Regulation
Regulation | News, how-tos, features, reviews, and videos
Internet sanctions against Russia pose risks, challenges for businesses
Sanctions on Russian attack for its attack on Ukraine and its response will change the way the internet is used, forcing companies to make hard decisions.
Cyber incident reporting measures approved in the omnibus spending bill
Critical infrastructure entities and federal agencies will have to report significant cyber incidents to CISA within 72 hours and ransomware attacks within 24 hours under legislation passed by the House that will likely become law.
Biden’s cryptocurrency executive order addresses illicit financial risks
Early indications are that the cryptocurrency industry will work with the U.S. government to help minimize risk and make it harder for cybercriminals to profit from their activities.
UK/US data protection claim highlights ambiguity of GDPR’s geographic scope
A data protection claim against U.S. defendants highlights the uncertainty surrounding the territorial limits of the GDPR.
Crazy quilt of state privacy laws could cost businesses $1 trillion
A new study shows that state privacy laws could create significant compliance costs for both in- and out-of-state businesses.
European nations issue record €1.1 billion in GDPR fines
Authorities across Europe issued huge amounts in GDPR fines during 2021. Luxembourg and Ireland took up the top spots, replacing Italy and Germany.
Data residency laws pushing companies toward residency as a service
Many countries now require companies that operate within its boundaries to store data on their residents locally. Using residency-as-a-service providers is becoming an important option.
SEC eyes more expansive cybersecurity requirements
New rules for publicly traded companies could add protections for consumer information, strengthen incident reporting, and require assessment of third-party risk.
Biden memo aims to bolster cybersecurity in national security systems
A national security memorandum places new cybersecurity requirements for reporting and preventing security incidents involving sensitive national security systems.
FTC, SEC raise legal risks surrounding the log4j flaw
The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.
What is PII? Examples, laws, and standards
Personally identifiable information (PII), is any piece of data that could be used—either alone or when combined with other data—to identify an individual. Some types of PII are obvious, such as a name or Social Security number, but...
UK NCSC updates Cyber Essentials technical controls requirements and pricing structure
Technical controls update includes revisions surrounding the use of cloud services, multi-factor authentication, and password management. New pricing structure better reflects organisational size and complexity.
China's Personal Information Protection Law (PIPL) presents challenges for CISOs
PIPL's data localization mandate places unique requirements on businesses operating in China, and regulators have great leeway to assess fines.
TSA to issue cybersecurity requirements for US rail, aviation sectors
New rules include reporting incidents to CISA and naming cybersecurity leads, but experts and industry representatives cite lack of input.
How Jemena is preparing for Australia’s coming critical infrastructure cybersecurity obligations
The transition from voluntary best practice to auditable government requirement may expose gaps in critical infrastructure operators’ risk management.
Software cybersecurity labels face practical, cost challenges
The federal government wants consumer software to have cybersecurity labels; experts question the feasibility of the mandate.
China's PIPL privacy law imposes new data handling requirements
The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.
Data sovereignty laws place new burdens on CISOs
More than 100 countries now require data on their citizens be stored or processed within their boundaries, presenting new data protection challenges.
RBI’s ban on new Mastercard cards could boost local data security in India
A 2018 rule requiring that customers’ payment data be stored in India was enforced against Mastercard, American Express, and Diners Club in 2021, as a strong signal India intends to keep customer data in local hands.
Biden memo, infrastructure deal deliver cybersecurity performance goals and money
The White House initiatives and expected passage of the US infrastructure plan will set new cybersecurity standards for critical infrastructure, provide money to state and local governments.