Cybersecurity & Tech

+1 Local Ban on Facial Recognition Software

Where: Boston

Why is Boston City Council considering banning facial recognition software?

• Preemption. The State Legislature is considering a moratorium on facial recognition technology, biometric surveillance systems, including gait and voice recognition
• Polling. 8 of 10 people in the state support a moratorium
• Peer Pressure. Other cities in the state have passed bans
• Protect Rights. Civil liberties are preserved from a dystopian government + data indicates unequal impact of the software

MassLive via Governing | Boston Is Considering a Ban on Facial Recognition Technology

Lobby Hiring TREND. Cybersecurity + COVID

The increase in lobby spending by 12 large publicly traded cybersecurity firms:

• In 2019, spending more than tripled to $3.94 million
• In 2015 these firms spent $1.21 million

What COVID cyber security issues are on their radars:

• health data like temperatures collected by businesses
• health data collected by COVID tracking
• COVID relief funding
• electric grid security issues
• teleworking
• remote schooling

Wall Street Journal | Cybersecurity Lobbying Spending Mounts as Privacy, Security Laws Take Shape

COVID tracking. Legislating Privacy Policies.

Who: Congress

5 Key privacy elements:

• Transparency
  • disclose to consumers at the point of collection how their data will be handled, to whom it will be transferred, and how long it will be retained
• Choice
  • affirmative express consent
• Control
  • over the collection and use of their personal data
• Data defined
  • will include health, geolocation, and proximity data
• Hold businesses accountable if personal data is used to fight the COVID-19 pandemic

U.S. Senate Committee on Commerce, Science and Transportation | Wicker, Thune, Moran, Blackburn Announce Plans to Introduce Data Privacy Bill

Engadget | Senate bill would set privacy requirements for COVID-19 tracking

The Verge | Senators’ plan for reining in contact tracing apps doesn’t make a lot of sense

COVID voting costs

To accommodate online voting, counties say the costs will be:

• $414 million for 5 states
  • Georgia, Michigan, Missouri, Ohio, and Pennsylvania
• 10%-20% the amount of federal funds available in COVID stimulus to cover the local costs
• 50 new coronavirus cases were linked to voting in Wisconsin’s primary

What about state’s ability to match funds? Utah expects to draw down fewer federal dollars for elections because they don’t have 50% of the funds available needed

Washington Post | The Cybersecurity 202: County election officials detail massive costs of remote voting

COVID remote working. More data security rules.

In response to July 1 enforcement of California’s novel data privacy rules, data privacy supporters say COVIDs work from home requires more data security protection.

In response to the July 1 enforcement of California’s novel data privacy rules, data privacy supporters say COVID requires more work from home data security protection.

People are more vulnerable to their data being used without their permission because:

• home internet connections are less secure
• financial transactions have moved online with more entities collecting financial information
• online socialization is moving private conversations online in recordable formats

There is also new data being collected by employers: health data related to COVID such as employee temperatures. Is this at a covered by the rules? What privacy protections are afforded to this data?

San Francisco Chronicle via Governing | Calif. Internet Privacy Deadline Complicated by Coronavirus

How COVID complicated State Data Security Rules

Where: California

How have California’s data security rules been complicated by COVID?

• Staffing. State orders to stay at home led to losses and layoffs leaving companies unable to comply
• No final rules. Have left small businesses unsure how to comply
• New health data. What do companies do with new employee data like when workers temperatures are recorded

San Francisco Chronicle via Governing | Calif. Internet Privacy Deadline Complicated by Coronavirus

COVID 3 Privacy Issues in Contact Tracing

Who is monitoring privacy issues? “Privacy Hawks” & Civil Liberties Groups

What top 3 issues are talked about?

• Will a person’s location be collected?
  • Apple & Google apps will launch with bluetooth contact monitoring which does not collect location data
• Who will make contact to relay that a person has been in contact with a person positive for COVID?
  • Favored are notifications by health agencies

• How willing are we to trust Tech Companies with this contact monitoring?
  • Are there sufficient firewalls?
  • Is there adequate encryption?
  • Is there a mechanism to stop the app when contact monitoring is no longer necessary?

The Hill | Privacy hawks willing to see how new contact tracing project plays out

Economic Benefits of a Digitally Savvy Board

• 34% higher revenue growth
• Less than 1/4 of boards are digitally savvy
• More than 3 digitally savvy board members brings economic benefits

How does a company add digitally savvy board members?

• Use consistent terminology understood by all
• Treat digital strategies are business strategies
• Track company digital data (e.g. digital use, orders…)
• Talk about business digital achievements. Highlight it & highlight it again
• Coordinate work to draw broad board support for digital strategies

MIT Sloan School | How to build a digitally-savvy board

Local TREND. COVID Technology to Keep.

Innovation from local governments benefit a new normal?

• Electronic Signatures to reduce contracting times by days if not weeks
• Virtual Training for City Employees to allow employees to hit the ground running
• Courts Adopt Conference Calls to reduce courtroom time for conferences
• Electronic Bail Process speeds up the bail process and transfers documents electronically

Benefits to local government: Innovation reduces costs for local government.

Governing | Government’s Innovation Surge Shouldn’t End with the Pandemic

COVID: More Drone Uses by Law Enforcement

Most common drone use: Reinforce social distancing rules via loudspeakers and a recorded message. This method was first used by Spain and China.

Benefits of using drones for crowds/social distancing:

• drones can cover more ground
• drones have a greater vantage point over officers on the ground
• drones have an advantage getting to hard to reach areas
• can easily confirm whether a disturbance is occurring before sending officers
• can quickly clear a house before officers enter

What precautions are law enforcement following before using drones:

• drones are not recording video or sound
• drones are not being used for survelliance

Governing | Police Are Using Drones for Coronavirus Management

Business TREND. Right to Data Privacy + COVID Tracking

What companies are building COVID tracking? Apple together with Google

How will it work?

• via bluetooth
• Android and iOS phones will communicate & track when individuals pass within 6 feet of someone who tested positive

What privacy assurances are offered?

• “strong protections around user privacy”
• transparency and consent “are of utmost importance for the app

What legislative protections are data privacy supporters calling for?

• Create a right to digital self-defense
• Allow citizens to use anonymity, privacy, and cybersecurity tools to shield themselves
• Prevent widespread and relentless data collection by private and public actors

The Hill | A right to digital self-defense will prevent abuse of COVID-19 surveillance apps

3 Reasons Tech Group Call for more Cybersecurity Funding Courtesy of COVID.

Who are the Tech Groups:

• The Internet Association
• BSA, the Software Alliance
• CompTIA
• Cyber Threat Alliance
• Cybersecurity Coalition
• Global Cyber Alliance
• Alliance for Digital Innovation
• Information Technology Industry Council

What 5 Reasons do Tech Companies show that cybersecurity needs more government funding?

