What agency is involved? Employee Retirement System of Texas

What was the data breach? Personal health information data for other individuals was accessible when a person was logged into the agency portal

When did ERS receive notification? August 17 2018

How many people were impacted? nearly 1.25 million individuals

When did ERS report the incident?  reported to the U.S. Department of Health and Human Services as a “unauthorized access/disclosure” health data breach on October 15th

Gov Info Security | Texas Retirement Agency Portal Breach Affects 1.25 Million

Health IT Security | ERS Online Coding Error Exposes 1.25M Users to Health Data Breach

• tech companies should de-identify customer data or not collect customer data
• comprehensive federal law is necessary
  • why? tech companies that collect a lot of data are basically spies
• people should have a right in their data, and a right to have that data minimized
• consumers must be told what data is being collected & why
• the data belongs to the users and users (consumers) should always have access to it

The gold standard law: GDPR in the EU

Ars Technica | Tim Cook Calls for Strong US Privacy law, rips “data industrial complex”

Marketing Land | Report: Apple expected to say GDPR a model for US privacy regulation

What would a bill to protect ethical hackers do? Prevent liability for “white hat hackers” who find unsecured data

What group is behind this? Electronic Frontier Foundation

Do they have a campaign? Yes, the Coders’ Rights project

The Daily Swig | Campaign launched to protect ethical hackers in the Americas

State Treasurers from RI, PA and IL and New York City are backing Trillium Asset Management in calling for Zuckerberg to step down from facebook over security breaches and misuse of the platform by foreign agents.

Governing | States and New York City Urge Mark Zuckerberg to Give Up Facebook Chairman Role

What is being proposed? an international organization modeled after the International Committee of the Red Cross that would help in cyber emergencies

How would this work? provide assistance and relief to vulnerable citizens and enterprises affected by serious cyberattacks

Why? Its based on work by tech companies including:

• November 2017 a UN speech on cyber security y Brad Smith, Microsoft´s President and Chief Legal Officer
• Spring 2018 Microsoft initiated the Cybersecurity Tech Accord
• Fall 2018 60 tech companies have signed on to support core principles

Lawfare | Proposal for a Cyber-International Committee of the Red Cross

What data was exposed? Tea Party Patriots campaign materials, call lists, guidelines for national student led pro-2nd amendment protests, including toolkits for protests

How was it exposed? Left unpassword protected on an Amazon S3 storage bucket

Who found it?UpGuard, a California-based “cyber resiliency” firm renowned for locating confidential records inadvertently exposed online

Gizmodo | Tea Party Group Leaks Call Lists, Guides for Staging Pro-Gun ‘Student-Led’ High School Protests

Which utility was hit with ransomware? Jacksonville, North Carolina-based Onslow Water and Sewer Authority

when was the ransomware triggered? middle of the night Saturday,  “specifically targeted” the utility in the wake of Hurricane Florence

what was the impact of the ransomware?

• operating with limited computer capabilities
• overwheliming IT support
• accounts are being managed manually
• not interrupt water and wastewater service

CyberScoop | Ransomware hits computer networks of North Carolina water utility

Where: CipherTrace’s 2018 Q3 Cryptocurrency Anti-Money Laundering Report says 4.7% of funds moved through unregulated bitcoin exchanges is being cleaned

How can it be stopped? 

• strong money laundering laws
• bitcoin exchange regulation

Business Technology Media | Strong anti-money laundering laws hamper crypto-currency crime

A newly report titled “Email and Internet Voting: The Overlooked Threat to Election Security.” It’s a collaboration between the National Election Defense Coalition, the Association for Computing Machinery, R Street and Common Cause lists this as the best way to protect elections:

paper ballots

Politico | HIGH-TECH, LOW SECURITY

• Clear communication about compliance (35% of businesses say)
• Grace periods without penalties when regulations are implemented (31% of businesses)
• More time for compliance (17% of businesses)

78% say more cyber security regulations drive more cyber investment in businesses

Beta News | Infosecurity North America | 77 percent of CISOs get conflicting advice on changing regulation 

Both candidates set forth cybersecurity plans that will:

• train more cybersecurity professionals
  •  including 5,000 new female and minority cybersecurity professionals by 2021
• secure consumer’s private data
• protect Colorado as a place to do business

Colorado Sun | Colorado’s candidates for governor offer a first glimpse into the importance they will place on cybersecurity. 

SEC Commissioner Kara M. Stein raises these policy issues for regulators:

• Should a company value its data?
• Should it disclose the value of its data?
• Who is responsible for the appropriate collection and use of data?
• Who is responsible for protecting the privacy of personally identifiable information that is collected and used?
• Who is responsible for determining how data can be shared?
• Who is responsible for establishing and implementing minimum standards for data collection and use?
• Who is responsible for addressing inherent conflicts of interest?

SEC | From the Data Rush to the Data Wars: A Data Revolution in Financial Markets

California’s Internet of Things legislation, SB 327 (2018 | CA), requires consumer goods to:

• come with a unique password per consumer good
• passwords cannot be set to admin or password
• in the alternative, consumer goods can require a statup procedure that requires the consumer to set a password

BBC News | Weak passwords banned in California from 2020

How a state can legislatively protect its residents from data miners:

• apply laws not only to 3rd party data miners but also 1st party data miners that do have a direct relationship with consumers such as:
  • retailers
  • social media companies

Also, what is a data miner? an entity or person that collects and sells personal information from consumers with whom the broker has no direct relationship

Electronic Fronteir Foundation | Vermont’s New Data Privacy Law

Which tech giants are we talking about? Facebook, Apple, Alphabet and Amazon

What is the opposition to the Australian encrypted data law?

