When the Nevada Revised Statutes Chapter 603A (Nevada Privacy Law) was first proposed, it only required businesses to notify consumers in the event of a data breach. Since then, the law has been expanded and amended on several occasions. Today, the law grants resident consumers various privacy rights and requires operators and data brokers to adhere to strict data protection regulations.

In a significant stride towards strengthening cybersecurity practices and protecting the nation’s digital future, the White House has issued a formal National Cybersecurity Implementation Plan, and named the 5 pillars that it believes are critical to successfully implementing its cybersecurity strategy.

New York State’s Department of Financial Services (DFS) recently published a proposed amendment to its cybersecurity regulation affecting New York financial institutions. Part 500 of Title 23 of the New York Codes, Rules and Regulations (23 NYCRR 500) governs cybersecurity requirements for financial services companies. When first adopted in 2017, it was the first comprehensive cybersecurity regulation from a state government to govern the financial services sector.

On May 11, 2017, President Trump signed Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The intention was to reduce cybersecurity risks to national security by improving federal agencies’ cybersecurity and information technology (IT) systems. The executive order holds the heads of federal agencies accountable for their agencies’ risk management practices.

On July 7, 2021, Colorado became the third U.S. state to establish regional data privacy legislation. Colorado included the legislation in Senate Bill 21-190, which was signed into action by Governor Polis. The Colorado Privacy Act (CPA), also called the Colorado Privacy Law, became effective on July 1, 2023.

On July 10th, the EU Commission adopted an adequacy decision for the proposed EU-U.S. Data Privacy Framework. This is exciting news for organizations, as many have been stuck in privacy "limbo" since the annulment of the previous EU-U.S. Data transfer mechanism, Privacy Shield, which was annulled due to challenges in court by privacy activist Max Schrems.

Have you heard of the NIS Directive? The full name is quite a mouthful, "DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union". The informal name has been shortened to the Network and Information Security (NIS) Directive. The aim of the directive was to develop a common level of cybersecurity across the Member States that could be applied to entities of critical national importance.

Australia officially launched their National Anti-Scam Centre this week. With more than AUD $3.1 billion lost each year, Australians need support. With representatives from the banks, telecommunications industries and digital platforms, the intent of the center is to identify methods to disrupt all kinds of scams and reduce scam losses. While I completely support this initiative, it would be remiss of me not to highlight that the prevention of scams is perhaps as important as the cure.

In 2019, the UK Government (NSCS) conducted The UK Telecoms Supply Chain Review, to assess and address potential risks associated with the supply chain of telecommunications infrastructure in the country. The review highlighted the risks associated with reliance on certain vendors, particularly those with high-risk profiles. It also recommended increased oversight and regulation to mitigate security risks and protect critical national infrastructure.

The Cyber Intelligence Sharing and Protection Act (CISPA) was first introduced in 2011 by Representative Mike Rogers, the chairman of the House Select Committee on Intelligence Committee), and 111 co-sponsors. Although the House of Representatives originally passed the bill on April 25, 2012, it was later rejected by the US Senate. Since then, it has been reintroduced several times, but Congress has not passed the bill despite amendments made in good faith following criticism of some propositions.