Where: Columbia (the country)

What happened? a data breach impacted 267,000 Columbians at a ride share company

How did regulators exercise enforcement powers?

• The government will suspend drivers licenses of ride share drivers for 25 years
• actively protect the affected Columbians
• develop a protocol for handling future data security breaches
• train staff
• adopt permanent monitoring system to determine whether the new data security measures are adequate

Reuters | Colombia orders Uber to improve data security after 2016 breach

Where: Louisiana

What happened in Louisiana? Several school systems experienced cyberattacks

How did government respond?

• Governor declares statewide emergency
• The declared emergency allows local governments to access cybersecurity experts from the Louisiana National Guard, Louisiana State Police, & the Office of Technology Services

CNN | Louisiana’s governor declares an emergency after cyberattacks on several school systems

• Valuable Data. Education data is valuable for its quantity and youth
• Unreported Hacking. Education hacks are often unreported when data is viewed but not sized or removed
• Little Data Security. School networks are more open than corporate networks
  • Small schools and small school districts often don’t have resources for a technology watchdog

AP | Cyberattacks inflict deep harm at technology-rich schools

What is happening? Electronic Frontier Foundation filed a class action lawsuit against AT&T + 2 data brokers over the sale of AT&T customers’ real-time location data

Is this common? Tech types say all the telecoms sell real time location data to location aggregators to bounty hunters and bail bondsman

What state laws are we talking about? A state’s deceptive trade practices act + data protection and privacy laws

Motherboard | EFF Hits AT&T With Class Action Lawsuit for Selling Customers’ Location to Bounty Hunters

Let’s look at how insulin machines can be hacked.

When a medical devices manufacturer would correct known flaws, researchers built the system that would kill people by hacking the devices.

Were regulators involved? yes, but slow to act, hence why researchers built an app that would kill people if it were deployed to the insulin device

Wired | THESE HACKERS MADE AN APP THAT KILLS TO PROVE A POINT

WHAT? Amazon protests

WHY? Protestors do not support the use of Amazon technology by ICE

WHERE does this business trend get interesting? In the company’s response (emphasis added):

An Amazon representative said in an emailed statement: “There is clearly a need for more clarity from governments on what is acceptable use of [artificial intelligence] and ramifications for its misuse, and we’ve provided a proposed legislative framework for this. We remain eager for the government to provide this additional clarity and legislation.”

Wall Street Journal | Protesters Disrupt Amazon Event Over Its Ties With ICE

The study: Authenticity Gap report by FleishmanHillard Fishburn

What did consumers say for this 7th annual Authenticity Gap report?

• 66% consumers want companies to show greater purpose & societal impact
• 73% consumers say companies must show its data security policies & go beyond required regulations
• 62% say companies take too long to disclose & provide solutions to data breaches

What did it say about how this message should be conveyed?

• 76% expect CEOs to first and foremost communicate issues that impact customers
• 71% expect CEOS to first and foremost communicate issues that impact employees
• 55% believe Companies should act on issues with a large societal impact, even if there is no significant affect to the company
• 48% consumers think companies must take a stand on controversial issues that influenced government policy changes
• 43% consumers think corporations should take stands on issues concerning the CEOs own personal views and beliefs 

The Holmes Report | Study: Consumer Expect Brands To Take A Stand On Climate Change & Data Security

Where: Connecticut

How: CT’s state budget contains a provision requiring:

• All insurance licensees
• implement an information security program
• by October 1, 2020
• Covering administrative, technical & physical safeguards to protect non-public information

What does this mean? Employee training, Record retention program, Risk assessment process, Incident response process, and annual assessments

National Law Review | Connecticut’s Insurance Data Security Law

Why is clothing storing data? smart fabrics

What data is gathered and stored? Biometrics

Does HIPPA apply? NO

How are legislatures handling it? An Amendment to California’s Consumer Privacy Act is leading the way

Retail Dive | Wear it out: How smart tech and data collection will impact retail

• Montana, Arizona and Oregon enacted dealer protections for control over data stored in a DMS & preventing the software providers from charging a fee to third parties
• Similar protections passed in Hawaii and North Carolina

When does the issue arise legislatively? When states implement new titling software

Do dealers want to leave it up to the courts? NO

Autonews | Dealers to states: Let us control data

Where are the data breaches? Maryland Department of Labor  & Oregon’s Department of Human Services

How does blockchain help prevent this?

• It eliminates a centralized server or a non-auditable database
• It limits human error
• It is efficient
• It can eliminate the need for 3rd party data bases

Would this really work?  Support inthis paper from NASA

CCN | Cybersecurity Breach at Maryland Agency Spotlights Need for Blockchain

Which businesses? 

