Is The Government Protecting Your Private Information?

 
FREE EXCERPT

We were not affected by the recent ransomware attack that disabled computers worldwide, including in multiple public hospitals in the UK. At least not yet. For those who have never had the pleasure or who otherwise do not follow cybersecurity news closely, "ransomware" refers to an attack on a computer system that encrypts the user's data—making it unavailable—and then informing the user where it can send payment in exchange for the encryption key. It's diabolical, and it preys upon users who have an immediate and urgent need for their data—such as healthcare providers in the process of providing life-saving and life-improving care. The topic is of particular interest to us because healthcare data presents the classic data security conundrum: Access to healthcare information improves patient care, yet the private nature of health information mandates tight control to prevent unauthorized access.

So it got us to thinking, what about the government? What are federal agencies doing to protect the enormous volumes of private information that they hold? Regulators such as FDA, the FTC, and the Department of Homeland Security have stridently and justifiably insisted that our clients have policies in place regarding the protection of private information. We would expect no less. But is what's good for the goose also good for the gander?

It just so happens that President Trump signed an executive order last week calling for federal agencies to get their cybersecurity houses in order. In its Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, the administration set forth three cybersecurity priorities: (1) Cybersecurity of Federal Networks, (2) Cybersecurity of Critical Infrastructure, and (3) "Cybersecurity for the Nation." We put the last one in quotes because it is so broad that it could mean anything. You can link to the executive order here. You can also take a look at what our colleagues at Reed Smith's Technology Law Dispatch have to say about the executive order here.

The executive order directs federal agencies to take stock of their systems and prepare reports to be submitted ultimately to the Assistant to the President for Homeland Security and Counterterrorism, a position that has existed in some form since about a month after the attacks of September 11, 2001. Lots of reports. By our count, the executive order calls for more a dozen categories of reports prepared by federal...

To continue reading

REQUEST YOUR TRIAL