Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: NIST

Posted in Consumer Privacy, Cybersecurity & Data Breaches

IAPP Piece Outlines What Privacy Professionals Should Know About the NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) has published its Preliminary Cybersecurity Framework pursuant to Executive Order 13636 on Improving Critical Infrastructure Cybersecurity. The Executive Order further directs NIST to include “methodologies . . . to protect individual privacy and civil liberties,” which NIST has done by including a draft Methodology to Protect Privacy and Civil Liberties for a Cybersecurity Program in Appendix B of the Preliminary Cybersecurity Framework. In a detailed analysis published on International Association of Privacy Professionals’ Privacy Tracker, Hogan Lovells’ Harriet Pearson explores the privacy considerations outlined in the Preliminary Cybersecurity Framework as well as the broader implications that the Framework may hold for U.S. privacy policy.

Posted in Cybersecurity & Data Breaches

NIST Releases Preliminary Cybersecurity Framework; Comment Period to Start Shortly

On October 22, NIST released the official Preliminary Cybersecurity Framework under development pursuant to the President’s Executive Order on Improving Critical Infrastructure Cybersecurity. A formal 45-day comment period will begin once the Preliminary Cybersecurity Framework is published in the Federal Register, which is expected next week. NIST remains on track to meet the Executive Order’s February 2014 deadline for issuance of the final Cybersecurity Framework.

Posted in Cybersecurity & Data Breaches

NIST Releases Discussion Draft of Preliminary Cybersecurity Framework

On August 28, NIST released a discussion draft of the Preliminary Cybersecurity Framework that it is developing pursuant to the President’s Executive Order on Improving Critical Infrastructure Cybersecurity. NIST invites stakeholder review and input of this discussion draft, leading into the publication of the Preliminary Cybersecurity Framework on October 10 for formal public comment. The discussion draft follows on what has already been an active summer with respect to cybersecurity.

Posted in Cybersecurity & Data Breaches

NIST Kicks Off Cybersecurity Framework Development

Development of the new Cybersecurity Framework is now in full swing. President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity (which we previously covered) calls on NIST to lead the development of a Cybersecurity Framework that will provide “a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address […]

Posted in Cybersecurity & Data Breaches

U.S. Cybersecurity Executive Order Signed, Will Affect Many Types of Businesses

On February 12, President Obama signed an Executive Order on “Improving Critical Infrastructure Cybersecurity,” and then referenced the Order and the need for additional congressional action during the State of the Union address on the same day: America must also face the rapidly growing threat from cyber-attacks. We know hackers steal people’s identities and infiltrate […]

Posted in Cybersecurity & Data Breaches, News & Events

Senator Releases Report on Corporate Responses to Cybersecurity Queries

Cybersecurity is on the 113th Congress’ agenda given recent developments in the U.S. Senate.  Today Senator Rockefeller, Chairman of the Commerce Committee,  released a staff memorandum presenting the responses his office received to his September 2012 letter regarding cybersecurity practices. The letter, which we discussed in a previous post, went to the CEOs of every Fortune 500 company and requested responses to eight questions […]

Posted in Cybersecurity & Data Breaches

NIST Issues Guidance on Cloud Computing Privacy and Security Requirements for Federal Agencies

Recent guidance from the National Institute of Standards and Technology (“NIST”) encourages federal agencies to take advantage of cloud computing. It also provides draft security and privacy guidelines for federal agencies to follow when engaging cloud providers. The draft guidelines serve as roadmaps for how to negotiate meaningful privacy and data security protections from cloud providers. Though prepared for federal agencies, the draft guidelines could prove influential to the private sector as an increasing number of private businesses use cloud services. NIST has requested comments on the drafts by no later than February 28, 2011.

Posted in International/EU Privacy

Privacy by Design for Italian Smart Grid

A presentation by Hogan Lovells privacy partners compares European Commission “EG2” privacy recommendations for smart grids with the comparable recommendations of the NIST. We explain the concept of “privacy by design” in the smart grid environment and the use of detailed privacy use cases to mitigate system risks. The presentation compares the U.S. concept of “PII” with the European concept of “personal data” and discusses the risks associated with transferring household electricity data to third parties, as is mandated by California and Italian law.