International Data Protection Day, which falls annually on January 28, is “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust”. We would like to take this opportunity to share a number of data protection resources developed by our global Data Protection, Privacy and Security team to assist …
It’s summer, and life’s a breach. A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. So put down the beach reading, for some breach reading. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. That makes sense, because the surface attack …
In the last two weeks the Chinese authorities have been busy providing much-anticipated guidance on the practical steps organisations must take to comply with the new data protection, cybersecurity and technology regulations. In short, the key developments are: Practical implementation guidance under PRC Cybersecurity Law Draft Guidelines on Multi Level Protection Scheme (MLPS) for information …
CHINA: Data and cyber – New guidelines you need to know Read More »
The French national digital security agency (ANSSI) has recently published a “data security kit” on the occasion of the entry into application of the EU General Data Protection Regulation (GDPR) on last May 25. Security of the personal data, to preserve their integrity and confidentiality, is one of the main data protection principles set out …
FRANCE: New “data security kit” published by the ANSSI Read More »
Written by Michelle Anderson and Samantha Glazer In a June 21, 2017 blog post, the FTC announced updates to its Six-Step Compliance Plan for Your Business under the Children’s Online Privacy Protection Act (COPPA). The revisions make clear that the FTC considers new business models (e.g., voice-activated devices) and products (e.g., connected toys) to be covered under COPPA. …
FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business Read More »
The PRC Cybersecurity Law is three weeks old, and non-compliant international businesses are already facing severe consequences. Since 1 June, twenty-two people engaged by a global technology giant have been arrested, and sixty online entertainment news sites have been shut down. The law continues to evolve. The latest guidance provides practical answers to previous areas …
Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only holdouts: South Dakota and …
New Mexico becomes 48th state to enact a data breach law, plus US state-level updates Read More »
Written by Michelle Anderson The Department of Commerce International Trade Administration and Swiss Federal Council announced on January 11, 2017, the creation of a Swiss-US Privacy Shield framework that will “apply the same conditions as the European Union” under the EU-US Privacy Shield framework. This is welcome news for companies that transfer personal data from both the EU and Switzerland …
Blog post: swiss-us privacy shield adopted, aligns with eu-us privacy shield Read More »
Written by James Duchesne The President’s Commission on Enhancing National Cybersecurity (the “Commission”) recently issued a thoughtful report on improving the United States’ cybersecurity posture. (The full report can be read here.) The majority of the Commission’s recommendations would require action by the Trump Administration but may nonetheless prove influential. The Commission was charged under President …
After a third deliberation, the Chinese government passed the new PRC Cybersecurity Law on 7 November 2016. The new law will come into force on 1 June 2017 and has significant implications for the data privacy and cybersecurity practices of both Chinese companies and international organisations doing business in China. The new PRC Cybersecurity Law …
Written by Jim Halpert and Michael Schearer The New York State Department of Financial Services (NYDFS) has set forth a proposed cybersecurity regulation for financial service companies. Announced this week by New York Governor Andrew M. Cuomo, the proposed rule seeks to protect both consumer data and financial systems from terrorist organizations and other criminal …
Background On 17 June 2016 the House of Commons Select Committee for Culture, Media and Sport (“The Committee”) published its report on the inquiry into the current state of cyber security and protection of personal data. The inquiry was triggered by a cyber attack which compromised the data of TalkTalk customers, on 21 October, …
UK: GOVERNMENT REPORT RECOMMENDS STRONGER POWERS FOR THE ICO Read More »
Written by Anne Kierig An amendment to Nebraska’s data breach notification law, signed by the Governor earlier this month and effective July 20, 2016, makes key changes to the state’s notification regime. First, the law expands the definition of “personal information” to include “a user name or email address, in combination with a password or …
While many are not yet aware of the full breadth of the cybercrime phenomenon (cybercrime globally generates more revenues and is more profitable than drug trafficking!), there is a general consensus about the fact that certain breaches cannot be avoided. With a proliferation of connected devices operated remotely and a more pervasive use of data, …
Written by Tara McGraw Swaminatha and Christopher Scott Companies around the world are seeing the resurgence of an old scam: wire transfer phishing attacks that trick employees into wiring money from company bank accounts to criminals’ bank accounts. Over the past several months, many companies have lost millions of dollars to such relatively simple attacks. …
Wire transfer phishing − an old scam returns: simple steps to protect your organization Read More »
The cyber-attack suffered by Hacking Team revealed unexpected vulnerabilities of systems with considerable consequences for businesses whose cyber risk strategy shall be reassessed. The press extensively covered during the last days the case concerning the cyber attack suffered by the Hacking Team, a government-sponsored provider of device monitoring solutions. Following the attack, over 1 million emails …
Hacking Team case – is your cyber risk strategy enough? Read More »
Written by Scott Thiel On 1 July, 2015, the Standing Committee of the National People’s Congress, China’s top legislature, approved the new National Security Law of the People’s Republic of China (中华人民共和国国家安全法, the “New Law”) which became effective on the same day. This New Law is very high-level in its nature covering a wide range …
Written by Tara Swaminatha and Sydney White, et al. The new sanctions in President Barack Obama’s Executive Order 13694 of April 1, 2015, “Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities,” target individuals and organizations overseas who engage in cyberattacks or commercial espionage outside the US that are likely to result in a …
New US sanctions program to combat cybercrimes – 3 action steps for tech companies Read More »
Written by Sydney White President Obama made a series of announcements on cybersecurity, data security, and privacy that will be incorporated into his State of the Union address tonight. In conjunction with the announcements, the White House released legislative proposals on cybersecurity information sharing and data breach notification. http://www.whitehouse.gov/omb/legislative_letters On cybersecurity information sharing, the proposal authorizes …
President Obama Unveils Plans About Cybersecurity Read More »
Written by Giangiacomo Olivi As we discussed in our previous posts, there are a number of positive trends that make the Internet of Things a long lasting evolution. Hardware is improving, there is an increasing understanding from the industry of the benefits that can be drawn from harmonization and interoperability, customers ever more expect to …
GLOBAL – Internet of Things – Top ten data protection concerns Read More »