• Toyota
• IBM
• NEC
• Nippon Telegraph & Telephone
• Thomson Reuters
• Cisco Systems
• Mastercard
• Airbnb

What do they want protected? software source codes, algorithms and encryption keys

Why do they want this protected? Critical corporate information

What regulations/laws do they fear? Anything that requires the disclosure thereof

What these businesses are asking for is part of Japanese Prime Minister Shinzo Abe’s initiative for “data free flow with trust”

Nikkei Asian Review | Toyota, IBM and more push for global data security ahead of G-20

Where: Sommerville, Mass.

What: City Council unanimously banned the use of facial recognition software

Why is this a legislative issue?

• Sommerville is the 2nd city after San Francisco to ban the technology
• Calls are on full-time legislatures to pass statewide bans on the software

How is the issue being messaged?

• “…dystopian technology further outpaces our civil liberties protections”
• Need for “transparent” and “just” regulations

What concerns do researchers find?

• 20% of women are misidentified
• 35% of women of color are misidentified

Boston Herald | Somerville ban puts pressure on Legislature to slow unregulated facial recognition tech

State: Maine

The legislation: LD 946 (2019 | ME)

What does Maine’s LD 946 do?

• applies only to internet service providers
• requires ISPS to get express consent from customers before the customer’s data or information can be sold, disclosed or accessed

What do opponents say? The bill does not go far enough because many other companies like Google and Facebook collect mountains of data that should also be protected.

Central Maine | Maine Compass: Privacy bill doesn’t go far enough

Laredo Texas suffered a cyber attack.

KGNS | City of Laredo still recovering from cyber-attack

Where is the hacked license plate reading software used? it is being used by US government near the border with Mexico

What data was hacked?

• databases
• company documents
• financial information

Motherboard | Hackers Breach Company That Makes License Plate Readers for U.S. Government

The legislation: Congress’ Achieving Lasting Electoral Reforms on Transparency and Security Act (ALERTS Act)

The government disclosure requirement: 

• Disclosue to state and local officials and Members of Congress i
• Disclose credible evidence of an unauthorized intrusion into an election system
• If they have a reasonable basis to believe that such intrusion could have resulted in voter information being altered or otherwise affected.
• Rquires state & local officials to alert potentially affected voters 

How quickly does notice need to occur? 

• ​promptly alert

Congresswoman Stehpanie Murphy | Murphy, Waltz Announce Legislation Requiring Public Alerts After Elections Infiltration

State Scoop | U.S. House bill would require feds to notify public of election hacking

A loot box is an incentive for gamers that  “give users a nominal advantage for a fee or loot boxes which allow users to essentially play a slot machine for gaining rare or important items

What’s wrong with this? Gateway drug for gambling

Who is first out of the gate with legislation? US Senator Hawley (MO)

Senator Hawley | Frequently Asked Questions Regarding Legislation on Pay-to-Win and Loot Boxes

TechCrunch  | The US Senate is coming after loot boxes 

Where: Arkansas

The legislation: Senate Bill 632 (2019 | AR)

What does SB632 do?

• Creates the Cyber Initiative
• Housed within the Economic Development Commission
• mitigate the cyber-risks to Arkansas
• increase education relative to threats and defense
• provide the public and private sectors with threat assessments and other intelligence
• foster growth and development around tech, IT and defense
• create a “cyber alliance” made up of partnerships with a variety of insitutitions like “universities, colleges, government agencies and the private business sector

Partners include:

• the Forge Institute
• Department of Homeland Security, the Arkansas National Guard, Walmart and the University of Arkansas Little Rock via Forge’s American Cyber Alliance

Government Technology | Aggressive Initiative to Shore Up Cybersecurity in Arkansas 

Active Cyber Defense uses private sector cyber bounty hunters and hackers  to protect critical infrastructure.

Who is behind this concept?

• An Atlantic Council report,
• by, Frank Kramer, Assistant Secretary for International Security Affairs for the Clinton administration
• and by, Bob Butler, Deputy Assistant Secretary for Space and Cyber in the Obama administration

How would this private sector system work?  the private sector hackser would be deputized  “certified active defenders” to assist with the creation of an active cyber defense strategy

CPO Magazine | Active Cyber Defense Strategy Could Use Private Sector Bounty Hunters to Protect Critical Infrastructure

The U.S. Cybersecurity Solarium Commission is taking inspiration from the 1950s era commission that studying nuclear strategy.