• giving law enforcement access,  creates tools that weaken encryption & is a huge risk to our digital security
• oppose back-door access to their user’s data
• 5 nations in the  Five Eyes nations are expected to follow suit: Australia, New Zealand, Great Britain, US and Canada

CNBC | Apple and Facebook among tech firms lobbying against Australia’s encrypted data law

By applying the Deceptive Trade Practices Act to ALL data privacy violations under state law, consumers can bring private causes of action.

Electronic Fronteir Foundation | Vermont’s New Data Privacy Law

States can enacted legislation to address Data Broikers by:

• impose a fiduciary duty towards the consumers whose data they harvest and monetize
• establish a government office to assist the victims of data breaches
• compensation for their financial & non-financial injuries 
• require disclosures by data brokers like:
  •  consumer’s “right to know” what personal information a data broker has gathered
  •  how the broker obtained it
  • to whom they sold it
•  require consumer consent for data collection or sale

Electronic Fronteir Foundation | Vermont’s New Data Privacy Law

The TRUMP administration sued California when Governor Jerry Brown signed SB 327 (2018 | CA). 

What is the federal government telling the state?

• data privacy is federal jurisdiction because it impacts interstate commerce
• the FCC chair says the  “law prohibits many free-data plans”

Governing | Trump Administration Sues California After Governor Signs Net Neutrality Protections

REFRESHING OUR RECOLLECTION  |  informed:intel September 20, 2018:

California’s internet of things law, SB 327 (2018 | CA), is:

• first in the nation to address cyber security for internet of things
• internet of things- connected thermostats, coffee makers etc… that have been used to take down major websites
• it sets the floor for data security standards for connected devices

Concerns:

• Whether placing standards on ingternet of things harms innovation

Washington Post | The Cybersecurity 202: California’s Internet of Things cybersecurity bill could lay groundwork for federal action

The Congressional CyberSecurity Caucus:

Co-Chairs:   Michael McCaul & Jim Langevin

Members: 

Aguilar, Pete, California, 31st
Allen, Rick A., Georgia, 12th
Barton, Joe, Texas, 6th
Bishop, Mike, Michigan, 8th
Blum, Rod, Iowa, 1st
Brooks, Mo, Alabama, 5th
Bustos, Cheri, Illinois, 17th
Capuano, Michael, Massachusetts, 7th
Carbajal, Salud, California, 20th
Cárdenas, Tony, California, 29th
Castro, Joaquin, Texas, 20th
Chabot, Steve, Ohio, 1st
Cicilline, David, Rhode Island, 1st 
Clarke, Yvette D., New York, 11th 
Coffman, Mike, Colorado, 6th
Comstock, Barbara, Virginia, 10th
Conaway, Mike, Texas, 11th
Connolly, Gerry, Virginia, 11th 
Cooper, Jim, Tennessee, 5th
Correa, J. Luis, California, 46th
Crist, Charlie, Florida, 13th
Davis, Susan, California, 53rd
Demings, Val, Florida, 10th
Dingell, Debbie, Michigan, 12th
DeSantis, Ron, Florida, 6th
Donovan, Dan, New York, 11th
Emmer, Tom, Minnesota, 6th
Evans, Dwight, Pennsylvania, 2nd
Fitzpatrick, Brian, Pennsylvania, 8th
Fortenberry, Jeff, Nebraska, 1st
Gallagher, Mike, Wisconsin, 8th
Garamendi, John, California, 3rd
Graves, Tom, Georgia, 14th
Hastings, Alcee, Florida, 20th
Heck, Denny, Washington, 10th
Himes, Jim, Connecticut, 4th
Hultgren, Randy, Illinois, 14th
Jackson Lee, Sheila, Texas, 18th
Johnson, Bill, Ohio, 6th
Jordan, Jim, Ohio, 4th
Kaptur, Marcy, Ohio, 9th
Keating, Bill, Massachusetts, 10th
Kilmer, Derek, Washington, 6th

Lamborn, Doug, Colorado, 5th
Lance, Leonard, New Jersey, 7th
Latta, Bob, Ohio, 5th
Lesko, Debbie, Arizona, 8th
Lieu, Ted, California, 33rd
Lofgren, Zoe, California, 16th
Lowenthal, Alan, California, 47th
Lowey, Nita, New York, 17th
Lujan, Ben Ray, New Mexico, 3rd
Lynch, Stephen, Massachusetts, 8th
Marshall, Roger, Kansas, 1st
McNerney, Jerry, California, 11th
Messer, Luke, Indiana, 6th
Panetta, Jimmy, California, 20th
Peters, Scott, California, 52nd
Perry, Scott, Pennsylvania, 4th
Poliquin, Bruce, Maine, 2nd
Polis, Jared, Colorado, 2nd
Ratcliffe, John, Texas, 4th
Rice, Kathleen, New York, 4th
Richmond, Cedric, Louisiana, 2nd
Rosen, Jacky, Nevada, 3rd
Rothfus, Keith, Pennsylvania, 12th
Ruppersberger, Dutch, Maryland, 2nd
Schiff, Adam, California, 29th
Schweikert, David, Arizona, 6th
Scott, David, Georgia, 13th
Shea-Porter, Carol, New Hampshire, 1st
Sinema, Kyrsten, Arizona, 9th
Smith, Adam, Washington, 9th
Speier, Jackie, California, 14th
Stewart, Chris, Utah, 2nd
Stivers, Steve, Ohio, 15th
Swalwell, Eric, California, 15th
Taylor, Scott, Virginia, 2nd
Thornberry, Mac, Texas, 13th
Tsongas, Niki, Massachusetts, 3rd
Turner, Michael, Ohio, 3rd
Weber, Randy, Texas, 14th
Wilson, Joe, South Carolina, 2nd
Wittman, Rob, Virginia, 1st
Yoho, Ted, Florida, 3rd