• chronic lack of workforce in state and local governments
• patchwork legacy systems
• under-sourced cybersecurity and IT services
• uneven federal assistance
• uptick in ransomware attacks

The Hill | Tech groups call on Congress to boost state funds for cybersecurity during pandemic

COVID related Malware & Phishing Scams by the numbers

Since April 1, 2020 Google found the following number of COVID malware & phishing scams:

• 18 million malware and phishing emails PER DAY related to the novel coronavirus
• + 240 million coronavirus-related daily spam messages
• 99.9% of spam, phishing, and malware is blocked by Google’s machine learning software

The Hill | Google reports 18M coronavirus-related malware and phishing emails being sent daily

COVID & 5G. Pros and Cons.

Supporting arguments for 5G expansion during COVID:

• 5G helps with working from home
• International Commission on Non-Ionizing Radiation Protection updated its standards to include that 5G poses no significant health risk
• COVID exposed education achievement gaps in low-income, rural and disadvantaged schools

Opposition arguments for 5G expansion during COVID:

• unknown adverse health effects like cancer and DNA damage
• A California petition has more than 3,700 signatures to stop the installation of 5G in schools

Sacramento Bee via Governing | Gov. Newsom Asked to Delay 5G Until Safety Is Tested

COVID Response. A State’s Reopening Plan with Surveillance

Where: Connecticut

What surveillance is proposed?

• medical surveillance proposed by a report by medical experts affiliated with the American Enterprise Institute
  • + “voluntary” quarantines for those who test positive
  • enforcement via mobile phone apps
  • regional approach to reopening in coordination with New York, New Jersey, Massachusetts, Rhode Island, Delaware, and Pennsylvania
  • contact tracing

What controls is the state looking at?

• leveling of the spread of the virus
• hospital capacity

How much spending for the state to do massive contact tracing?

• $44 million
• hiring 1,000 people to track the contacts of people who are infected

Hartford Courant via Governing | Lamont’s Plan to Reopen Economy: Testing and Tracking

COVID and Ransomware by the numbers

148% increase in ransomware during COVID

38% increase in cyberattacks against financial institutions (the largest hit to a industry)

70.9% of the attacks on financial services sector were from the Kryptik trojan

CarbonBlack | Amid COVID-19, Global Orgs See a 148% Spike in Ransomware Attacks; Finance Industry Heavily Targeted

Cyber Crime Data. New Report. The COVID impact.

Who is the report from?  Cyber Solarium Commission

Why is more cyber crime data necessary? to create better policies against cybercrime

What governmental entity should collect the cybercrime data? Congress should create a Bureau of Cyber Statistics within the Department of Commerce 

How could this data help in COVID times? Better track cybercrime that some say is rising, including targeting of hospitals, testing labs, and a teleworking and vulnerable public. 

The Cyber Solarium Commission Report on Cyber Crime Data

Lawfare | We Need Better Cybercrime Data

COVID drone use: Informational & Temperature Testing.

Where: Daytona Beach, Florida

How are Daytona Beach Police utilizing drones?

• drones with speakers to remind people of distancing or curfews
• a drone with a FLIR (Forward-looking infrared) camera will monitor visitors and identify elevated body temperatures

Wicked Local Metro via Governing | Drones in Florida Remind Residents to Keep Their Social Distance

Local TREND. PROCUREMENT OPPORTUNITY. Local Governments Using Apps during COVID.

Where: Boston, Massachusetts

What Apps did Boston adopt to keep its citizens updated on COVID?

• A daily info graphic tracking COVID in the area
• COVID impact in Boston and the state

How did the apps come about? Using publicly available data from Centers for Disease Control and Prevention & the state’s Department of Public Health, the apps were built within a day

Other technology being used by Boston? text messaging to connect residents to up to date information, in multiple languages & up to date fact sheets and guides

Governing | Boston Mayor Keeps City Up to Date on Coronavirus with Tech

COVID To Bring More Tech Purchases by Government

Name an entity that has been slow to upgrade tech? Yes, government, like your parents is notoriously slow at adopting new technology

What is COVID doing to jumpstart more government tech investments? As government systems crash, the lag in technology upgrades by government is being exposed

What tech will be upgraded?

• mainframes
• proprietary software
• move to software that can scale to meet the demand
• email storage in the cloud
• moving call centers to VOIP so that call centers can be virtual
• hardware: laptops, tablets, headsets
• move away from paper transactions

Governing | Coronavirus Has Potential to Reshape Government Technology

Governing | Antiquated Computer System Hobbled by Flood of New Jobless Claims

Impact of COVID: More Personal Data in Government Hands.

How has data increased? White House has requested more data under the Stored Communications Act to track COVID

What regulatory/legislative issues are emerging?

• What limits are on the government on the backend to protect the data
• Can the government later sell the data?
• Can government compel companies to provide location data of their customers?

Is there funding involved? Yes, $500 million to the CDC for a coronavirus “surveillance and data collection system” 

FedScoop | An unprecedented wave of personal data could be heading to federal agencies

GPS Tracking of College Athletes during COVID

Who: University of Alabama

What: Sent its football players Apple Watches to track locations during COVID

The justification: The Apple watches are resources to provide for the health and well-being of student-athletes during this crisis

USA Today | Alabama’s use of Apple watches to track football players sets off rules debate

Blockchain Investments in Nevada

When did Nevada first pass blockchain legislation? 2017

What type of investments in block chain have been made since 2017? $400 million

What applications of blockchain are included in the investments?

• financial transactions
• supply chain management
• Walmart rolled out a blockchain pilot to track food safety 
  • tracked food safety information in 3 seconds
• a pilot digital marriage certificate system using blockchain
  • cost 30% less and processed with 24 hours

Lahontan Valley News | Blockchain investment growing in Nevada, but what is it?

Regulatory TREND + State Law: Sharing Data COVID 19 positive addresses

Where: Alabama

What: Alabama’s Department of Health is sharing the physical addresses of people who tested positive for COVID 19 with emergency responders

How does HIPPA calculate into this health information privacy issue? Alabama determined that  public safety outweigh privacy concerns

Does Alabama have a law that also addresses this exception to health care information privacy? Yes,  a state law permits the state to “notify a third party of the presence of a contagious disease in an individual where there is a foreseeable, real or probable risk of transmission of the disease.”