The 14 member Cybersecurity Solarium Commission will be comprised of:

• 4 current lawmakers
• director or deputy director of National Intelligence
• drector or deputy director of Defense
• director or deputy director of the FBI
• director or deputy director of Homeland Security
• academics
• industry representatives

Strategies to develop:

•  persistent engagement
• deterrence (which will include increasing resiliency)
• development of diplomatic norms — global rules of the road for cyber operations

AXIOS | New cybersecurity task force draws inspiration from ’50s

• 20% of Fortune 500 CISOs will be women by 2020
• 13% were women in 2017
• Capitol Hill hearings hear testimony from women 20% of the time on information security

Tech Target | Women in cybersecurity work to grow voice in US lawmaking

What additional information is protected:

• user name
• email address
• any other account holder identifying information
• + in combination with any password or security question and answer that would permit access to an online account

Can notice be given to a consumer electronically? Yes, unless it was the account that was breached

The bill: A-3245 (2019 | NJ)

National Law Review | New Jersey’s Data Breach Notification Amendment Signed into Law 

Inside NJ | Caputo & Murphy Bill Requiring Disclosure of Online Security Breaches Signed into Law

The legislation: HB 904 (2019 | NC)

How does it impact businesses: Creates a duty on businesses to maintain reasonable security procedures and practices

Notification time frame: 15 days

Free credit freezes, thaws and monitoring? yes, yes and yes

Consent: Requires consent to access a consumers credit report

NC Attorney General Talking Points on HB 904 

Where: San Francisco

What else does the ban on facial recognition tech by municipal entities and local law enforcement do ? 

• requires disclosure of surveillance technology they currently use
• requires approval from the Board of Supervisors on any new technology that either collects or stores someone’s data

What are supporters saying?

• “This is really about saying we can have security without being a security state.”
• “We can have good policing without being a police state.”

2 More cities set to consider the ban:

• Oakland, CA
• Somerville, Mass

Governing | San Francisco the First U.S. City to Ban Facial Recognition Technology

KQED | San Francisco Bans Police, Municipal Use of Facial Recognition Technology

• Facebook
  • The future is private
  • We will make your information private
• Google
  • What you get in return is more valuale
  • We make it wasier for you to navigate the world, so its all ok
• Microsoft
  • We can make your elections safer
  • “privacy is a human right”

What do they say to legislators? Trust US

What do they say to consumers? We won’t misues your data, AKA trust us

What are they saying to investors? There won’t be any regulations, trust us, returns will be great still

Fast Company | 3 Big Tech CEOs, 3 ways of spinning privacy

Bonjour to Kentucky Secretary of State Candidate Stephen Knipper. It’s an elected office in Kentucky.

The Knipper wants to improve data security and clean voter rolls of persons not eligible to vote.

Courier Journal | Stephen Knipper: As secretary of state, I would clean up voter rolls

Where is this proposal progressing? California

What is the proposed fee/tax? Data Dividend to be paid by businesses that hold.sell,track, sell data

The messaging: “We trade it away for so much of our experience on the internet. Money from a data tax could begin to counter this trade imbalance.”

Governing | Should Big Tech Be Taxed for Using Our Data?

• Carving out exceptions to the  California Consumer Privacy Act
  • The message: “addressing workability issues from a business compliance standpoint, to strengthening the law from a consumer and privacy protection standpoint”
• Coalition of business entities including:
  • Internet Association
  • TechNet
  • Consumer Technology Association
  • Chamber of Commerce
  • Large Tech Companies
  • Wireless Association,
• Plausible Deniability
  • Tech Companies and associations are not attending technical negotiations

Wired | TECH LOBBYISTS PUSH TO DEFANG CALIFORNIA’S LANDMARK PRIVACY LAW

Texas HB 2689 (2019 | TX)  would set a standard that all public schools should have a liaison that can communicate data security/cyber security issues with their local communities.

State : New York

Legislation: AB 6787 (2019 | NY)

What does this bill do? 

• Prohibit schools from using biometric software for 1 year
• Study the use and safety of biometric identifying software
• Make recommendations for the use of biometric software to further school safety

Lockport Union Sun Journal | Bill calls for study of facial recognition systems in schools 

What type of healthcare data breach? electronic health information was exposed online 

How did it happen? a misconfigured web setting

What went wrong with notification that caught the Michigan Attorney General’s attention? Patients were receiving notifications addressed to other patients and contacted the Attorney General

Health IT Security | Michigan Attorney General Looking into Inmediata Breach, Mailing Error 

Where: Maine

The legislation: LD 946 (2019 | ME) 

What would this bill do? Require Internet Service Provers to get Customers to OPT IN to sell cusotmer data

Government Technology | Maine Bill Would Force ISPs to Ask to Sell Customer Data

State: Washington

The bills that succeeded: HB 1071 (2019 | WA)

What does the data breach bill do?