• 6 candidates for U.S. House &  Senate spent more than $1,000 on cybersecurity
• why? campaigning takes too much time to address cybersecurity issues ro raise funds for cyber security technology protections
• what do recent hacks look like?
  • ​Senator McCaskill says her campaign was hacked
  • Hacking in 2 California House races are being investigated by the FBI
  • Silverlining: 2 major parties spend heavily on cyber security protections

Government Technology | Despite Mounting Threats, Cybersecurity Spending Is Low Among Candidates

A Def Con report to Congress on Thursday will say:

• 50% of voting machines are hackable
• The defect is traceable back to a 2007 report by the OH Secretary of State
• The hacking can occur remotely or when the hacker has physical contact with the machine

WallStreet Journal | Voting Machine Used in Half of U.S. Is Vulnerable to Attack, Report Finds

State: Pennsylvania

The legislation: HB32 (PA | 2018)

How is the centralization of data security decisions structured?

• create a Cybersecurity Innovation and Excellence Commission
• The Commission will be comprised of:
  • lawmakers
  • government officials such as:
    • Department of Community and Economic Development
    • Department of Labor and Industry
    •  Pennsylvania Emergency Management Agency
  • outside experts 
• The goal is to stay ahead of cybersecurity developments by:
  • coordinate statewide activities
  • but would have no responsible for enforcement activities

Pennsylvania WatchDog | House bill would create commission to centralize cybersecurity decisions in Pennsylvania

• Caution: Conflicts of Interest.  Virtual asset trading platforms often engage in several lines of business that would be restricted or carefully monitored in a traditional trading environment.
• Account for Abusive Trading Behavior
• Consumer Protetctions needed

NY Attorney General | Virtual Markets Integrity Investigation 

California’s internet of things law, SB 327 (2018 | CA), is:

• first in the nation to address cyber security for internet of things
• internet of things- connected thermostats, coffee makers etc… that have been used to take down major websites
• it sets the floor for data security standards for connected devices

Concerns:

• Whether placing standards on ingternet of things harms innovation

Washington Post | The Cybersecurity 202: California’s Internet of Things cybersecurity bill could lay groundwork for federal action

Campaign entity: The DNC

The data device policy:  Eliminate Android, espcially ZTE devices. Retain iphones.

Is there a campaign officer for security? Yes, chief information security officer, the former chief information security officer at Yahoo

Forbes | Democrat Cyber Defenders Are Purging Androids In Favor Of iPhones

HR 6743 (2018) will preempt state data breach rules.

Opposition includes:

• States with stronger data reech laws
• States with stronger protection of insurance consumers
• Hampers state ability to investigate and mitigate damages in the state

Lake County News | Jones urges House to oppose bill that undermines California security data protections

Survey of states about voter registration database security reveals:

• STATES ARE IMPROVING AND IMPLEMENTING BEST PRACTICES
• multi factor identification for access is crucial
• system iuntegrity is crucial- staff and security
• consistent auditing of security systems
• train employees about phishing

CENTER FOR ELECTION INNOVATION AND RESEARCH

 H.R. 5534 (2018) in House Financial Services Committee grants rule making authority to allow the Consumer Financial Protection Bureau to determine cybersecurity standards for its licensees. 

Credit Union Times | House Committee Approves CFPB Guidance, Data Breach Legislation

WHAT: touchscreen kiosks to direct residents & tourists to:

• points of interest
• offer directions
• offer WIFI
• public transit maps
• emergency alert functions.

WHERE St Louis MO via  St. Louis Development Corp., the city’s economic development arm

HOW: Issued a request for proposals that requires:

• kiosks not be considered a commercial venture
• kiosks are not a type of electronic billboard
• capable of capturing video surveillance footage at 1080p resolution
• 4G or 5G

State Tech | St. Louis Aims to Deploy Wi-Fi-Enabled Smart Kiosks by January 2019 

Which groups don’t like the focus on the financial sector? Retailers, because it slows passage of across the board data breach notification statutes

What’s the purpsoe of focusing on the financial sector?

• Find a solution for the Equifax breach

What are state officials saying? “He has consistently opposed federal legislation that would pre-empt state attorneys general, as this proposal appears to do.” — CT Attorney General

Inside Cybersecurity | A debate unfolds over narrow breach-notice bill’s impact on broader efforts

WHO: Faith-Based Information Sharing and Analysis Organization (FB-ISAO)

WHAT information does this group want to protect from disclosure?

• donor data
• religious websites

Cyber Scoop | Religious groups find their calling in threat sharing

WHAT: The US Chamber of Commerce opposes California’s Consumer Privacy Act and wants the federal government to preempt state law

WHAT legislative specifics do they want?

