For businesses that work with the U.S. Department of Defense (“DoD”), two important rules for safeguarding certain categories of sensitive information and reporting cyber incidents were recently finalized, updating the interim rules promulgated in late 2015. The first rule amends the Defense Federal Acquisition Regulation Supplement (“DFARS Rule”) and went into effect on October 21, 2016. The second rule modifies the previously voluntary DoD cybersecurity information-sharing program in connection with the Defense Industrial Base (“DIB Rule”) and went into effect on November 3, 2016.
We previously explained the changes brought about by the interim rules. Here, we explain what changed after the rules’ comment periods, and provide suggestions for compliance.
Even today, most companies—even technology companies—do not think they have information that the U.S. Government wants or needs, particularly as it might relate to a national security investigation. The reality is that as terrorists and others who threaten national security use a broader spectrum of technology resources to communicate and to finance and conduct operations, the U.S. Government has significantly increased its collection of data from technology companies and others.
Orrick Attorneys Aravind Swaminathan and Christian Schröder recently discussed how impending changes to EU data privacy laws will fundamentally change how European companies respond in the face of a cyber attack or data breach. The article examines the cyber threat landscape and suggests how EU companies should assemble the right individuals into an incident response team for dealing with a data breach. Drawing on their experience managing client data breaches in the United States, the authors provide concrete strategies for EU companies to deal with a data breach—before, during, and after the event. For more on how to prepare for the impending changes to EU data privacy laws, click here.