• 30 days to notify the state Attorney General and consumers (down from the current 45 days)
• What information triggers a breach notification?
  • Social Security numbers
  • driver’s license numbers
  • state ID numbers
  • financial account information
  • full birth dates
  • health insurance ID numbers
  • medical histories
  • student ID numbers
  • military ID numbers
  • passport ID numbers
  • username-password combinations
  • biometric data

SC Magazine | Washington state legislature passes data breach law, but punts on privacy law

Washington State Legislature did not enact SB 5376, a GDPR like data privacy bill, here are some reasons why:

• Supporters, privacy advocates, started calling for a stronger bill
• Critics harped on the bill still permitting facial recognition software
• Negotiations did not include more than 1 Republican and no consumer advocates

SC Magazine | Washington state legislature passes data breach law, but punts on privacy law

• Ohio’s law doesn’t require action by businesses
• Ohio’s law incentives actions by businesses, by providing for liability protection

Tech Target | State data privacy laws, regulations changing CISO priorities

Who: Defending Digital Campaigns, the nonprofit spinoff of a Harvard cybersecurity project

What: FEC is considering allow campigns to get free cybersecurity help

Why? Elizabeth Warren, Kamala Harris are disclosing funds spent on cybersecurity and the retention of cybersecurity experts

The catch: the nonprofit is founded by Hillary Clinton’s campaign manager

Slate | This Nonprofit Wants to Offer Political Campaigns Free Help With Cybersecurity

State: Massachusetts

Legislation: H 4806 (2018 |MA)

What did Massachusetts enact?

• consumer consent before any third party can obtain the consumer’s credit report
• free credit freezes and thaws
• entieis that have suffered a data breach have enhanced reporting requirements
• free credit monitoring to affected consumers

Leominster Champion | Governor Signs Bill to Enhance Credit Data Security

What? SB 2373 (2019 | TX) 

What legal challenges would be allowed? Deceptive Trade Practices Act challenges

What does this mean? Know those press releases from the Attorney General Office about how much its collected in fines (hint: it is A LOT). Yes, it means business fines.

Texas Tribune | Texas bill would allow state to sue social media companies like Facebook and Twitter over free speech

Where: Georgia

The legislation: HB 392 (2019 | GA) 

What would this bill require:

• the state Secretary of State
• required to create security protocols for voter registration information
• follow and be consistent with standards set by national cybersecurity and election organizations

Atlanta Journal Constitution | New safeguards for Georgia election security await Kemp’s signature

The city: San Francisco

The proposal: 

• new regulations on the city’s process for acquiring surveillance equipment
•  total ban on municipal use of facial recognition software

How many other cities have done this? none

Opponents: law enforcement

The policy goal: ““The propensity for facial recognition technology to endanger civil rights and civil liberties substantially outweighs its purported benefits,”

Government Technology | Will San Francisco Ban Facial Recognition Technology?

State: Nevada

The legislation: SB 195 (2019 | NV)

Why did SB 195 die a legislative death?

• opponents say the bill was not beneficial to the crypto markets
• the bill would have implemented the ULC’s Uniform Regulation for Virtual Currency Business Act
• opponents say it doesn’t protect investors and traders enough

Read an opposition letter from the cryptocurrency industry.

CoinGeek | Nevada lawmakers scrap controversial Bitcoin bill

State: Oregon

The legislation: House Bill 2395 (2019 |OR)

What would HB 2395 require?

• require manufacturers to take implement a process for each device a unique password

Why? So that a hacker could access only 1 device in 1 hack.

Oregonian | Oregon House passes bill requiring security for online devices

What do I need to know about data minimization? It means that companies shouldn’t collect personal data “beyond what is adequate, relevant and necessary” for the product or service.

What’s an example? Your takeaway driver doesn’t need access to your photo library to scan your credit card

NextGov | Inside One Lawmaker’s Proposal for a Privacy Bill of Rights

North Carolina: the 1st State to pass the model legislation imposed the 72-hour notice requirement in the model.

Michigan:  opted for a 10 day notice requirement

Ohio:  allows licensees that have certain cybersecurity programs to use an affirmative defense against tort claims

Bloomberg | States Imposing New Cybersecurity Requirements on Insurers

Where: Missoula County, Montana

The County adopted rules for crypto miners that:

• health & safety. County is “protecting the health, safety, morality and general welfare of the people in the district” by ensuring electricity for local residents
• use limitation. crypto mining activities only in areas of light and heavy industry
• waste limitations. provide evidence that all e-waste generated will be processed by a licensed waste management company

The Cryptoo Currency Post | Montana County issued a decree obliging crypto miners to use renewable energy

Michigans HB 4103 (2019 | MI) would:

• add bitcoina nd blockchain into existing legal & financial statutes
• prohibit rackteering related to blockchain and bitcoin
• apply existing financial crimes to crimes utilizing blockchain, distributed ledger techniology and bitcoin

The definition of cryptocurrency used in Michigan: “digital currency in which encryption techniques are used to regulate the generation of units of currency and verify the transfer of funds, and that operates independently of a central bank.”

