Cybersecurity

France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB!

Authors: Denise Lebeau-Marianna, Divya Shanmugathas and Lucie Dubecq-Princeteau On 15 March 2023, the French Supervisory Authority (the “CNIL”) unveiled in a post its four key priorities regarding its upcoming investigations for 2023 targeting specific sectors (I), to which it added another topic related to DPO in line with the coordinated enforcement framework of the European …

France: the CNIL has released its annual dawn raid Program for 2023: four national priorities and one priority coming from the EDPB! Read More »

Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

Author: Sarah Birkett Cyber Security Strategy discussion paper launched This week saw the launch of a discussion paper for the Australian Government’s 2023-2030 Australian Cyber Security Strategy. The discussion paper refers to the lofty aim of making Australia the most cyber secure nation by 2030. The discussion paper, which acknowledges that the Australian Government was …

Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more Read More »

Australia takes steps towards the mandatory reporting of ransomware payments

Author: Sarah Birkett A private member’s bill has been introduced in Australia that would require the mandatory reporting of ransomware payments by applicable Australian entities. The Ransomware Payments Bill would require any business or Commonwealth Government entity which makes a ransomware payment to notify the Australian Cyber Security Centre (ACSC) with details of: the identity …

Australia takes steps towards the mandatory reporting of ransomware payments Read More »

EU: Second wave of noyb complaints targets cookie banners

Authors: Heidi Waem and Simon Verschaeve Recently, the European Center for Digital Rights (better known as noyb), founded by privacy activist Max Schrems, announced a new initiative that focuses on compliance of cookie banners in Europe. Alongside the launch of the campaign, noyb reported that it issued more than 500 draft complaints to the owners …

EU: Second wave of noyb complaints targets cookie banners Read More »

The CNIL’s key priorities for upcoming dawn-raids in 2021

Every year, the French supervisory authority (the “CNIL”) publishes its key priorities for upcoming dawn-raids. In 2021, more than 50% of the CNIL’s dawn-raids will focus on: (i) websites cybersecurity, (ii) health data protection and (ii) cookies. 1. Websites cybersecurity Website security incidents are among the most common non-compliances identified by the CNIL during its …

The CNIL’s key priorities for upcoming dawn-raids in 2021 Read More »

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

Authors: Carolyn Bigg, Venus Cheung Operators of e-commerce platforms, websites and apps in China, and those using third party e-commerce, social media or livestreaming platforms to sell their products and services in China, must update their operations, services and systems in advance of wide-ranging new rules. The Measures for the Supervision and Administration of Online …

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced Read More »

Global: International Data Protection Day!

International Data Protection Day, which falls annually on January 28, is “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust”. We would like to take this opportunity to share a number of data protection resources developed by our global Data Protection, Privacy and Security team to assist …

Global: International Data Protection Day! Read More »

US: Surviving the service provider data breach

It’s summer, and life’s a breach. A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. So put down the beach reading, for some breach reading. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. That makes sense, because the surface attack …

US: Surviving the service provider data breach Read More »

CHINA: Data and cyber – New guidelines you need to know

In the last two weeks the Chinese authorities have been busy providing much-anticipated guidance on the practical steps organisations must take to comply with the new data protection, cybersecurity and technology regulations. In short, the key developments are: Practical implementation guidance under PRC Cybersecurity Law Draft Guidelines on Multi Level Protection Scheme (MLPS) for information …

CHINA: Data and cyber – New guidelines you need to know Read More »

FRANCE: New “data security kit” published by the ANSSI

The French national digital security agency (ANSSI) has recently published a “data security kit” on the occasion of the entry into application of the EU General Data Protection Regulation (GDPR) on last May 25. Security of the personal data, to preserve their integrity and confidentiality, is one of the main data protection principles set out …

FRANCE: New “data security kit” published by the ANSSI Read More »

FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business

Written by Michelle Anderson and Samantha Glazer In a June 21, 2017 blog post, the FTC announced updates to its Six-Step Compliance Plan for Your Business under the Children’s Online Privacy Protection Act (COPPA). The revisions make clear that the FTC considers new business models (e.g., voice-activated devices) and products (e.g., connected toys) to be covered under COPPA. …

FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business Read More »

CHINA: PRC Cybersecurity Law – take action and monitor developments to avoid losing your China business

The PRC Cybersecurity Law is three weeks old, and non-compliant international businesses are already facing severe consequences. Since 1 June, twenty-two people engaged by a global technology giant have been arrested, and sixty online entertainment news sites have been shut down. The law continues to evolve. The latest guidance provides practical answers to previous areas …

CHINA: PRC Cybersecurity Law – take action and monitor developments to avoid losing your China business Read More »

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates

Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only holdouts: South Dakota and …

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates Read More »

Blog post: swiss-us privacy shield adopted, aligns with eu-us privacy shield

Written by Michelle Anderson The Department of Commerce International Trade Administration and Swiss Federal Council announced on January 11, 2017, the creation of a Swiss-US Privacy Shield framework that will “apply the same conditions as the European Union” under the EU-US Privacy Shield framework. This is welcome news for companies that transfer personal data from both the EU and Switzerland …

Blog post: swiss-us privacy shield adopted, aligns with eu-us privacy shield Read More »

Presidential Commission Issues Recommendations for Improving Public and Private Sector Cybersecurity

Written by James Duchesne The President’s Commission on Enhancing National Cybersecurity (the “Commission”) recently issued a thoughtful report on improving the United States’ cybersecurity posture.  (The full report can be read here.)  The majority of the Commission’s recommendations would require action by the Trump Administration but may nonetheless prove influential.   The Commission was charged under President …

Presidential Commission Issues Recommendations for Improving Public and Private Sector Cybersecurity Read More »

CHINA: significant changes to data and cybersecurity practices under PRC Cybersecurity Law

After a third deliberation, the Chinese government passed the new PRC Cybersecurity Law on 7 November 2016. The new law will come into force on 1 June 2017 and has significant implications for the data privacy and cybersecurity practices of both Chinese companies and international organisations doing business in China. The new PRC Cybersecurity Law …

CHINA: significant changes to data and cybersecurity practices under PRC Cybersecurity Law Read More »

New York proposes cybersecurity regulation aiming to protect financial services companies from criminal enterprises

Written by Jim Halpert and Michael Schearer The New York State Department of Financial Services (NYDFS) has set forth a proposed cybersecurity regulation for financial service companies. Announced this week by New York  Governor Andrew M. Cuomo, the proposed rule seeks to protect both consumer data and financial systems from terrorist organizations and other criminal …

New York proposes cybersecurity regulation aiming to protect financial services companies from criminal enterprises Read More »

UK: GOVERNMENT REPORT RECOMMENDS STRONGER POWERS FOR THE ICO

Background   On 17 June 2016 the House of Commons Select Committee for Culture, Media and Sport (“The Committee”) published its report on the inquiry into the current state of cyber security and protection of personal data. The inquiry was triggered by a cyber attack which compromised the data of TalkTalk customers, on 21 October, …

UK: GOVERNMENT REPORT RECOMMENDS STRONGER POWERS FOR THE ICO Read More »

New Data Breach Notification Law in Nebraska

Written by Anne Kierig An amendment to Nebraska’s data breach notification law, signed by the Governor earlier this month and effective July 20, 2016, makes key changes to the state’s notification regime.  First, the law expands the definition of “personal information” to include “a user name or email address, in combination with a password or …

New Data Breach Notification Law in Nebraska Read More »

2016 – Main trends on Cybersecurity

While many are not yet aware of the full breadth of the cybercrime phenomenon (cybercrime globally generates more revenues and is more profitable than drug trafficking!), there is a general consensus about the fact that certain breaches cannot be avoided. With a proliferation of connected devices operated remotely and a more pervasive use of data, …

2016 – Main trends on Cybersecurity Read More »