• Preemption of state data protection laws
• Require concrete harm before a lawsuit
• Preclude all class action lawsuits
•  

WHY? 

• avoid a disparate patchwork of data privacy rules
• without preemption, companies have to choose the strictist law to comply with and that is California’s consumer privacy act

MARTECH | US Chamber of Commerce calls on feds to preempt CA privacy law

​German reinsurance giant Munich Re estiamtes cybcer insurance market will:

• double by 2020 to over 8 billion dollars
• corporate spending will be $3.4-$4 billion (3-3.4 billion euros) in 2017
• corporate spending will be up to $8-$9 billion by 2020
•  economic costs of large-scale cyber attacks already exceeds losses caused by natural disasters

PHYS.ORG | Cyber insurance market to double by 2020, says Munich Re

Congress, and thus soon the states, will openly consider regulatory and legislative measures for cybersecurity in aerospace including:

• aerospace equipment
• airport cybersecurity
• connected devices

Why should I care about this for my clients?  Atlanta’s airport 2017 ransomware attack costs  may be upward of $40 million in direct costs and loss of productivity

House Committee on Homeland Security | UNDERSTANDING CYBERSECURITY THREATS TO AMERICA’S AVIATION SECTOR

Cities with mentioned cybersecurity insurance coverage:

• Houston, 3  policies covering $10 Million with a $471,400 premium
• Dallas
• San Antonio via existing property policy
• Ft. Worth,  $5 million cyberpolicy with a $99,570 premium
• Atlanta 
• Charlotte, N.C
•  San Francisco has $50 million cyberpolicy for its public-health department

Cities actively looking at acquiring policies:

• Boston
• Nashville
• Washington, D.C.
• San Jose, CA

Self insured cities:

• Seattle 

Wall Street Journal | More U.S. Cities Brace for ‘Inevitable’ Hackers

California’s AB 3075 (2018 | CA) which will require the Office of Elections Cybersecurity within the California Secretary of State’s office to:

• Create policy by litigating
  • ex: suits to support online privacy could be the new tobacco lawsuit
• Blocking Federal Policies
  • Repulican Attorneys General sued Obama Administration 46 times in 8 years
  • Democratic Attornesy General have sued the Trump Administration 35 times in year 1
• Crafting policy by managing State-level settlements delivering big headlines and fast payouts
  • ex: Equifax settlements

Forbes | How state attorneys general are driving tech policy

California Legislature overhwelmingly passed SB 822 (2018 |CA) that will:

• bans internet service providers from blocking access to legal online content
• bans internet service providers from forcing websites to pay more money for faster speeds
• restores internet protections that federal regulators rescinded

Why did the Legislature enact this bill?

California elected officials passed the bill because the California fire agency complained that Verizon restricted its internet access during an emergency.

What do providers need to know?

• throttling state agency internet acess in an emergency has repercussions.
• when a state agency contacts an internet provider during an emergency selling another data plan has repercussions
• taking family photos from social media to create memes opposing their actions has repercussions.

Sacramento Bee | Californians’ internet speed protected in bill sent to Jerry Brown

Authors of Report: Information Technology and Innovation Foundation

The report: Benchmarking State Government Websites

What do I need to know?

• States can improve their security by having their web servers properly enable HTTPS and DNSSEC
• State website accessibility is improving with 67% passing mobile friendly standards

Texas came in 41st overall. Virginia #1. 

Governing | Only 4 Percent of State Websites Pass Security Tests 

The federal govenrment has tied Title IV Funding to data security, here’s the key standards that could be replicated by states:

• Universities will be required to have “reasonable safeguards” to data breaches
• Universities will beed an estblished response plan
• Universities will need to oversee 3rd party service providers

Without these requirements, univeristies lose funding.

Department of Education | Breach Response Check List

EdTech | How to Tighten Higher Education Cybersecurity as Government Threatens Funding

What steps did Chattanooga TN take to expand health care accessibility?

• Chattanooga’s utilities provider,invested heavily in fiber-optic network infrastructure, delivering 1-gigabit-per-second connections
• The city actively explored  delivering telehealth services to residents who subscribe to EPB broadband services
• Docity, as Hypepotamus reports, is “a HIPAA-compliant telehealth platform that works by partnering with communities and internet service providers to add telehealth access to their normal packages.” If users get broadband service from an ISP, they can add telehealth services for as little as $30 per month, the report adds.

State Tech | Chattanooga’s Broadband Investment Opens the Door to Telehealth 

•  a single file containing an estimated 14.8 million records was left unsecured, without a password, online
• File ownership is not clear but is likely “Data Trust, a Republican-focused data analytics firm created by the GOP”
• data includes fields that might score an individual’s believed views on immigration, hunting, abortion rights, government spending and views on the Second Amendment
• data also includes additional personal information, such as a person’s phone numbers and their ethnicity and race

Tech Crunch | Millions of Texas Voters Records Exposed Online

1. Hiring IT professionals (36%)
2. Procuring Voting Machines (28%)

EAC analysis

Politico | Moment of Truth for Secure Elections Act 

Michigan Secretary of State Democratic candidate is proposing this election security plan:

•  Post-election audits requirement
• Standardizing poll worker training
• Convening a commission of top election security experts to advise Michigan
• Stronger penalties for tampering with voting machines
• Switching Michigan to a different system to crosscheck voter files against other states