Detroit News | Bitcoin, blockchain crime bills clear Michigan House

Where: Australia

What group is recommending a Biometric Security Oversight Commission? The Parliamentary Joint Committee on Law Enforcement

In its report  the joint committee found that:

• need to protect biometric data collected and shared among law enforcement agencies
• increase IoT security awareness
• review of biometric and persoinal information security legislation to keep it up to date,
• consider hybrid storage facilities
• consider advanced techniques like  artificial intelligence for handling and analyzing large volumes of data

Biometric Update | Committee recommends Australia set up biometric data security oversight body

IOT legislation is the hot topic for 2019. Also known as how to keep your thermostat from being the way hackers hack your personal information.

So, what is the next hacker target? Indoor Garden sellers that offer a light source and temperature control gardening.

Tech Crunch | AeroGarden maker says hackers stole months of credit card data

Who: Facebook

What does Facebook want? It wants to know the rules of the game for political speech and the Constitution

Why? The government rather than a private comapny, like facebook shuld detemrine constitutional limitations

Variety | Facebook’s Mark Zuckerberg Says ‘We Need New Rules’ Regulating Political Speech

West Virigina HB 2452 (2019 |WV)  created the a new Cybersecurity Office within the Office of Technology.

Goals of the a new Cybersecurity Office:

• risk assessment across state agencies
• establish unifying security standards among state agencies
• will leverage a risk management approach
• provide for “apples-to-apples comparison of cyber-risk assessments across all agencies within the Executive Branch.”  

Stems from WV’s 2018 particiaption in the National Governors Association (NGA) cybersecurity policy academy.

Government Technology | W.Va. to Open Cybersecurity Office, Launch Unification Plan

The latest medical equipment suseptible to hackers are CT scans that would allow hackers access to alter images raising regulatory concerns about data security of medical equipment.

Washington Post | Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists

IN March 2019 hackers got into a small Colorado water utility.

Are there regualtory parallels that can be made to secure the water and waste water systems? Yes, Water utilities & power distributors share similar industrial control systems

Which states have taken water security measures forward? NJ, NY 

E& E News | Hackers force water utilities to sink or swim

Maryland HB 397 (2019 | MD) would increase telecom fees to harden the state 911 system.

Why the legislation? the Maryland 911 system has overloaded and resulted in death of injured residents

Why is data security an issue with 911?

• to conenct to cell phones and via text message, it exposes 911 systems to the internet
• 337 successful attacks (on public safety networks) across 49 states and DC in the past 24 months
  • 186 %increase over the previous 24 months

Baltimore Sun | Modern 9-1-1 system will increase state and local fees

Facebook CEO is the latest tech CEO calling for adoption of GDPR standards.

CNBC | Mark Zuckerberg says he wants stricter European-style privacy laws — but some experts are questioning his motives

The Coalition: Organizations representing accountants, techNet, AGC, engineers and technology professionals, + ALEC. Separate opposition stems from National Association of Chief Information Officers

The coalition opposes: state legislative efforts to require contracts install monitoring software

What sparked this? 30 states have a legislative push by TransparentBusiness that claims to ahve software that stops contractors from over-billing their clients

State Scoop | Industry groups urge state legislators to oppose tracking software bills 

Nevada’s Uniform Regulation of Virtual-Currency Businesses Act SB 195 (2019 | NV) would require:

• crypto currency to register with the state  Department of Business and Industry
• blockchain groups oppose the legislation since the industry is nascent and the legislation could inhibit growth

Are other states considering uniform bitcoin legislation? Yes, CA, HI and OK

Bitcoin Exchange Guide | Nevada Bill Regarding Multiple Uniform Standards Sees Pushback from Blockchain and Crypto Proponents 

D.C. Attorney General new proposal  would add the following to the list of information that would trigger notification in a data breach:

• passport numbers
• military IDs
• biometric data
• health information
• taxpayer identification numbers
• health insurance info
• genetic information
• DNA profiles

Security Week | D.C. Attorney General Introduces New Data Security Bill 

Know those calls to your mobile that look suspiciously like a number you know? Arkansas SB 514 (2019 |AR) would change the penalty for those calls.

The bill would increase the penalty for spoofing from a Class B misdemeanor to a Class D felony. That’s up to 6 years in prison &  a fine up to $10,000.

Telecom companies would have to:

• implement preventative measures
• report yearly to the Arkansas Public Service Commission concerning steps taken to identify and block the robocall perpetrators

Arkansas Democrat Gazette | Bill to steepen robocall penalty in Arkansas clears Senate, moves to House 

Debate over Michigan HB 4186 (2019 | MI) and HB 4187 (2019 | MI) focuses on the time period for notification.

The bills cut notification time in MI from 90 days to 45 days. Chamber of Commerce is as thrilled as a cat in the rain.

45 days is a standard adopted by 13 states.

An amendment proposal is for 75 days when the information is processed by a credit card processor.

