In This Issue:

- NIST Releases Final Framework Document

..Key Changes From The Preliminary Framework

..The Framework Roadmap

..The DHS “C-Cubed” Program

..Next Steps

- California Suggests Upper Time Limit on “Timely” Data Breach Notification

..Practice Notes

- FTC Finds Company Responsible for Data Privacy Activities of Its Vendor

..Practice Points

- FTC Signals Expansion of Data Security Enforcement and Calls for Legislation

..Chairwoman Ramirez Testifies Before The House

..Commissioner Brill Answers Questions Via Twitter

..Common Themes And Practice Points

- Challenges to the FTC’s Authority – New Developments

..Wyndham Highlights The FTC’s Calls For Cybersesecurity Legislation

..LABMD Voluntarily Dismisses Its Complaint And States It Is Winding Down Operations

- California Takes Step in Regulating the “Internet of Things”

- SEC to Examine Asset Manager’s Cybersecurity Programs

- Excerpt from NIST Releases Final Framework Document:

On February 12, the National Institute of Standards and Technology (NIST) issued its long-awaited “Framework for Improving Critical Infrastructure Cybersecurity.”1 The final Framework was a “key deliverable” ordered by President Obama a year earlier in his February 12, 2013, executive order 13636 and Presidential Policy Directive addressing the regulation of critical infrastructure network security. However, as discussed below, while the Framework is couched as a “final” document, it represents only the first phase in what will be an ongoing process aimed at improving the protection of the country’s critical infrastructure industries.