Have other states also released addresses of COVID positive individuals? Yes, Massachusetts

Alabama Media Group via Governing | Alabama Shares Addresses, Not Names, of COVID-19 Patients

Local TREND. Getting Cybersecurity help from the state CISO

Where: Michigan

How is Michigan’s CISO helping local governments with cyber security?

• a proactive step to build on the 2018 pilot that allowed local governments to treat the state CISO as the local government’s chief security officer
• works in tandem with the deployment of the Michigan Cyber Civilian Corps(often abbreviated as MiC3) to assist with recovery efforts after cyberattacks on local governments
  • 2018 legislation created the Michigan Cyber Civilian Corp
• lessens the financial strain on local governments that can find cyber workforce & equipment costly
• offers monthly cyber education programs to local governments

Will local cybersecurity help the state too? Yes, a cybersecurity partnerships with local governments benefit the state.

State Tech | Michigan’s CISO as a Service Boosts Local Cybersecurity

Fintech and COVID stimulus funds

The association representing fintech interests:  Innovative Lending Platform Association

How does fintech operating lending services in ways that differ from the traditional? underwrite loans using algorithms at speed and scale

How much COVID stimulus could be available for fintech startups? $450 billion in loans are set to be distributed through the Small Business Administration 

Tech Crunch | Lending startups are angling for new business from the COVID-19 bailout

Business TREND. Tech to Slow COVID.

The company: Estimote

How can Estimote technology limit the spread of COVID? By monitoring the potential spread of the coronavirus from person-to-person

Why an Estimate device and why not just mobile phone or watch tracking? A dedicated wearable can help employers avoid doing something that may be seen as an invasive privacy issue

Tech Crunch | Estimote launches wearables for workplace-level contact tracing for COVID-19

Business TREND. Businesses Thriving in COVID.

A sampling of business booms in the time of COVID:

• Coursera, the Mountain View, Calif.-based online learning platform with university classes
• ZOOM, video conferencing
• Instacart has seen a 150 percent increase in demand
• a course from the Imperial College London on the science of COVID-19 has more than 66,000 students enrolled after launching less than two months ago
• Automation Anywhere, a San Jose-based leader in AI technology
• Safeway, the grocer, announced last week it wants to hire 2,000 workers

Who is hiring in droves:

• Grocery stores
• online delivery
• post office

The Mercury News via Governing | For Some Companies, Coronavirus Brought a Business Boom

Regulatory TREND. COVID-19 & Cryptocurrency

Which state regulator: New York’s department of financial services (NYDFS)

What is the regulator requiring of cryptocurrency companies?

• preparedness plans to manage the spread of the disease
• disclosure of preventive measures and the protection of employees
• evaluation of the potential increased risk of cyber-attacks and fraud by the epidemic

Crypto Currency Market | The State of New York called the crypto-companies to submit preparedness plans to the Coronavirus

Covid-19 & Data Privacy Issues

Top 4 data privacy issues associated with the pandemic:

• Will surveillance & location tracking continue after the outbreak?
• Is the health tracking that occurred reversible?
• Was the location tracking anonymous?
• Was there consent for the location tracking?

EU Observer | Privacy issues arise as governments track virus

Covid-19 Opportunity to teach Data Security to Students at Home.

Who:  “Cyber School,”  by the Academy of Cybersecurity, operated voluntarily by cybersecurity experts

What: Daily live stream of coding and algorithms, online safety, ethical hacking and social engineering

Cyber Scoop | This team wants to teach your kids cybersecurity while they’re home from school

Which New York Data Security Law Could All States See in Legislation?

What did New York’s Shield Act, an amendment to the states data breach notification law, require that we may see replicated in mass?

requiring that state data security rules must be tailored to the size of the business

CSO | New York’s SHIELD Act could change companies’ security practices nationwide

Election Data Security in time of COVID-19

Where: Ohio

What election measures is OHIO considering for its now postponed primary election? Only mail in ballots

How many states allow elections to be conducted only by mail? 21

How many allow full statewide elections by mail? 4 — Colorado, Hawaii, Oregon and Washington

What is voter turn out in mail-in ballot states?

•  Colorado 63%
• Oregon 61%
• Washington 58.9%

What’s Ohios voter turn out? 50.9%

Plain Dealer via Governing | Ohio Considers Vote-from-Home for Postponed Primary Election

TRENDING ISSUE: Government Access to Tech Company Data to Track COVID 19

What are tech companies saying and doing?

• Google: Issued statement it would limit government access to location data
• Facebook: CEO Zuckerberg: “I don’t think it would make sense to share people’s data if people haven’t opted in for that”
• Apple: Does not collect iPhone user location data

Politico | In another coronavirus-related security issue for tech giants

The Hill | Google to limit federal access to location data as it fights coronavirus

Washington Post | U.S. government, tech industry discussing ways to use smartphone location data to combat coronavirus

COVID 19 and Cyber Security

• Dark web ransomware sites offering coronavirus packages
• Trump Administration Relief plan includes the following data security funding:
  • $21 million for Department of Energy cybersecurity
  • $47 million for FEMA for data security + data networks
  • $17 million for Interior Department for network upgrades
  • $5.5 million for National Archives and Records Administration to provide electronic remote access and accelerate security upgrades

Morning Cybersecurity | Cybersecurity money part of emergency coronavirus request

Cannabis Companies & Data Security Laws.

Issues for Cannabis Companies:

• What customer and supply chain information are you retaining?
• Is that information protected?
• Does your company have a plan if there is a data breach or ransomware attack?
• Does your state have a track-and-trace requirement for cannabis businesses?
• How is notification of a breach impacted when a customer from State B, where cannabis is illegal, has its consumer information breached in State A where cannabis is legal, and notifies the attorney general in State B. What happens to customer B?
• Will cyber liability insurance policies be written for the industry?

JURIST | Cannabis Companies are Overlooking Data Security Laws and Regulations

Legislatures: Data Security Insurance Coverage for Contractors

Where: California

What: AB 2320 (2020 | CA)

Which contractors would be impacted?

• contractors that receive or are given access to records that contain personal information protected under the state’s Information Practices Act

What type of personal information is the state protecting?

• names
• social security numbers
• physical descriptions
• home addresses
• home telephone numbers
• education
• financial matters
• medical or employment history

Government Technology | California considers mandating cyberinsurance for contractors

Protecting Business from Litigation: Affirmative Defense

Where: Utah

What: HB 158 (2020 | UT) creates an affirmative defense from litigation for businesses that follow state law on maintaining cyber security programs

How does the state define the cyber security programs with which businesses will have to comply?