Small Business Association of Michigan | New Data Breach Bill Moves Amid Latest Ransomware Attack

Marriott CEO testified before the Senate Committee on Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations and said that the hotel chain would now use encryptiona nd toeknization (blockchain, distributed ledger) to safely store data.

Security Boulevard | Marriott Could Have Prevented Privacy Data Breach with Tokenization

New Jersey AB 3245 (2019 | NJ) will:

• Expands Notification to include new data that would allow access to an online account, which includes answers to security questions.

The Daily Swig | New Jersey to expand data breach notification law 

Digitizing currency is moving tangible assets to the cloud and opening conversations on using crypto currency as collateral.

Bonjour new fintech, bitcoin and blockchain legislation.

Legaltech News | Crypto-Collateral? Securing Loans with Digital Currency 

Facebook has admitted to storing 10s of MILLIONS of passwords in plain text. Security Expertts say 600 Million passwords were stored in plain text.

Tech Crunch | Facebook admits it stored ‘hundreds of millions’ of account passwords in plaintext

What data do scooter companies want to protect from local government?

• real time data

Why do local governments want this data?

• to see if scooter comapnies are complying with rules
• pair it with service data for transportation efficiency

What enforcement actions have been taken?

• By refusing to hand over data, Jump received a shorter operational permit in Los Angeles

What data concerns exist?

• privacy of senstive data
• Bird company policies prioritize privacy 

Mother Board | Scooter Companies Split on Giving Real-Time Location Data to Los Angeles

New data breach lingo: The Internet of Medical Things (IoMT)

Why does this matter? Health care data breaches are thepriciest at $08 per record

What’s the latest breach of medical devices? ultasound equipment that can be hacked and have images swppaed by hackers

Dark Reading | Ultrasound Machine Diagnosed with Major Security Gaps

Politico | Why 2020 contenders need to worry about hackers now 

• Timely. All 6 US Senators running for President in 2020 are cosponsors of cybsercurity legislation
• History of federal Action. Standardizing cybersecurity practices at the federal level is difficult
• Agency infighting  is creating disparate standards
• State Success. State leaders have pushed legislative success to protect its citizens like:
  • TX, IL, WA and MA protecting biometric data
  • OH liability protection law
  • CA version of GDPR

The Hill | Why states should push forward with cyber laws

Vermont is subsidizing “last mile” for broadband access in rural areas that will:

• create a revolving loan fund
• provide access to fiber lines
• allowing towns to use general obligation bonds to finance similar projects

US News and World Report | In Vermont, High-Speed Internet for All Gets More Likely

 HB 4371 (2019 | TX) requires that digital currency (crypto currency)have a verified identity.

Texas would be the first state to prohibit anonymous cryptocurrency.

Crypto Globe | Texas Lawmaker Proposes Banning Anonymous Cryptocurrency Transactions 

Where: Pennsylvania

The legislation: HB 225 (2019 | PA)

The Cybersecurity Innovation Commission must:

• conduct cybersecurity audits
• improving security and privacy standards
• information for PA businesses concerning newest cyber technology

New Castle News | Under the Radar: Bill would aim to beef up state’s cybersecurity

Bipartisan S592 (2018-2019| Congress) would require businesses to disclose:

• in SEC filings
• whether a board member is a cybersecuity expert

Ripon Advance News Service | Sen. Collins’ bipartisan bill requires publicly traded companies disclose cybersecurity efforts

California’s SB 561 (CA | 2019)  would allow individuals to bring suit against a company for a data breach that includes their personal information.

The caveat: companies would have to have failed to provide reasonable security precautions.

Insurance Journal | California Bills Would Add More Punch to Consumer Data Protection Law

Nevada is considering Senate Bill 69 (NV | 2019) which will:

• Establish October as Cyber Security Awareness Month
• Clarifies that eh Governor can call in the National Guard for Cyber Incidents

3News | Cybersecurity, human trafficking among issues before Legislature this week

Georgia’s House Bill 197 (GA | 2019)  would create:

• a statewide data analytics center — the Georgia Data Analytic Center — under the Governor’s Office of Planning and Budget
• is in repsonse to Experian data breach
• aggregate data from all constituent services would be available to lawmakers, state agencies, academic institutions and public and private researchers.

