Capital Thinking: Cybersecurity


Legislative Branch Activity

Data Breach Issues

Last week, three Congressional Committees – the House Energy and Commerce Committee, Senate Banking, Housing and Urban Affairs Committee, and the Senate Judiciary Committee – held hearings that explored the recent data breaches at Target and Neiman Marcus that compromised the financial data for millions of customers. Officials from Neiman Marcus, Target, the Secret Service, the Federal Trade Commission (FTC), the Department of Justice (DOJ) and the Department of Homeland Security (DHS) testified at the various hearings to discuss the details of the breaches and potential solutions that could prevent future cyber attacks. House Energy and Commerce Subcommittee on Manufacturing and Trade Chairman Lee Terry (R-NE) indicated that his subcommittee may also hold a follow up hearing on the Target and Neiman Marcus breaches once investigators complete the forensic analysis of these incidents.

The hearings also focused on several pieces of legislation related to data security that have been introduced this Congress including Senator Patrick Toomey’s (R-PA) Data Security and Breach Notification Act of 2013 (S. 1193), Senator Patrick Leahy’s (D-VT) Personal Data Privacy and Security Act of 2014 (S. 1897), Senator Tom Carper’s (D-DE) Data Security Act of 2014 (S. 1927), and Senator John Rockefeller’s Data Security and Breach Notification Act of 2014 (S. 1976).  While all of these bills address different components of data security, several would require a federal data breach notification standard to ensure that companies notify their customers in a timely manner after a breach occurs. In the hearings last week, the FTC noted that it would be in support of this type of standard. In addition, Rep. Terry said that he is drafting data breach notification legislation that he plans to introduce in the coming weeks but noted that he has not decided whether to include provisions requiring certain security standards in his bill.

Executive Branch Activity

NIST Cybersecurity Framework

Today, the National Institute of Standards and Technology (NIST) will issue the final version of its Cybersecurity Framework. The Framework is the final product of a provision in the President’s February 2013 Executive Order (EO) that required NIST to work with stakeholders and owners and operators of critical infrastructure to determine a set of voluntary standards that would help protect critical infrastructure from cyber threats. Once the Cybersecurity Framework is released, DHS will continue to work with critical infrastructure to encourage the adoption of the NIST standards.

Written by:

Published In:


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Squire Patton Boggs | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.