• conforms to an industry recognized cybersecurity framework
• example programs:
  • NIST special publication 800-171;
  • NIST special publications 800-53 and 800-53a;
  • the Federal Risk and Authorization Management Program Security Assessment Framework;
  • the Center for Internet Security Critical Security Controls for Effective Cyber Defense; or
  • the International Organization for Standardization/International Electrotechnical  Commission 27000 Family – Information security management systems;

• and if the protected personal information is regulated by a government, cybersecurity protection programs must comply with the law

TRENDING. Government Bans on Foreign Made Tech.

Next up on the ban list: Drones made in foreign countries

Who is issuing the ban? Trump Administration by Executive Order

Why ban foreign made drones? national security

Which entities will be forbidden from using foreign made drones? federal departments & agencies

Are there exceptions? Yes, military and the intelligence community

Tech Crunch | US preparing to ban forge in-made drones by government use

Local TREND. Cyber Attack Cost for a City.

The city: New Orleans

The cyber attack: a ransomeware attack in December 2019

The cost to modernize the city computers: $7 million

What will the $7 million cover for New Orleans?

• ransomware attack recovery
• fixing city email services and networking infrastructure
• modernizing the computer systems

Governing | Louisiana Has Spent $2.3M in Recent Cyberattack Responses

Cost of State Cyber Security Attack.

The state: Lousiana

What type of cyber attack did Lousiana experience?

• A ransomware attack against state computer systems.
• Lousiana did not pay the ransom.

The cost: $2.3 million

• $1.7 million to restore state systems
• $333,000 to assist school districts

What did $2.3 million cover? paying staff to go to various school districts, state agencies and New Orleans to help re-image computers

Which agency was the most impacted? DMV

• 45 year old computer system
• down for weeks after the attack

Governing | Louisiana Has Spent $2.3M in Recent Cyberattack Responses

Lege TREND. Using Equifax Settlement Funds for Financial Literacy.

Where: New Jersey

What: S1196 (2020 | NJ)

How would S 1196 use Equifax settlement funds?

• Establish financial empowerment centers pilot program
• Oversight by Department of Community Affairs 
• Partnership with local officials and nonprofit
• Offering forums, programs, & financial coaching to those in 3 economically vulnerable communities

NJ Spotlight | Bill Would Boost Financial Literacy for Some of State’s Poorest Citizens

By the Numbers. Campaigns Buying Internet User Data

The poll: Gallup in partnership with the John S. and James L. Knight Foundation

% who oppose internet companies sharing data with campaigns:

• 69% of Democrats
• 75 % of Republicans
• 72% of Independents

20% are ok with this data being shared with campaigns: gender, age, or zip code

7% support sharing any information with campaigns by internet companies

59% support these disclosures on internet political ads:

• disclose who paid for the ad
• how much it cost
• whom the ad is aimed at

20% support NO online campaign ads, following the mode of operation adopted by Twitter

45% oppose internet campaign ads that misrepresent a candidate’s position.

The Hill | Most don’t want microtargeted political ads: Gallup

Lege TREND. Homeless Database

Where? California

Why? “Because you can’t manage what you don’t measure,” –Gov. Gavin Newsom

How? Two choices

• Aggregate Data that is kept by local governments
• Compile data from the 44 so-called continuums of care

What are the 44 so-called continuums of care? local agencies that administer federal homelessness programs that use the Homeless Management Information System

The Goal: Make the process of getting people off the streets more efficient

Los Angeles Times via Governing | Homeless Database Is Worthy Goal but Difficult to Achieve

Lege TREND. Limit Federal Access to State Databases.

Where: Maryland

What: SB 649 (2020 | MD) prevents federal access to Maryland’s DMV records

Why: To protect legitimate law enforcement work by the federal government in the state database, but disallow non-law enforcement work

Have other states done this? Yes, New York

Were there repercussions by the federal government? yes, short term blocking of New Yorkers from enrolling in Global Entry and other programs aimed at getting travelers through borders and airport lines more quickly

Governing | Maryland Lawmakers Want to Limit ICE Access to MVA Database

3 Takeaways. U.S.’s only Local Privacy Commission.

Where: Oakland, CA

What should I know about the Oakland’s Privacy Advisory Commission?

• 2016
• its a citizen-led board
  • Each member of the city council appoints a commissioner
• the board can review any & all city policies and regulations through a privacy lens
• original funding: DHS funding for a Domain Awareness Center 

Takeaways:

• Diverse memberships has benefited the commission.
• Pushback is inevitable
  •  tech companies push back on constraints that will hamper innovation
  • city staff push back on increased paperwork or other administrative burdens
• Proactive solution. Cities tend to act reactively. The commission has moved the city to be proactive like new recommendations on privacy issues and licensing.

Governing | What Cities Can Learn from the Nation’s Only Privacy Commission

+1 State. Preempts Facial Recognition Software Use

Where: Washington State

What: SB 6280 (2020 | WA)

What does SB 6280 preempt?  prohibits state & local government agencies from using facial recognition for ongoing surveillance

Exceptions: Search warrants & emergencies involving potential loss of life

Other requirements:

• training for facial recognition operators
• annual reporting on use of facial recognition software

Seattle Times via governing | Washington Anti Facial Recognition Bill Passes State Senate

New Regulations. Education Vendors.

Where: New York

What new requirements are being placed on education vendors?

• Contracts with vendors who receive PII must state that the vendor will maintain all information in accordance with federal and state law and the school’s security and privacy policy.
• Parent’s Bill of Rights in every contract with vendors who receive PII.
• National Institute for Standards and Technology Cybersecurity Framework (“NIST CSF”) is the standard for data security and privacy.
• July 1, 2020 deadline for all schools to adopt a data security and privacy policy
• Online Privacy Policies. Schools must publish their data security and privacy policies on their websites.
• Schools Must Train Staff. Schools must provide data privacy and security awareness training to officers and employees with access to PII.
• Designate a Data Protection Officer (“DPO”) at each school to be responsible for the compliance program and to otherwise serve as a point of contact for the schools on data security and privacy matters.
• Vendor Notification. Vendors that suffer a breach of PII must notify the affected schools within 7 calendar days
• School Notification. schools must in turn notify within 10 calendar days of receipt of notification of a breach from the vendor & the schools must notify affected individuals without unreasonable delay but in no case later than sixty (60) days of discovery or receipt of breach notification from the vendor.

