Cybersecurity

Administration Seeks to Renegotiate Controversial Cybersecurity Export Control

March 4, 2016 By Jason Waite and Privacy, Cyber & Data Strategy Team

The Obama administration will reportedly seek to renegotiate a controversial cybersecurity export control rule required to be implemented into U.S. regulations by the Commerce Department under the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies. The Wassenaar Arrangement is based on a multilateral agreement reached by the founding countries in […]

CFPB Brings First Enforcement Action on Data Security

March 4, 2016 By Privacy, Cyber & Data Strategy Team

On March 2, the federal Consumer Financial Protection Bureau (CFPB) for the first time brought an enforcement action related to data security. The CFPB consent order imposes a $100,000 fine and five years of regulatory oversight for online payments provider Dwolla. The action sends a clear message that the CFPB intends to actively regulate the […]

HHS Issues HIPAA Security Rule Crosswalk with NIST Cybersecurity Framework

February 29, 2016 By Privacy, Cyber & Data Strategy Team

Last week, the HHS Office for Civil Rights (OCR) released a crosswalk between the requirements of the HIPAA Security Rule and the NIST Cybersecurity Framework. The crosswalk – which was developed in conjunction with the National Institute of Standards and Technology (NIST) and the HHS Office of the National Coordinator for Health IT – maps each […]

SEC Continues to Focus on Cyber-related Disclosures

February 23, 2016 By Cara Peterman

Participating in a panel at the “SEC Speaks” event on February 19, Deputy Director of the SEC’s Enforcement Division Stephanie Avakian expressed that the Commission continues to focus on cybersecurity as a top priority in 2016. Avakian discussed the Commission’s cybersecurity concerns in three contexts: (1) failure of registered entities to follow Rule 30(a) of […]