Rome News Tribune | Legislation creating Georgia Data Analytics Center clears Crossover Day hurdle

• Special Purpose Depository Institutions will service blockchain industry in WY HB 74 (WY | 2019)
• Business FIlings using a blockchain system HB 70 (WY | 2019)
• Allow for Certified Stock Tokens (Bitcoin) HB 185 (WY | 2019)
• Allow digital assets in commercial laws and allow banks to serve as custodians for digital assets SF 125 (WY | 2019)  

California’s AB 953 (CA | 2019) would permit legal cannabis businesses to pay state taxes using cryptocurrency

Bitcoin Magazine | Blockchain Advocacy Coalition Sponsors Bill to Allow Crypto for Legal Cannabis Tax

What legislative provisions are getting push back from state data officials? require government contractors to install monitoring software

Is there a national group pushing back on this lobbying effort? National Association of State Chief Information Officers issued a statement opposing the bills

What is the opposition? It puts citizen information at risk

How many states have seen this language? 23

State Scoop | Nationwide lobbying push for contractor monitoring software alarms state CIOs

California is revising its first in the nation data protection bill by:

• include passport and government ID numbers as data that trigger notification after a data breach
• include biometric data, fingerprints, and iris and facial recognition scans, as data that trigger notification after a data breach

Tech Crunch | California to close data breach notification loopholes under new law

AB 1130 (CA | 2019)

City: San Francisco

The proposed ordinance would:

• ban facial recognition software
• require annual reporting and auditing of all use of surveillance technology

State Tech | San Francisco Considers Banning Facial Recognition Tech 

Oregon’s Senate Bill 703 will:

• label health data as the patient’s property
• require health care companies to obtain signed authorization from individual consumers before de-identifying their data for sale to a third party

Health Tech | What Oregon’s Move to Redefine Data Privacy Means for PHI

A 2018 Brookings study categorizes state blockchain legislation and regulation.

States Recognizing Innovation Potential:

• Illinois
• Arizona

States Actively Engaged:

• Pennsylvanai
• New York
• Florida
• Virigina
• Utah
• Wisconsin

States that are orgnaized:

• Wyoming
• Washington

States that are appreciative:

• California
• Colorado
• Oklahoma
• Kansas

States that are reactionary:

• Texas
• Missouri
• Illinois
• Ohio

States that are unaware:

• Arkansas
• Mississippi
• Minnesota
• oregon
• idaho

Consensys | Meet the American Legislators Bullish on Blockchain

Hawaii’s Public Land Trust Information System allows for searchable information such as:

• tenants on state lands and in state buildings

• rent paid for state land and buildings

• fees for encroaching on public property

• revenue from camping and wedding or event rentals

pltis.hawaii.gov

Government Technology | Hawaii Launches State Land Use Database

Hawaii joins the ranks of states implmenting a statewide Data Officer position to oversee data security.

SB 1001 (HI | 2019)

HB 532 (HI | 2019)

SF 0125 (WY | 2019) will allow crypto currency to have property rights outside third party storage.

What does this mean?

•  Wyoming is the 1st US state to allow private ownership of cryptocurrency
• Wyoming hopes blockchain and cyrptocurrency then partake in WY courts, business registrations
• Wyoming becomes the Delaware or Nevada of cryptocurrency, as Deleware and Nevada are for traditional corporate filings

Bitcoinist | WYOMING BECOMES FIRST STATE TO GIVE BITCOIN OWNERS FULL PROPERTY RIGHTS

Smartereum | Wyoming Just Passed a Bill That Gives Full Property Rights to Digital Currency Holders

Georgia uses exclusively paperless ballots. The November 2018 election produced high numbers of people not voting for Lt. Governor.

A lawsuit seeks to invalidate that race due to the low voting numbers in that specific race and calling for forensic examination of the electronic voting machines.

Politico | Another Georgia voting kerfuffle

Cisco is asking governmetns around the world to make data privacy a fundamental right.

The talking points:

• Security: Assign responsibility to protect the confidentiality, integrity, availability, and resiliency of data;
• Transparency: Explain how data is collected, used, transferred, and disclosed;
• Accountability: Ensure governance for data under the entity’s stewardship, including a data protection team, applying a risk-based approach;
• Innovation: Recognise multi-stakeholder-driven initiatives that enhance transparency and provide paths for implementation.

New Zealand Reseller News | Cisco calls on governments to make privacy a ‘fundamental human right’

WHAT: Cyber Security Exchange Act,”

Bipartisan? Yes, Senators Thune (R) & Klobuchar (D)

How does the Cyber security Exchange work?

• create an exchange program between the federal government and private firms
• to bring more cybersecurity expertise to the federal workforce
• The program would allow for a 2 year tours of duty with the federal government

The Hill | Bipartisan bill would create public-private cyber workforce exchange

After passing firs tin the nationa data privacy protection, to a GDPR level, here’s a roadmap of  the supporters and opponents :

• Against/Changing the state level GDPR-like standards:
  • California Chamber of Commerce
    • $2.2 million coalition that tried to scuttle the ballot initiative
    •  $1.6 million in lobbying
  •  tech-backed Internet Association
    • $200,000 on lobbying
• For the state level GDPR-standards:
  •  Common Sense Media
  • Electronic Frontier Foundation
  • Consumer advocates

Why does this matter? Other states are following suit- New Mexico, Massachusetts

MERCURY NEWS | Inside the lobbying war over California’s landmark privacy law

Jail time is being added to the list of potential penalties in data breaches. Under the proposal the FTC could impose fines on companies and could also impose criminal penalties on executives.