Jackson Lewis | New York Adopts New Data Security And Privacy Regulations For Schools And Their Vendors

+1 Country Regulatory Actions for Digital Currency

Where: Belgium

What did the Belgian financial institution of Belgium (FSMA) offer when asked to either support a prohibition or establishment of a national digital currency? FSMA recommended a national currency

Currency Market | Belgium establishes a regulatory framework for crypto-currencies

+1 Country CyrptoCurrency

Add Sweden to the list of countries pursuing a national crypto currency.

How will the e-Krona, cyrptocurrency pilot work?

• users will be able to hold e-kronor in a digital wallet
• send or receive payments
• make deposits or withdrawals using their mobile phones
• transactions will also be possible via wearables like smart watches, as well as bank cards

What is the country’s goal? create a longer-lasting electronic payment system that is safe and efficient

When did the country begin work on the e-Krona? 2017

Will Sweden’s national bank work with national banks in other countries? yes, the national banks of Britain, the Eurozone, Japan, and Switzerland

Micky | Sweden pilots central bank digital currency e-krona as cash declines

CryptoPotato | Sweden’s Central Bank To Begin Testing National Cryptocurrency

+1 State Blockchain Legislation

Where: New Jersey

What: A 2891 (2020 | NJ)

What playing field does A2891 want for blockchain?

• licensure requirements for virtual currency businesses
• consumer protections for cryptocurrency
• regulatory authority under the Department of Banking and Insurance 

Supporters of this bill: Blockchain Association of New Jersey

Insider NJ | Lopez Introduces Bill to Create Consumer-Friendly Protections and Regulations in Virtual Currency Industry

Business TREND. Public Private CyberSecurity Center

Who: Mastercard

Where: European Union

What: The European Cyber Resilience Centre

The goal: affiliation between public, private and regulatory sectors to support enterprise resilience

Mastercard’s partners in the public private project:

• national cyber intelligence centers
• industry groups
• law enforcement agencies
• central banks across Europe – ECRB, ECCFI, Europol, FS-ISAC, INTERPOL, NBB and the U.K.’s NCA and NCSC

PYMTNS | Mastercard Introduces European Cybersecurity Center

Right to be Forgotten Act

Where: Iowa

What is the Right to be Forgotten Act? Senate File 2236 (2020 | IA) would allow people to have information removed from “the internet”

What 3 types of information could not be removed from the internet:

• criminal convictions
• litigation relating to a violent crime
• matters of significant public interest

How long would an internet operator have to remove content? 30 days

The Gazette | Bill Could Make Your Cringey High School Posts Disappear

PROCUREMENT. Artificial Intelligence to Review State Regulations

The machines have arrived in OHIO to unleash artificial intelligence (AI) on state regulations.

What’s the Republican goal of AI review of state regulations?

• streamline state regulations
• eliminating redundant permitting requirements

The project names: Common Sense Initiative & InnovateOhio

The leader of the projects: Ohio’s Lt. Governor Husted

The procurement: Up to $1.2 million for a private company to develop the AI tools

The Plain Dealer via Governing | Ohio to Analyze State Regulations with Artificial Intelligence

TX Attorney General Opinion. Cyber Training + Appraisal Boards

The Opinion request: RQ-0332-KP

The requestor: Hill County Attorney

The Question to be answered: Whether the board of directors of appraisal districts are considered “employees” or “elected officials” for purposes of cybersecurity training under Government Code Section 2054.5191(a-1). 

Why is this a question? Appraisal board directors are elected by taxing jurisdictions, technically speaking, but are appointed. Could the legislation have intended to skip over appointees?

Lege TREND. Subpoena Power over ISPs

What: S.3045 – Cybersecurity Vulnerability Identification and Notification Act of 2019 (2020 | 116th Congress)

The goal: compel ISPs to share details of vulnerable entities with the Cybersecurity and Infrastructure Security Agency

The concerns:

• Privacy
• Police powers that could kick in when ISP details are shared

NextGov | CISA Director Makes Case for Subpoena Power over Internet Service Providers

Lege TREND. Voluntary Registry for Private Security Cameras to Aid Law Enforcement

Where: Baltimore County, Md

How will the registry operate? voluntary private security camera registry for property owners with devices pointed toward a public right-of-way

What’s the purpose of the registry? to map private security cameras to give law enforcement prompt access to footage while investigating crimes

What’s the incentive for citizens? the county will waive alarm permitting fees for new alarm system installations

Baltimore Sun | Governing | County Might Use Private Cameras to Improve Public Safety

Local Regulations Respond to 5G

Where: Costa Mesa, CA

What issues did Costa Mesa address in their 5G regulations? potential health risks of 5G technology

How were the city ordinances tweaked?

• Distance requirements for small wireless communication facilities — e.g. small boxes on street poles
  • must be 750 feet from other communication facilities of the same company
  • within 250 feet of other companies boxes
  • even closer in non-residential areas
• Resident Notification. Created an opt-in for residents to receive an email every time a wireless provider applies to install a new small cell box, or any time a provider asks to swap out 4G technology for 5G

Governing | City Council Responds to Community, Adjusts 5G Regulations

Ransomware Hits Campaign Search Engine

What: a broadcast television search engine used by political campaigns to monitor opponents & track ads was hit by ransomware

Data that may have been accessed: Campaign data including email addresses of candidates

What is the campaign concern: campaign data is sold or used for political advantage

CNET | Ransomware hits TV search engine popular among political campaigns

More Legislation to Regulate Internet of Things (IoT)

Where: UK

What regulations are being proposed to regulate IoT? Consultation on regulatory proposals on consumer IoT security

Key regulations:

• Secure Passwords. All IoT device passwords must be unique & not resettable to any universal factory setting
• Public Contact & Internal Investigation. Manufacturers of IoT devices must provide a public point of contact to report a vulnerability that will be acted on in a timely manner
• Security Update Timeline. Manufacturers of IoT devices must explicitly state the minimum length of time for which the device will receive security updates at the point of sale, either in store or online

Fast Mode | UK Gov Announces New IoT Cyber Security Laws for Smart Devices

What Construction Contractors Need to Know about Cyber Insurance

What type of contractors are we talking about? Associated General Contractors of Washington

3 ways cyber insurance coverage helps the construction industry:

• ensure protection for corporate confidential information, such as under a non-disclosure agreement
• 30% of all cyber-related claims are ransomware attacks that can lead to a shutdown of a contractor’s computer network
  • ensure coverage for any data loss
• more often contracts require cyber security protections

Daily Journal of Commerce | Are you insured against cyberattacks? Here’s what contractors need to know

+1 State Registration of Data Brokers

What state is considering registration for data brokers? Washington

The legislation: By a Republican HB 1503 (2020 | WA)

What will this bill do?