WKAR | Democratic Secretary Of State Nominee Targets Election Security 

States are enacting more quickly and fully than the federal government on data security regulation. Here’s a look at the 5 states leading the way:

•  California Consumer Privacy Act (AB375 | 2018 | CA)
  • 2 year grace period
  • follows the EU’s GDPR
• Vermont ( H764 | 2018 | VT)
  • toughest data collection disclosure bill in the US
  • Data Broker Bill
• Colorado (HB11-1128 | 2018 | CO)
  • Strengthened its protections of “personal identifying information”
• New Jersey  (S1913 | 2016 |NJ)
  • Shopper Privacy Bill
  • limits retailer retention of consumer data
• Washington (HB1493 | 2017 | WA)
  • Protects more health data

The Hill | States are leading the way on data privacy

Indiana Secretary of State outreach plan touting a secure election contains:

•  television, radio, and print ads stressing voter registration deadline
  • safe, secure, and reliable voter registration, go to Indianavoters.com.”
• refers to the IN election system as “he healthiest 200-year-old”
• touting security measures:
  • stresses none of Indiana’s voting machines are connected to the internet
  • Ball State tests the state’s voting systems

WFYI | Indiana Secretary Of State Seeks To Reassure Hoosiers Over Election Security 

Removing a requirement for a paper count of ballots as a post-election audit method.

The statement from Verified Voting.

Florida offers local governments election security grants that:

• Can purchase electronic poll registers to prevent double voting
• Can purchase and install off-site server
• Provide for hiring an IT professional to implement the new off-site server
• Offers local governments an opportunity for backups in place to resume the continuity of operations instantaneously

Suwannee Democrat | Election security grants approved for local counties

Washington and Alaska ended their online voting in response to hacking threats.

McClatchy DC Bureau | Can hackers tamper with your vote? Researchers show it’s possible in nearly 30 states

An 11 year old hacked a replica of Florida’s election results website in 10 minutes and change names and tallies.

10 minutes to fake election results.

Reuters | Boy, 11, hacks into replica U.S. vote website in minutes at convention

Campaign: For Massachusetts election official, the Secretary of State

The 2 competing election hacking plans:

• Plan 1:
  • add 7-10 full-time cybersecurity specialists
  • create the Cybersecurity Operations Center
    •  operate on a 24/7 basis and monitor the office’s voting data
  •  risk-limiting audits to be conducted after all state and federal elections
• Plan 2 from the 7 term incumbent
  • continue to only use paper ballots
  • store  voters’ personal information off the internet
  • exisiting IT staff and standards that have been working

WWLP | Secretary candidates describe approaches to election security

WHERE: California

WHAT: The information sharing at the California Cybersecurity Integration Center alerted agencies along I-5 to a wildfire before the wildfire was phoned in

HOW: the Cybersecurity Inegration Center uses electronic scrapes of twitter, and a tweet started the wildfire information sharing through the agency

Cybersecurity Integration Center was created by Executive Order in 2015. 

Route 50 | How California Is Improving Cyber Threat Information Sharing

These make funny road sign hacks, like the zombie apoocalypse is now,  look like childs play:

• Flood Sensors can be manipulated by hackers
• Radiation Alarms can be hacked
• General Chaos by hacking traffic lights, emergency signals

Security Intelliegence | How to Outsmart the Smart City 

• 8 States collaborating with the Governors Association
  • Arkansas, Colorado, Delaware, Indiana, Iowa, Minnesota, Vermont and Washington
• Establish best practices for health care data
• Really long name:  “Harnessing the Power of Data to Achieve State Policy Goals: The Foundation for State Success in Improving Quality and Reducing Costs,”
• 16 months 
• Goals:
  • enable a fuller and better use of the countless health-care data streams they collect and maintain
  • legislative fixes
  • regulatory fixes
  • lasting impact that could even extend beyond health care

Government Technology | Governors Association Works with Eight States to Improve Health Data Sharing 

Activists are promoting an Internet bIll of Rights, the kind of bill state legislatures love. What would it do?

• Keeping your “browsing history” private
  • ​Except: fraud or potential crimes  
• Full disclosure when being monitored, and the right to opt out
• Preserving the privacy of your social media accounts.
• Ownership of your personal, digital content
• Notification of injurious data breaches
• Fair play on social media platforms and/or internet providers
• Protecting children on social media
• Protection from “unfunded government mandates” on data-mining:
•  Keeping your health and fitness data private
•  Safeguarding email and text communications

Connecticut Post | We Need an Internet Bill of Rights 

Ohio’s  SB 220 (2018 | OH), signed by the Governor, will establish these blockchain standards:

• blockchain transactions are legitimized as enforceable electronic transactions
• applies to electronic records using blockchain
• applies to electornic signatures using blockchain
• amends the definition of “electronic record” to include blockchain
• amends the definition of “electronic signature” to include blockchain

SB 220 would apply to state contracting and state procurement.

Ohio’s  SB 220 (2018 | OH)

If a business’ cybersecurity procedures reasonably conform to any of these:

DOE Secretary Perry looks to DOUBLE the number of utilties sharing cyberthreat information.

Why?

• Close collaboration between DOE and utiltiies helped thwart utilty cyber attacks last year
• DOE is increasing its cyber security efforts
• “We’re leading by example, by strengthening protection and response capabilities for our own power marketing administrations that fall under the DOE’s supervision,” Perry said.

FCW | DOE looks to double number of electric utilities sharing cyber threat data

A Navigant research report on cyber security of utilities and the grid broadened cyber security to smart meters.

