For all the state data privacy bills that get drafted, a shockingly low amount have actually been passed into law. California and Virginia have been the only two states with privacy legislation one could call “comprehensive” – until now. Enter Colorado. Now that Governor Jared Polis has signed the bill, the Colorado Privacy Act (CPA)…
Ireland Appoints New Privacy Commissioners
Last week the Irish government announced the appointment of two new data privacy commissioners to its Data Protection Commission (DPC). According to Reuters, “Minister for Justice Helen McEntee said the appointments will support existing commissioner Helen Dixon and improve the commission’s ability to handle an increased workload and increasingly complex investigative requirements.” Ireland is the European home of tech giants like Google and Facebook, and thus is responsible for regulating them. Ireland’s DPC has increased its workforce from 27 in 2014 to 195 today.
Facebook Hit With Health Privacy Lawsuit
Amazon Web Services Enhances Training Program
AWS has launched a redesigned security competency program for its users. According to SDXCentral, “the program now includes a new competency, the AWS Level 1 Managed Security Service Provider (MSSP) Competency, “which includes six new specialization categories to help customers discover partner solutions that have been validated for 24/7 monitoring and response services.” The program encompasses eight categories that address over 40 customer use cases, “including identity and access management, threat detection and response, infrastructure security, data protection, compliance and privacy, application security, perimeter protection, and core security.”
TSA Issues Revised Pipeline Security Directives
The Transportation and Security Administration—which oversees cybersecurity standards for critical pipelines that carry natural gas or hazardous liquid—has issued revised security directives for such pipelines. The directives build on those issued in July 2021, and according to TSA’s release, pipeline owners and operators must, “establish and execute a TSA-approved Cybersecurity Implementation Plan that describes the specific cybersecurity measures the pipeline owners and operators are utilizing to achieve the security outcomes set forth in the security directive; develop and maintain a Cybersecurity Incident Response Plan that includes measures the pipeline owners and operators will take in the event of operational disruption or significant business degradation caused by a cybersecurity incident; and, establish a Cybersecurity Assessment Program to proactively test and regularly audit the effectiveness of cybersecurity measures and identify and resolve vulnerabilities within devices, networks, and systems.”
* * * * * * *
To read our coverage on the National Institute of Standards and Technology (NIST) updates to its cybersecurity guidance for the healthcare industry which “helps health care organizations protect patients’ personal health information, click here.
To read our coverage on the California Privacy Rights Act of 2020 (CPRA), and its several amendments to the California Consumer Privacy Act of 2018 (CCPA) which require organizations to train employees on security and data privacy, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
Patrick J. Kennedy, Jr. and Dub Sutherland of Kennedy Sutherland LLP join Jody Westby on our Privacy and Cybersecurity podcast this week to provide a macro level view of the business challenges associated with current privacy laws, a looming cyber threat environment, and a lack of cyber governance by many boards and C-suites. New episodes of the ADCG Podcast are released Thursdays and can be found here. They can also be enjoyed on Spotify and Apple Podcasts. Don’t forget to subscribe!