The impetus for this bill? Facebook

Government Technology | Oregon’s Wyden Pitches Jail Time for Breaches

Utah’s  HB 57 (UT | 2019) would require a warrant before police can access data shared with an app or third party, like cloud storage.

Supporters say:

• Applies the rules to paper to the digital world. If it was on paper, would a warrant be required should be the standard.
• Based on language in a constitutional amendment to protect digital privacy passed in Missouri in 2014.

Salt Lake Tribune | A Utah lawmaker is pushing a digital privacy bill that would bar warrantless searches of data uploaded to apps or cloud platforms

Washington State is considering SB 5376 and HB 1854 (WA | 2019) will:

• Consumer Access to data collected on them
• Consumers can delete data collected on them
• Consumers can correct their data
• Consumers can restrict access to their data
• Consumers can get a copy of their data
• Consumers can object to their data for marketing
• No profiling based on data
• Comapnies collecting data have 30 days to respond to consumer requests, with an extention of an additional 60 days for voluminous requests

The bills build on parts of the California data privacy law, builds on lessons learned from California, and uses from GDPR standards.

New York Department of Education is proposing new rules  that will:

• Parent’s Bill of Rights applicable to 3rd party vendors and setting standards on disclosing student data
• The National Institute for Standards and Technology Cybersecurity Framework (“NIST CSF”)
• Annual training for school district employees
• A Data Protection Officer in every school
• Notice of a school data breach must be given to the Department of Education within 10 days
• Civil Penalties that accrue per individual affected for 3rd party vendors.

National Law Review | NYS Education Department Proposes to Significantly Strengthen Data Security and Privacy Protocol 

• Privacy. Who owns the data. Who gave consent to collect the data.
• Security. What data should be protected from transfer.
• Public Safety. How can the data be used to protect the public and transportation systems in smart cities.

How can governments use data from self driving cars?

• managing traffic
• urban planning
• allocating public funds 

phys.org | self-driving cars and geospatial data: Who holds the keys?

What entity is ranking states on student data protection?  Parent Coalition for Student Privacy

Best State for student Data Protection? Colorado with a B

Worst states for student data protection? 11 way tie with Fs for Alabama, Alaska, Massachusetts, Minnesota, Montana, Mississippi, New Jersey, New Mexico, South Carolina, Vermont, Wisconsin

The populous states?

• California C
• New York B-
• Illinois C+
• Texas D+
• Florida D+
• Pennsylvania D-

Lingering Education Data Security Issue for all states: Teacher Data Protections

EdScoop | Controversial report shows many states fail on student data privacy

• Use risk limiting audits for elections and voting practices
• replace direct recording electronic systems with systems using voter-marked paper ballots 
• No unfounded mandates for local election officials
• train local and state election officials on cyber security
• establish statewide cybersecurity practices

Blue Ribbon Commission on Pennsylvania Election Security (January 2019)

Let’s take a peak at what the National Assocaition fo Realtors spent on cyber security lobbying in 20198?

• $19million in spending on the last quarter on 2018 on cyber security lobbying
• Including a bill For Small Business Development Centers to offer cyber security training
• And a bill that would  strengthen data breach notification

Politico | Morning Cyber Security

Pennsylvania Supreme Court rules that all employers must exercise reasonable care to protect worker data.

How did they get there? A health care provider employee data breach led to a lawsuit. Lower courts sided with the employer that there was no data security requirements for employee records. The PA Supreme Court disagreed. 

Pittsburg Post Gazette | PA Supreme Court rules UPMC — and all employers — must protect workers’ data. Doing so is harder

Why is procurement key?

• Procurement contracts can set the tone for state data security standards

• Telecom infratructure is key to data security

• States should offensively say what the data standards are, rather than what cannot be done

• Private-public cooperation is the key for leading global solutions

• Strengthen cyber security workforces

• Contracted cloud solutions can fill in when funding does not exist for state data security experts

The Kosciuszko Institute| CYBERSEC 2018 RECOMMENDATIONS AND KEY TAKEAWAYS

State: Minnesota

Bill: SF 17 (MN | 2019)

What does it do?

• reworks state voter registration to secure it better
• federal funds
• all specifics of how the new voter registration will protect voter data is determined by the state secretary of state

Tim Cook (Apple) is recommending a Data Broker Registry.

What’s a data broker? they buy and sell data from third parties

So how would it work?

• every consumer can opt into their data being collected or not
• consumers would be able to remove their data from the registry
• the FTC would house the registry and consumers could see what info is being collected and by whom

Why does this sound familiar? Because in 2018 informed:intel told you about the first in the nation data broker state law in VT, and we gave you the bill text to create one in your state

Wired | How Tim Cook’s Data Broker Registry Might Actually Work