• annual registration with the Office of Privacy and Data Protection
• pay a registration fee
• provide information concerning the collection, storing & selling personal information
• require disclosure of opt-out procedures

Washington State Republican House | Rep. Norma Smith introduces package of consumer-focused, online data privacy legislation

Governing | Washington State Legislators Debate over New Privacy Bills

Anatomy of a Bill to Protect Kids Data Privacy

The legislation: HR 5703 (116th Congress)

What would this bill do to protect children?

• ban ads targeted to individual children
• protect children privacy through 18, current laws protect kids to 13
• prohibits companies from requiring a waiver from the law before access to their website or product
• allow kids to opt into tracking and ads
• will impact companies if they SHOULD know that their users are kids

Tampa Bay Times | Governing | When It Comes to Users’ Data Privacy, Don’t Forget the Kids

2019’s Ransomware Average Costs & Numbers

Ransomeware attacks by the numbers:

• up to 25% increase in cyber insurance rates by U.S. insurers
• 6% fewer ransomware incidents in 2019
• average ransom of $41,198 during the 2019 third quarter
•  $98,705.96 in Bitcoin paid by Albany County Airport Authority

Reuters | Insurers look to curb ransomware exposure as U.S. cyber rates rise

$41,198 Numbers in the News | Governing

TRENDING. Crypto Only Casinos. Do your laws & regs address it?

The first crypto only casino popped up in Venezuela.

Where is it located? the Hotel Humboldt in the Ávila National Park

Anything unique about Venezuela? It has a state backed crypto currency, the Petro

Gambling News | Venezuela Will Harbor First Crypto-Only Operating Casino

3 Signs Pointing to Digital Bill of Rights

• National Academy of Public Administration recently identified Ensure Data Security and Individual Privacy as one of its 12 Grand Challenges in Public Administration
• California’s privacy protection legislation is being replicated in other states
• European Union’s General Data Protection Regulation

The Business of Federal Technology FCW | Is it time for a national Digital Bill of Rights?

Business TREND. Linking Your Coffee to the Coffee Bean Farmer with Blockchain.

Who: IBM

How: IBM and Farmer Connect utilized the massive amount of farm and logistics data to link your coffee to a faraway farmer

The app: Thank my farmer

What benefit does this have for the farmer? The app allows the consumer to add extra financial support to the workers growing and picking the beans

Wired | IBM Harnesses Blockchain to Take Apart a Cup of Coffee

Lege TREND. Cybersecurity + Public Education Initiative for Cybersecurity Ready Workforce

Where: North Dakota

How does North Dakota plan on ensuring an educated cyber security workforce? Every student and every school will receive cyber security education

How did it come together? With a partnership called, EduTech, that includes:

• the educational technology arm of the North Dakota Information Technology team
• K-12, higher education
• workforce development
• military
• state government
• industry partners

KFGO | North Dakota’s Cybersecurity Education Initiative

State legislation. Regulating the Sale of Data.

Where? Virginia

What? SB 641 (2020 | VA)

What new regulations are being called for?

• reasonable security measures to protect personal data
• required response to privacy requests
• notification to Virginia residents of data breaches

Husch Blackwell | Analyzing The 2020 Virginia Privacy Act And Sale Of Personal Data Act

Mandating 50 State Cybersecurity Leaders

What? Cybersecurity State Coordinator Act of 2020 by Senators Hassan, Cornyn, Portman, & Peters

Why? States need to be better prepared for ransomware attacks

Who is paying? The feds via  a federally-funded program within  Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency

So are these 50 fed employees? Yes.

What would these federal employees do for each state?

• work with all levels of government to prepare for, prevent, and respond to attacks
• security risk advisor, point-of-contact, and facilitator between federal and non-federal organizations, including state and local governments, schools, and hospitals
• coordinator to raise awareness of the financial, technical, and operational resources non-government entities can receive from the federal government

Decipher | SENATORS PROPOSE CYBERSECURITY COORDINATORS FOR EVERY STATE

Blockchain regulations can also impact these industries:

We all know blockchain & crypto currency are linked, but what else can blockchain do?

• frictionless movement of money, cutting money transfer times
• support billions of transactions at high speed and low cost (like access to a single article behind an annual subscription)

Analytics Magazine | BLOCKCHAIN CAN GROW BEYOND CRYPTOCURRENCY & SOLVE REAL-WORLD PROBLEMS, SAYS RIPPLE MD NAVIN GUPTA

22/01/2020

Value of Health Data Records.

What’s driving up value? Big tech wants to make it easier for you to access your health records

What’s the 2025 estimated value of health care records? $38 billion

What would be the regulatory trend? RECORDS CONSOLIDATION, known often as FHIR and pronounced “fire” — a catchier way of saying Fast Healthcare Interoperability Resources

IS there an existing government project on health care records transferability? Yes, Blue Button,

What companies are involved in Blue button? Microsoft, Google, Amazon, IBM, Oracle and Salesforce

Kaiser Health News | Tech giants like Apple and Google are competing to make it easier for you to get your health records, and it could be a $38 billion market

Local TREND. Initiative to Bring More Women into Tech

Where: Los Angeles County , CA

What: The Women in Tech (WIT) hiring initiative 

Why?

• fix the gender imbalance in tech
• specifically, to mentor and encourage women, 14 – 24, to pursue career paths in government IT work

Does it fit into existing local government initiatives?

Yes,  expands the existing Countywide Youth Bridges Program (CYBP) that “exposes at-risk and disconnected youth to careers within county government through mentorship, workshops and training.”

Government Technology | Hiring Initiative to Try to Rectify Tech’s Gender Imbalance

+1 City Bans Facial Recognition Software

Which city is the latest to ban facial recognition software? Cambridge, MA

Is there parallel state legislation? Yes the Legislature is also considering a ban on facial recognition software

What are the 2 policy issues?

• privacy laws have not caught up with the software
• regulation at the state and federal level of biometric surveillance is nonexistent

Governing | Another One Bites The Dust: Cambridge Bans Facial Recognition

How many states have Chief Data Officers?

