At a glance.
- NARA updates record retention rules.
- US House selects new chair for Homeland Security Committee.
- Where does each US state stand on internet privacy?
NARA updates record retention rules.
The US National Archives and Records Administration (NARA) has released an update to the Federal government’s records retention rules, Nextgov reports. The update establishes new requirements regarding how long Federal agencies must retain cybersecurity logs and other network data. Published today on NARA’s website and in the Federal Register, the new disposition includes instructions for two types of cybersecurity logging records: full packet capture data, which must be retained for at least seventy-two hours, and cybersecurity event logs, which must be kept for up to thirty months. The disposition notes that both types of records can be stored longer, as “authorized for business use.” The regulation of the retention of logging records was mentioned in President Joe Biden’s May 2021 historic executive order on cybersecurity. NARA’s update states, “This schedule covers records created and maintained by Federal agencies related to protecting the security of information technology systems and data, and responding to computer security incidents. This schedule does not apply to system data or content.”
US House selects new chair for Homeland Security Committee.
Yesterday Representative Mark Green of Tennessee was named as chair of the US House Homeland Security Committee, MeriTalk reports. During a hearing earlier this week, Green declared the security of the country’s “cyber border” will be one of the committee’s top priorities. Citing the high price tag of recent Federal cyberattacks, as well as China’s involvement in cyber espionage against the US, Green stated, “No community in America will be spared if we cannot secure this fourth, deeply vulnerable, border.” Green previously served on the Homeland Security Committee’s cybersecurity subcommittee and introduced a bill focused on strengthening the Cybersecurity and Infrastructure Security Agency’s ability to address cyber threats on Federal systems.
Where does each US state stand on internet privacy?
Using twenty-five criteria including everything from the state’s laws on the internet of things (IoT) to protections for minors on the web to the security of genetic data, Comparitech has released their rankings of the US states’ internet privacy laws. For the fourth time in a row, California received the highest score (80%), largely due to the comprehensive California Consumer Privacy Act and the state’s Electronic Communications Privacy Act, as well as its protections for employee data and IoT devices. Utah’s new Consumer Privacy Act and Virginia’s Consumer Data Protection Act saw them tied for second place, each with a score of 52%. Mississippi, Pennsylvania, and Idaho were the states ranked lowest on the scale. Key findings include that only twenty-three states offer specific safeguards for genetic data, just five states have laws to protect the collection and sale of geolocation data by organizations, and only four states have given customers the right to ask companies to correct inaccurate personal data.