WikiLeaks again: publication of trove of C.I.A. massive spying of data from various devices, including Samsung TVs

WASHINGTON — In what appears to be the largest leak of C.I.A documents in history, WikiLeaks released on Tuesday thousands of pages describing sophisticated software tools and techniques used by the agency to break into smartphones, computers and even Internet-connected televisions....

Read More

S.536 US Senate Bill to promote transparency in the oversight of cybersecurity risks at publicly traded companies

The US Senate has adopted a Bill titled to promote transparency in the oversight of cybersecurity risks at publicly traded companies.  The Bill renders the company boards legally and transparently responsible for cyber security matters.  This legislation follows the March 1 Regulation 23NYCRR500 of the New York Department of Financial Services that imposes a responsibility for regulated organizations to name a cyber-information security officers.  These officers have the responsibility producing annual cyber security reports to be submitted and signed off by the board to the regulator.

The Bill is accessible here

The NYC Regulation is accessible here

Amazon Inc. agreed to hand over to the Circuit Court of Benton County, Arkansas the Echo device data with the defendant consent

Delusion in those who were expecting to witness a new battle between Courts and the hi-tech industry.  The Circuit Court of Benton County, Arkansas has jurisdiction on a murder case that sees J.B. as defendant. The Court issued a warrant for the release of the data of the defendant’s Amazon Inc. Echo device for investigative purposes, which was initially challenged. Evident is the relevance of the case as a new test of the limits of privacy protections for data gathered by connected devices in consumers’ homes and possible First Amendment’s arguments presented by Amazon Inc. However, the defendant has subsequently consented to the production of the recordings from his Echo device.

Find the stipulation and consent order here

European Union Commissioner for Justice, Consumers and Gender Equality releases an interview on the US – EU future on the Privacy Shield

The European Union Commissioner for Justice, Consumers and Gender Equality, Ms. Věra Jourová, has released an interview to Bloomberg Technology where she accentuates that the EU expects continuity from President Trump’s Administration on the Privacy Shield agreement.

Read more about the interview from Bloomberg

Law Firms can be subject to the NY Cybersecurity Regulation because “service providers” without their knowledge

On March 1, the Regulation on Cybersecurity Requirements for Financial Services of the Department of Financial Services of New York has come into force.  Section 500.11 Third Party Service Provider Security Policy of the Regulation could very well be applied to at least some law firms since they might fall into the definition of “service providers”.
Should this be the case, as covered entities they should develop and written policies and procedures to identify and assess risks, implement minimum cybersecurity practices, implement due diligence processes to evaluate the adequacy of cybersecurity practices, and conduct periodic assessments.

Read the text of the Regulation