28 State have Chief Data Officers, or a similar position

1 state, Alabama, eliminated the Chief Data Officer in 2019

22 states have no Chief Data Officer

The 1st Chief Data Officer was in 2011 when Colorado created the position

New state tech positions on the horizon:  chief analytics officer 

Governing | Chief Data Officers in Place in Over Half of U.S. States

State Bans Facial Recognition Software. Can local governments get a refund?

Where: New York

What local government purchased facial recognition software? Lockport City School District 

What amendment is the local government looking for? Recoupment of costs from the state for pre-purchased facial recognition software

Governing | Trustee Wants School District to Get Refund for Recognition Tech

Lege TREND. Vehicle Tracking Law Enforcement.

Where: Massachusetts 

How was vehicle tracking of law enforcement vehicles enacted? Regulatory Action. The State Department of Public Safety implemented a program to hardwire tracking into vehicles.

What are benefits of tracking law enforcement vehicles?

• Safety. Dispatchers can more readily identify locations to dispatch officers
• Safety of Officers. An officers location can be identified to provide assistance
• Accountability

Governing | State Police Held Accountable with Vehicle Trackers

Internet of Things. Legislative TREND.

California was the first to tackle security standards for internet of things- those connected devices in our lives that collect information about us.

This week, Consumer Reports sent a letter requesting higher data security standards for the internet connected products by:

Abode
ADT / LifeShield
Arlo
August
Blink
Canary
D-Link
Eufy/Anker
Frontpoint
Guardzilla
Honeywell Home
iSmartAlarm
Logitech
Google/Nest
Netvue
Night Owl
Ooma
Remo+
Ring
Samsung SmartThings
Scout
SimpliSafe
TP-Link
Wyze
Zmodo

Consumer Reports | Consumer Reports letter to connected camera manufacturers to call for raising security and privacy standards

5 Disruptive Tech Trends. Bonjour Business Opportunities. Bonjour Regulation.

• Expansion of gig and sharing economies leading to new laws about employees/contractors, fees, taxes, safety
• Plant Based Meat. Tofurky goes mainstream. How do you regulate meat that isn’t meat?
• AI. How many cities and states will ban facial recognition software?
• Tech is Going Political. Tech companies are spending more on representation & are more vocal across the spectrum of issues
• 5G. Requires a lot more towers than 4G. That’s permitting. That’s new regulations. That’s acquiring property.

Medium | Five Disruptive Tech Trends We’re Tracking in 2020

New State Database. New Privacy Issues. New Legislation.

Where: Georgia

What is the new state database? Public Law Enforcement “Use of Force Database” HB 636 (2020 | GA) authored by 6 female legislators

What would Georgia’s HB 636 require?

• require monthly reporting of every use of force against any subject in writing
• require agencies to enter and maintain each use of force incident in a centralized database that is accessible to the public
• required maintenance of a list detailing any and all law enforcement officers who have been disciplined as a result of the use of force

Which law enforcement agencies does it apply to?

• all police departments
• all Sheriff’s Office
• campus law enforcement
• all law enforcement, whether part-time or full-time

Is this new? No, the FBI has a database and the US Attorney’s Office has collected the data for decades

All on Georgia | Bill Would Create Public Law Enforcement ‘Use of Force’ Database

Non-profits & Data Security Rules, Regulations & Laws

How should non-profits handle data?

• Audit current data collection strategies
  • Ask whether they have explicit consent to use certain data points?
  • Determine points of noncompliance and potential remedies
• Third-party testing of security platforms  ensures compliance with GDPR and California standards
• Develop and test internal breach response plans
• Train and Educate staff & volunteers
• Transparency. data collection and processing systems must be fully transparent
• robust security information and event management
  • unify log management
  • detect anomalies
  • threat check assessments
  • backup and recovery systems and next-generation firewalls 

BizTech | What Nonprofits Need to Be Doing to Protect Data Post-GDPR

Talking Points. Model Data Security Legislation for Insurance Companies

Which states have adopted this model data security code?

• Michigan
• Ohio
• Mississippi
• Alabama
• South Carolina
• Delaware
• Connecticut
• New Hampshire

What does the model legislation do?

• applies to insurers and other entities licensed by the department of insurance
• requires the development, implementation and maintenance of an information security program
• requires investigation of any cybersecurity events
• requires notification to the state insurance commissioner of data breaches

The NAIC Insurance Data Security Model Law

Governor Proposes Data Security Rules for Insurance Companies

Where:

Minnesota

Why did the Governor propose 2020 legislation to add data security requirements for insurance companies?

“Minnesota Blue Cross Blue Shield allowed hundreds of thousands of serious cybersecurity vulnerabilities to collect on its computer systems over a period of years.”

What are announced pieces of the legislation?

• adopt national standards for data security at insurance companies
  • will follow Michigan and Ohio’s lead to adopt the model law was drafted in 2017 by the National Association of Insurance Commissioners 
• apply to all insurance companies, not just health care
• state Commerce Department would have investigative & enforcement powers

Star Tribune | New data-privacy law proposed for Minnesota insurers

New Legislative & Regulatory Angle for CryptoCurrency

What’s the new cryptocurrency jargon? managed stablecoins

What’s an example of a managed stablecoins? Facebook’s Libra currency

Is there legislation floating around to look to? Yes, Congresswoman Sylvia Garcia has filed HR 5197 (116th Congress)

Roll Call | Rules, privacy issues loom for fintech industry in 2020

New Legislative & Regulatory Term for Data Security Laws and Rules.

Data Cooperative.

What is a data cooperative? An institution where individuals pool data for safekeeping and for use under certain terms.

Who is bringing this to our attention? MIT Sloan School of Business & ties to a push to permit credit unions to be holders of personal data and use under certain, agreed to, terms

MIT Sloan School | Data Cooperative

Data Security + Right to Repair Automobiles. New Coalition backed by Manufacturers.

Who: Coalition for Safe and Secure Data

Who are the members of Coalition for Safe and Secure Data?

• Alliance of Automobile Manufacturers
• Global Automakers Association
• Computing Technology Industry Association

What concerns are they raising?

• Right to Repair laws, like in Massachusetts
• Exposes vehicle and driver data to security breaches

Collision Week | Vehicle Manufacturer Backed Coalition Raises Data Security Concerns with Massachusetts Right to Repair Proposals

Local TREND. Local Permits for New Tech Testing.

Where: San Francisco

How will San Francisco permit new tech testing:

• The Office of Emerging Technology will issue permits
• Permits will be issued if the Office declares the tech in question a “net public good.”
• It will apply to any testing that occurs above or below city property or on public right-of-ways

What are industry stakeholders saying?

