Copy of Media Library (59)

Concerns and Recommendations Regarding NCDPI’s Updated Data Confidentiality and Security Agreement

by Policy

Software & Information Industry Association (SIIA) expresses appreciation for the efforts of the North Carolina Department of Public Instruction (NCDPI) in safeguarding student data. However, SIIA raises several concerns regarding the recently updated “Data Confidentiality and Security Agreement for Online Service Providers and Public School Units.” The concerns include:

    1. The time-consuming requirement for advanced approval by public school units (PSUs) for subcontractor use and data sharing, suggesting an alternative of obligating subcontractors to follow privacy and security requirements.
    2. The definition of shared data extending beyond legal frameworks, recommending alignment with state and federal laws.
    3. Operational difficulties in meeting the 24-hour breach disclosure timeframe, proposing an extension to at least 72 hours after breach confirmation.
    4. Lack of a nondisclosure agreement between NCDPI and vendors, suggesting an inherent and written duty of confidentiality when confidential information is requested.
    5. Inconsistency between NCDPI’s statement on no changes to the Agreement and the Authorization to Operate Letter allowing PSU’s acceptance of vendor modifications, recommending more flexibility.
    6. Inadequate time for vendor compliance with third-party assessment standards, proposing a more lenient timeframe aligned with state education funding deadlines.
    7. Impracticality of third-party penetration tests, suggesting the use of non-confidential reports from recognized cybersecurity frameworks.
    8. Contradiction with NC’s student data privacy statute regarding ownership of de-identified, aggregated data and metadata, recommending compliance with applicable state law.
    9. Lack of clarity in the timeline for data destruction post-subscription termination, suggesting adherence to the vendor’s data retention policy or customer request.

The letter concludes with additional questions related to approved third-party assessments, protections under the Public Records Act, a grayed-out section in the “Process Overview Flow Chart,” and the adequacy of an ISO 27001 certificate for NCDPI’s requirements.

Full Letter Here
Copy of Media Library (55)

NIST Virtual Listening Session: Paul Lekas Advocates U.S. Leadership in Critical and Emerging Technology Standards

by Policy
Paul Lekas, Senior Vice President of Global Public Policy & Government Affairs at the Software & Information Industry Association (SIIA), addressed the NIST Virtual Listening Session on the U.S. Government National Standards Strategy for Critical and Emerging Technology on December 19, 2023. He endorsed NIST’s call for increased U.S. participation in Critical and Emerging Technology (CET) standards. He stressed the role of standards in economic growth and democratic values. Lekas proposed federal grants for SMEs, emphasizing their vital contributions to CET standards. Underlining the importance of balancing innovation and standards, he suggested measures to enhance private sector engagement, including advisory committees and regular meetings. Lekas urged sustained U.S. commitment to global leadership in CET standards.
Full Testimony
Copy of Media Library (54)

Joint Trade Associations’ Urgent Call for U.S. Action Against Canada’s Digital Services Tax

by Policy
A coalition of trade associations expresses strong support for prompt and decisive U.S. action in response to Canada’s plans to implement a three percent digital services tax (DST), departing from international consensus. The letter urges the U.S. Trade Representative (USTR) to initiate a Section 301 investigation under the Trade Act of 1974 upon the passage of Canada’s DST legislation. The letter outlines concerns about the discriminatory nature of the tax, its retroactive application, and potential conflicts with trade commitments. Emphasis is placed on the urgency of U.S. action to prevent undermining progress in the OECD/G20 Inclusive Framework and the need for a consensus-based multilateral solution. The letter rejects any compromise involving a delay in DST collection and calls for a strong U.S. response, including a Section 301 investigation, to address the perceived unreasonable and discriminatory impact of Canada’s DST.
Full Letter Here
Copy of Media Library (53)

Urgent Concerns Regarding EU Designation of U.S. Companies as “Gatekeepers”

by Policy
The open letter to President Biden raises serious concerns about the European Union’s designation of five U.S. companies as “gatekeepers” under the Digital Markets Act (DMA). The letter emphasizes potential threats to American competitiveness, security interests, and the estimated $97 billion cost to U.S. businesses. Criticizing the EU’s disproportionate targeting of American companies, the letter calls for fair treatment, an investigation into potential damages, and commitments from European leaders to cease discriminatory measures. Despite commendation for diplomatic efforts, the letter expresses disappointment in the perceived lack of a strong coordinated U.S. government response. The signatories stand ready to collaborate with the Biden administration to address these pressing concerns.
Full Letter Here
Copy of Media Library (52)

Insights from Bloomberg and Morten Skroejer on Proposed Regulatory Changes and Antitrust Legislation

by Policy

Proposed changes at the U.S. Federal Trade Commission and the Department of Justice to the rules and guidelines applicable to mergers and acquisitions may have a significant impact, making filing and completing M&A more difficult, burdensome, and time-consuming. Bloomberg Intelligence litigation analyst Jennifer Rie is Joined by Morten Skroejer, Senior Director for Technology Competition Policy at the Software & Information Industry Association, to discuss the issue. They also examined potential legislation in New York that would bring big changes to its antitrust laws.

Full Podcast Here