The suggested recommendations for smart meter cyber security:

• robust security strategy
• clear breach response plan
• providing strong and constant security training to all employees

State Tech | Where Smart Utilities Meet Cybersecurity

Philadelphia terminated its data sharing agreement with ICE.

What do supports say?

• Federal Courts agree with the constitutional concerns of not providing basic, humane treatment of immigrants
• concerned that ICE was using the database “in inappropriate ways” 
• Distrust in immigrant communities harsm law enforcement’s ability to keep the city safe

Governing | A Major City Ends Data-Sharing Contract With ICE 

Courts have ruled that business cyberinsurance does cover phishing attacks and other courts have ruled that cyberinsurance does not cover phishing scams.

Coming to a regualtor or legislator near you soon….

LegalTech News | Cyber Insurance Growing Pains: Sixth Circuit Overturns Email Phishing Ruling

Montana’s Top Election official said hackers entered their systems during the 2016 election.

AP | Official: Russian hackers targeted 2016 Montana election

• Student identity data: Demographic and biometric information
• User interaction data: Engagement metrics for educational content
• Inferred content data: Data concerning how instructional material improves student proficiency
• System-wide data: Administrative data about students, including attendance, disciplinary records and overall academic performance.
• Inferred student data: Inferences based on teacher, content & student data that can be used to make predictions about student outcomes.

Ed Scoop | Four approaches K-12 IT directors can take to address security threats

In india, regulators are considering bitcoin as legal tender for sports betting.  

Blockcahin news & Tech | Could Sports Betting Help in Legitimizing Bitcoin in India?

In Costa Rica, employers can pay employees with bitcoin. 

Bitcoin.com | Costa Rican Workers Can Be Legally Paid in Cryptocurrency

Location: West Virginia

Invitees: 55 election clerks representing all counties in West Virginia

Speakers training West Virginia Election Clerks: WV Secretary of State & the Department of Homeland Security

Topic: Cyber security of elections and how to pay for election cybersecurity, which is mostly federal funds

WBOY | WV is the nation’s first state to host the ‘Election Security Conferece’ 

• On campus surveillance 
• Password policies
• Educating school staff and administration on cybersecurity practices
• Track school owned devices

Ed Scoop | Four approaches K-12 IT directors can take to address security threats

• 2016 An Executive Order created the  The Illinois Department of Innovation and Technology (DoIT)
• HB 5611 (IL | 2018) codified the executive order
•  5.8 billion state records have been encrypted
• 1st Illinois statewide security operations center with 24/7 monitoring state data
• $20 million of infrastructure and network unification cost savings

WSRP | Gov. Rauner signs bill to officially recognize DoIT 

New Jersey Financial Services Commission has 10 requirements for Jersey ICO issuers:

• Be incorporated as a Jersey company.
• Receive consent under the COBO from JFSC before any action is taken (the consent process is detailed further in the Guidance Note).
• Comply with JFSC’s Sound Business Practice Policy.
• Apply relevant anti-money laundering and other such requirements to ICO purchasers.
• Appoint and maintain a trust company business (“TCSP”).
• Appoint and maintain a Jersey resident director.
• Be subject to an ongoing audit requirement.
• Implement procedures and processes to mitigate and manage the risk of retail investors investing inappropriately in the ICO, and to ensure that retail investors understand the risks involved.
• Prepared and submit an Information Memorandum such as a white paper or prospectus.
• Ensure that marketing materials are fair and not misleading.

NJFSC | The Application Process for Issuers of Initial Coin Offerings (ICOs) 

The fund allocations from California’s 2018 election security legislation:

• Federal Funds: $34.5 million
• 57.9%, $20 million, goes to voter implementation at the county level
• 11.58%, $4 million goes to VoteCal statewide system updates
• 13.16%, $4.45 million goes to county voter cyber security
• 8.69%, $3 million, goes to cybersecurity training for counties
• 4.53%, $1.56 million, polling place accessibility
• 2.98%, $1.03 million, personnel costs
• 1.16%, $400,000, election auditing

KCRA | California spends millions, enacts new law to strengthen election security 

State: Illinois

Vetoed legislation: SB 2273 (IL | 2018)  limiting Illinois to participating in 1 interstate voter database system

3 Reasons given for the veto:

• combat voter fraud by “participation in programs that allow cross-referencing voter information from various states to identify where individuals are and are not eligible to vote”
• limiting Illinois to one voter fraud program creates inefficiencies and gaps in knowledge
• limiting the number of the programs for IL to use is not the solution, the solution for voter fraud is other safeguards that “ensure the security, reliability, and appropriate use of any data being shared”

Capitol Fax | Rauner vetoes anti-Crosscheck bill

NY Department of Financial Services requires a bitLicense for any of the following acitivities:

• Virtual currency transmission
• Storing, holding, or maintaining custody or control of virtual currency on behalf of others
• Buying and selling virtual currency as a customer business
• Performing exchange services as a customer business
• Controlling, administering, or issuing a virtual currency
   

BitLegal | The New York Department of Financial Services (NYDFS), grants a virtual currency (VC) license to fintech company Square Inc. 

State: California

The legislation: SB 1001 (CA | 2018)

What would the bill do? Require automated social media accounts (BOTS) to identify themselves as bots

What’s an example of BOT use? The California Seantor filed a bill on bail reform and hundreds of ots attacked with social media posts like ” “Unconstitutional bail reform doesn’t work and is racist.”

