills address some of the larger, more contentious cybersecurity issues, such as immunity for private companies that share cybersecurity threat information with the federal government. Instead, the bills focus on narrower cybersecurity issues and the structures and procedures of the federal agencies that oversee cybersecurity. Two of the measures, S. 2519 and S. 2521, are primarily focused on centralizing the federal government’s cybersecurity efforts and enhancing information sharing with the private sector, while another, S. 1353, provides for the development of a voluntary set of cybersecurity standards for the private sector. The remaining bills, S. 1691 and H.R. 2592, are focused on strengthening the Department of Homeland Security’s cybersecurity workforce and recruitment efforts.

A new food labeling regulation, which revamps the entire EU regulatory framework on food information, including labeling, starts to apply from this Saturday, 13 December 2014. Regulation 1169/2011 on the provision of food information to consumers (FIC Regulation) consolidates a number of EU food laws and establishes some new principles to provide better consumer protection in relation to food information whilst ensuring smooth functioning of the EU market.

The FIC Regulation governs all food information provided to the consumer through any commercial communication, including in particular labeling and websites. The Regulation affects all food business operators along the whole supply chain as it changes the existing provisions and introduces new ones:

On Wednesday, December 10, 2014, financial industry regulatory and enforcement agencies issued statements that their organizations will increase scrutiny of financial industry cybersecurity practices going forward.

In New York, the State’s Department of Financial Services Superintendent Benjamin Lawsky issued new guidelines to banks, detailing how their cybersecurity practices would be evaluated. The memorandum—sent to all New York chartered or licensed banking institutions—noted that the Department would take a close look at banks’ data breach detection abilities, cybersecurity corporate governance practices, resources devoted to information security, defenses against cyberattacks, management of third-party service providers, and cybersecurity insurance coverage, among other things.

The memorandum further noted that, prior to conducting an examination, the Department intends to request information on 12 information technology- and cybersecurity-related issues, including the qualifications and responsibilities of banks’ Chief Information Security Officers, information security policies, due diligence processes, and software development standards.

The STELA Reauthorization Act (“STELAR”) has been signed into law by the President.  STELAR extends the statutory copyright license for satellite carriage of distant signals for another five years (through December 31, 2019).  It also extends through January 1, 2020 the statutory good faith negotiation requirement imposed on broadcasters and MVPDs for retransmission consent negotiations.  As discussed below, it makes several other changes to the Communications Act and to the Copyright Act.

The U.S. Department of Health and Human Services (“HHS”) published a declaration today under the Public Readiness and Emergency Preparedness (“PREP”) Act covering activities relating to three Ebola vaccine candidates that are currently in development.  The declaration went into effect on December 3, 2014 and extends liability protection to manufacturers, distributors, program planners, and qualified

If you skipped to the final pages of the omnibus spending bill unveiled last night to see how it ends, you would find a rather dramatic change in campaign finance law related to party committee contribution limits.  Page 1599 (of 1603) of the spending package contains amendments to the Federal Election Campaign Act (FECA) that

We are writing with another update on French labor law that could impact international corporate transactions.  French President Francois Hollande has proposed a change to French legislation that could remove the threat of imprisonment for directors and senior employees who are found to have breached obligations to consult with works councils and other employee representatives.  The implications of this change would be important for businesses in France, and also for international companies involved in mergers, acquisitions and divestitures in France.

A major piece of IT acquisition reform legislation called the Federal Information Technology Acquisition Reform Act (“FITARA”), on which we have previously reported, was included in version of the National Defense Authorization Act for Fiscal Year 2015 (“NDAA FY 15”) passed by the House on December 4, 2014, along with other significant IT reform provisions related to open systems requirements for the Department of Defense (“DoD”).

The FITARA portion of the bill includes provisions that would require the federal government to:

  • empower Chief Information Officers (“CIOs”) and prevent the CIO from delegating the duty of reviewing IT contracts before the agency enters into the contract;
  • provide a publicly available list for each major information technology investment, both new and existing, that lists information specified in forthcoming investment evaluation guidance;
  • engage in a detailed review of high-risk information technology investments to identify problems;
  • inventory all information technology;
  • implement a federal data center consolidation initiative, which will include publicized goals regarding cost savings and optimization improvements to be achieved as a result of the initiative, and must be performed consistent with federal guidelines on cloud computing and cybersecurity such as FedRAMP and NIST guidelines;
  • expand the use of specialized IT acquisition experts;
  • develop a federal strategic sourcing initiative to be developed by GSA, which will allow for the use of governmentwide user license agreements.

Additional provisions require the use of open and modular strategies by the DoD, including the following requirements