• Vice president of public policy at Postmates, a member of the work group that crafted the legislation, said at a public hearing last month that the days of public-private head-butting are over.
• “This is an era in which government needs to build empathy for technology, and technology companies must build more empathy for government,” he said.

AP | Streets of San Francisco no longer a free-for-all, city reins in tech testing ideas on public

New regulatory forefront for Tech Companies

What is the new regulatory landscape? encryption regulation

How did this start as a topic du jour? US Senators told tech giants, Apple and Google, that they either figure out how to handle court orders for data or lawmakers will do it for them

CNBC | Senators threaten to regulate encryption if tech companies won’t do it themselves

+1 airport bans facial recognition software

Where: Seattle, WA

What entity banned the use of facial recognition software? Port of Seattle Commission

What would be required to lift the ban? When the commission adopts “tangible, enforceable” policies to govern the use of facial recognition software

How does this impact corporate operations of airlines?  Stops Delta from rolling out facial-recognition cameras at its Sea-Tac boarding gates

Does it stop federal agency use of facial recognition software? No,  Custom and Border Protection can install facial-recognition cameras at a new facility to process arriving international travelers

Seattle Times | Seattle Airport Wrestles with Government over Facial Recognition

+1 Governor Executive Order Cybersecurity Committee

Who: Arkansas Governor Asa Hutchinson

What: Creates the Computer Science and Cybersecurity Task Force

Who will serve on the Task Force?

• state agency executives
• researchers from state research institutes
• private vendors
• businesses

What are the goals of the Task Force?

• Careers. examine industry pathways into IT and cybersecurity
• Education. post-secondary alignment strategies and goals, data science and cybersecurity in curricula, and work-based learning opportunities for students

Office of the Governor of Arkansas | EO 19-17

Government Technology | Arkansas Hopes Cybersecurity Task Force Increases Awareness

Top 5 Cities for Tech Jobs 2019

Who compiled this list? Computing Technology Industry Association

What’s the Top 15?

• Austin, Texas
• Raleigh, North Carolina
• San Jose, California
• Seattle
• San Francisco
• Charlotte
• Dallas
• Atlanta
• Denver
• Huntsville, Alabama
• Washington, D.C.
• Columbus, Ohio
• Durham-Chapel Hill
• Boulder, Colorado
• Boston

What metrics were considered?

• cost of living
• number of open IT positions
• projected job growth in 1 year
• projected growth in 5 years

THE HERALD-SUN | Raleigh Stays in Second Place in the U.S. for Tech Jobs

4 Points. Banks + Data Security Legislation.

• National data privacy standard similar to those that currently face financial institutions
• Strong Data Protection and Breach Notice
• Robust Enforcement including retaining administrative enforcement from financial institution regulators
• Preempt state privacy and data security laws

American Bankers Association | U.S. Senate Commerce, Science, and Transportation Committee

State Attorney General Tracks Data Breaches. The numbers:

Where: Washington state

What data breaches are reportable to the Washington Attorney General? Data breaches that impact 500+ Washingtonians

What do the 2019 numbers about data breaches in Washington state show?

• 20% increase in data breaches
• 390,000 impacted
• 2x as many small to mid-size breaches

Washington State Attorney General | AG REPORT SHOWS DATA BREACHES INCREASED IN 2019

Legal TREND. Independent Data Auditors for Businesses.

What? The class action against Facebook

What would independent auditors for Facebook do?

• conduct simulated hacking attacks
• run automated security monitoring
• review the company’s security protocols

Courthouse News Service | Hacking Victims Seek Independent Audits of Facebook Data Security

TREND. Allowing Banks to Sell and Hold Crypto Currency.

Where: Germany

What: Permit German banks to serve as custodians for crypto currency & keep crypto currency for a fee

Idaho Reporter | New law allows German banks to sell and store crypto currency

New Regulatory Frontier. States Selling Resident Data.

Where: California

What data is being sold? California Department of Motor Vehicles sells drivers’ personal information

How much is the California DMV selling for? $50 million/year

Who is buying the data?

• data brokers like LexisNexis
• consumer credit reporting agency like Experian
• private investigators

Are states stopping the practice? Yes, New Jersey is no longer selling data to buyer’s who abuse the data

Vice | DMVs Are Selling Your Data to Private Investigators

Vice | The California DMV Is Making $50M a Year Selling Drivers’ Personal Information

Lege TREND. New way to bring broadband to rural areas

Where: New Hampshire

The legislation: would authorize the multi-town district option that would work with private companies

How did this idea start? SB 103 (2019 | NH)

Is this the first state to take this approach? No, Vermont has a similar system that created the East Central Vermont Telecommunications District and it partnered with ValleyNet to bring fiber service

Governing | New Hampshire Bill Will Allow Multi-Town Broadband System

Lege TREND. 1st came divestment. Next came Prohibiting Certain Countries from Storing Data

What countries could be barred legislatively as places US data can be stored? China

What legislation: Missouri Senator Hawley’s National Security & Personal Data Protection Act of 2019

Engadget | Senate bill would block US companies from storing data in China

Lege TREND. How States are Legislating IoT (all those connected devices in the internet of things)

How many internet of things devices are predicted in the world by 2023? 43 billion

What states are leading the path? California and Oregon

What other states are considering it? Illinois, Kentucky, Massachusetts, Maryland, New York, Rhode Island, Vermont & Virginia

What do state regulations look like?

• require manufacturers to incorporate mandatory minimum security features
• Provide leeway for effective date so that manufacturers can comply
• California and Oregon laws will become effective Jan. 1, 2020

What standards do state regulations apply for security features?

• Is the security feature appropriate to the nature and function of the device?
• Is the security feature appropriate to the information it collects, contains, or transmits?
• Is the security feature designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification or disclosure?

Are there exceptions or limitations to the laws applications? Yes.

• Oregon only applies to devices “used primarily for personal, family, or household purposes.”
• California applies to devices and devices that connect to devices via bluetooth

Government Technology | Contributor: Akin Gump Strauss Hauer & Feld LLP | State Lawmakers Go After IoT Security Risks 

Campaign TREND. Encrypted Communication Apps.

Who is helping facilitate encrypted campaign communications? The nonprofit group Defending Digital Campaigns

What problem does the non-profit want to solve? That nation states wanting to compromise campaigns hold the power as campaigns are often on shoe string budgets

What other data security elements are recommended for campaigns?

• email security
• cybersecurity training
• cyber protection for phones, tablets and laptops

Washington Post | The Cybersecurity 202: Political campaigns are flocking to encrypted messaging apps. But they’re not a panacea