Supporters:

• Common Sense Media
• Center for Humane Technology

Opponents:

• Electronic Frontier Foundation

Somewhere in the middle:

• Allen Institute for Artificial Intelligence
• Tech Policy Lab

NYTIMES | Bots of the Internet, Reveal Yourselves!

Chief Information Officers and Chief Data Officers are on the rise for local governments.

What does a Chief Data Officer do? In Cook County, IL the job description is:

• “organizational governance and policy directives around data usage,”

• ensuring proper accessibility standards for data

• evidence-based decision making

• innovative projects 

• oversee a communications technology team

•  holding a leadership position on a Data Governance Council charged with “applying the precepts of data principles; standards; policies; and guidelines.”

State Scoop | Cook County, Illinois, hires first chief data officer, puts new CIO on deck

No judges have found that voting machines susecptible to hacking are impediments to the democratic process.

Politico | Trio of cybersecurity hearings today

Economist say regulation will kill bitcoin because:

• bitcoin has no intrinsic value and price volatility
• the government will regulatue anonymous transactions
• bitcoin inherently “contradicts the idea of creating “a transparent banking system.”

CoinTelegraph | Former World Bank Chief Economist: Bitcoin Will Fail as Governments Increase Regulation

Which states are facing lawsuits based on voting machines that are suspectible to hackers?

• Georgia
  • Cyberscoop | Lawsuit pushes Georgia to dump paperless voting machines by November
• South Carolina
  • Frank Heindel and Phil Leventis v. MARCI ANDINO, Executive Director of the South Carolina State Election Commission

State: South Carolina

The Legislation: House Bill 4655 (2017-2018 | SC). South Carolina Insurance Data Security Act

Requirements for South Carolina Insurance Licensees: 

• insurers tmust “develop, implement, and maintain a comprehensive information security program” for their customers’ data
• based on model law with 3 steps and a 1/1/2019 effective date:
  • prevent breaches
  • detect unwelcomed access to data
  • remediate after a breach
• including 3rd party oversight, with a 7/1/20 effective date

Ohio Legislature passed SB220 (2018 | OH)  which addess blockahin by adding to the definition of electronic transactions.

The new definition of “electronic record”  & “electronic signature” to  include blockchain-based transactions.

Cleveland | Ohio legislature passes blockchain legislation

• NY rules will require credit reporting agencies to comply with the state’s Department of Financial Services cybersecurity standards
• An agreement between Equifax & 8 State Financial regulators will allow the states to:
  • impose punitive damages against Equifax
  • conduct annual  security audits 
  • develop written data protection policies and guides
  • monitor outside technology vendors
  • improve software patch management controls
• The states:
  • Alabama
  • California
  • Georgia
  • Maine
  • Massachusetts
  • New York
  • North Carolina
  • Texas

ACA International | New York Issues Cybersecurity Regulation for Credit Reporting Agencies

NY Times | 8 States Impose New Rules on Equifax After Data Breach

• “By running off electricity that would otherwise be curtailed because of low demand, crypto-mining could allow more clean energy to be profitably built on the grid”
• Texas has been a leader in dealing with intermitancy that can power crytocurrency
  • Texas “competitive renewable electricity zones”  
    • average wind curtailment in Texas decreased from over 16% to less than 2%
    • wind generation more than doubled
  • private investment in energy storage
• flexible demand option for crypto currency that can quickly ramp up operations during times of overgeneration

Trib Talk | Market operations engineer, ERCOT | Cryptocurrencies could increase capacity for renewable energy

A ballot proposition in California would:

• allow Californias to tell businesses not to sell their personal information
• permit Californians lawsuits if  a business fails to implement reasonable security procedures and later suffered a data breach
• creates a right to know for consumers to know when a business sells or discloses their information for a business purpose

Exception to the ballot proposal?

business that collect less than $50 million in annual revenue and meet certain other standards are excepted

Supporters:  Californians for Consumer Privacy

American Banker | Californians to vote on privacy measure — unless legislature acts first 

State: Vermont

Grid Security Partners:

• Protect Our Power, an independent, nonprofit organization
• The Institute for Energy and the Environment at Vermont Law School

Goal of Partnership: to make the grid more resistant to physical or cyber threats & to improve its ability to restore power quickly in the event of an attack

Outcome: offer regulatory and legislative proposals

Valley News | Vermont Law School Team to Research Electrical Grid Security

Insurance market expected an increase in policies after the the EU passed GDPR, here’s waht happened:

•  language in GDPR isn’t clear on whether insurance policies can cover the hefty fines of up to 20 million euros or 4% of global revenue.
  • language is unclear and clarification is up to local regulators
• 90% of the cyber policy market is in the US
• Analysts expect a pick up in the European share of cyber policies

Wall Street Journal | Why Europe’s Cyber Insurance Windfall Hasn’t Happened 

State: North Carolina

The Crypto Currency Licensing Bill: House Bill 86 (NC | 2018)

What does the bill do?

