< Back to Previous Page
Related Practices

E-Commerce Law Week, Issue 598

March 6, 2010

As the Days Grow Longer, So Do the Sunsets...

…of the USA PATRIOT Act.  President Obama has signed into law H.R. 3961, a bill  that extends for another year two key (and controversial) sections of the USA PATRIOT Act -- the "roving wiretap" provision and the so-called "library" provision -- and one section of the Intelligence Reform and Terrorism Prevention Act of 2004 (the "lone wolf" provision").  All three had been due to "sunset" on February 28.  The bill was passed after Senate Democrats, lacking a sixty-vote supermajority, backed down from adding new privacy protections.   As a result of the extension, the three provisions will remain in force until February 28, 2011. 

DoD Proposes Data Security and Reporting Requirements for Contractors

The U.S. Department of Defense has issued an Advance Notice of Proposed Rulemaking seeking comments on proposed changes to the Defense Federal Acquisition Regulation Supplement (DFARS) that would impose data security requirements on defense contractors who handle unclassified DoD information.  The changes would also require contractors to notify DoD in the event of "cyber intrusion events."  A public meeting on the proposal will be held April 22, and written comments are due by May 3.  If adopted, this rule would continue the trend of the federal government's reliance on sector-by-sector data security and breach notification requirements to make up for the lack of more comprehensive data security regulation.  Moreover, the DoD security requirements could influence the ongoing development of a standard of "reasonable" or "adequate" security that may be applied to all companies through civil suits and regulatory enforcement actions.

HHS Publishes List of Entities Reporting Health Information Breaches

The Department of Health and Human Services has published on its website a list of the breaches of unsecured health information affecting 500 or more individuals that have been reported since the Health Information Technology for Economic and Clinical Health (HITECH) Act took effect in September 2009.  The Federal Trade Commission previously issued its own final rule regarding breaches of unsecured health information by entities not subject to the Health Insurance Portability and Accountability Act.  Breaches affecting more than 500 individuals also must be reported to the FTC, which will maintain a publicly available database of all reported breaches in order to "provide businesses with information about potential sources of data breaches," keep the public informed, and aid policymakers in developing data breach regulations.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.

CONTACT US | PRIVACY | TERMS OF USE | © 2010 STEPTOE & JOHNSON LLP, ALL RIGHTS RESERVED | ATTORNEY ADVERTISING | SITE BY FIRMSEEK
Beijing | Brussels | Century City | Chicago | London | Los Angeles | New York | Phoenix | Washington