• Adds crypto currency as a permissible investment to state investment licensing laws

Bitcoin.com | North Carolina Banking Bill Passes — Adds Virtual Currency License Requirements 

The data breaches: Data Breaches in 2012 and 2013 at M.D. Anderson in Houston

The regulatory agency issuing the fine: U.S. Department of Health and Human Services via the Office of Civil Rights

The Fine: $4.3 million

Houston Chronicle  | MD Anderson to pay $4.3 million penalty for data breach

“MD Anderson hit with $4.3M privacy fine.” POLITICO 

State:  California

California Regulatory Agency: California Fair Political Practices Commission

Recommendation from the California Agency Legal Counsel: 

• cryptocurrency contributions do not violate the state’s Political Reform Act
• BUT, “could be significant difficulties in establishing the true source of bitcoin donors”

The companies : Blink Charging & Israeli smart city developer Ya’acobi Brothers Group

The benefits of EV Charging via City Infrastructure:

• Enable smart city infrastructure
• Permits integration with wif-fi, cloud networks, cameras for city data management

Utility Dive | Blink eyes significant EV charging expansion via smart streetlights

Arizona’s recently passed,   HB 2154 (AZ | 2018)        , data breach reform bill increased data breach fines from $10,000 to $500,000 per breach.

The intent: the stick for the carrot of notifying consumers quickly

State Scoop | Arizona gets tough on businesses with new data breach reporting law 

​In league model legislation ​ leagues are requesting access to this data:

•  player statistics
• other data used by sportsbooks

Governing | NBA and MLB Quietly Hustle States for Cut of Sports Betting Jackpot

 The Study is by: John Griffin, a finance professor at the University of Texas

What did the study examine: mapping the blockchains of Bitcoin and Tether to track purchases

What did those purchases show? entities associated with the Bitfinex exchange timed purchases so as to rise the price of bitcoin

The Hill | Bitcoin prices were manipulated: study 

A Mexican political party challenging the front runner in the Mexican Presidential elections, had its cmapaign website hacked during a live debate.

The DDoS attack  resulted in the campaign’s site being down for the debate.

Reuters | Cyber attack on Mexico campaign site triggers election nerves. 

State:  West Virginia

The blockchain voting pilot program:   secure military mobile voting in two counties

How does the blockcahin voting app work?

• biometrics to verify voter identity
• records the vote from the mobile device onto a “chain”
• the vote is then verified by 3rd party

State Tech | West Virginia Pilots First Blockchain-Powered Federal Voting App 

 City: Kansas City, MO

What does its RFP want? 

• Technology Partner to make it the smartest city in the country
• The partnership will design & build:
  •  a “full integrated suite of sensors, networks and data and analytics platforms,”
  • built off its  current smart city network
  • 30-month construction period
  • develop a long-term strategic plan for the next 10 to 30 years

Gov Tech | Kansas City, Mo., Issues RFP for Smart City Partner 

• 19 year old hacktivist
• Nom de hack: Vigilence
• Faces  5 counts of computer crimes in Minnesota
• The hack attacked state computers
• The hack was in response to no conviction on charges for a police officer accused of shooting a civilian 

The Register | ‘Vigilance’ hacker charged over Minnesota government attacks

Atlanta officials are asking for an additional $9.5 million to recover from a ransomeware attack.

What do I need to know about Atlanta’s ransomware attack?

• Worst ransomware attack in US history
• More than 1/3  of the city’s 424 software programs were offline, fully or partially
• The $35 million budget for the technology department is not enough to recover 
• The ransom was  $51,000 worth of bitcoin

Reuters | Atlanta officials reveal worsening effects of cyber attack 

• Utility tokens are a hot commodity among bitcoin currencies
• Why are utility tokens popular?
  • some think they offer legal protection from regulatory schemes
  • others think utility tokens are key to block chain’s future
• Utlity tokens will most likely be regulated by the SEC and State Securities Boards

Texas Lawyer | Ready Player One? Avoid Getting Played on Utility Tokens

An Atlanta news station asked for public records related to Atlanta’s ransomware attack.

The city repsonse:  No. Not going to happen.

Why is the city denying the open records request? ongoing investigation, ongoing security concerns

What do freedom of information experts say? The Freedom of Information Act does allow for exemptions during open investigations

CBS 46 | Atlanta officials deny requests for records amid cyber attack

State: Colorado

Does the Colorado law apply to businesses outside Colorado? yes, it applies to any business that does business with a Colodoan

What does Colorado’s new data breach law require?

• Notification to affected consumers within 30 days of discovery of the breach
• Provide the consumer with the date of the breach
• Provide the consumer a description of what information was accessed

3 Ways the Colorado legislation differed from most states:

• A delay in notification can only occur if an investigation by the entity that was breached determines that the misuse of information about a resident has not occurred and is not reasonably likely to occur.
• Colorado requires 30 days notice and does NOT use the phrase “”without unreasonable delay”
• Colorado requires 30 days notice and does NOT use the phrase “in the most expedient time possible”

Stateline | When Hackers Strike, Companies in Colorado Now Have 30 Days to Notify Customers

CBO estimates less than $500,000 to administer a hack the State Department bill, HR 5433.

State legislature :  California Senate passed 23:12 a net nuetrality bill

The Net Nuetrality Bill: SB 822 (2018 | CA)

What words are being used to describe the net nuetrality bill?

• “gold standard” for states
• 86% of people, according to a University of Maryland poll, oppose the FCC repeal of net nuetrality
• the bill sides with the public

What did the lobby effort look like against the bill?

• AT&T, Comcast & industry groups, like USTELECOM, opposed SB 822
• nearly $1 million spent during the first quarter to fight net nuetrality in California

San Jose Mercury News | California moves a step closer to its own net neutrality rules