Privacy Matters

DLA Piper's Global Privacy and Data Protection Resource

Cybersecurity

Australia takes steps towards the mandatory reporting of ransomware payments

29 June 2021 / , ,

Author: Sarah Birkett A private member’s bill has been introduced in Australia that would require the mandatory reporting of ransomware payments by applicable Australian entities. The Ransomware Payments Bill would require any business or Commonwealth Government entity which makes a ransomware payment to notify the Australian Cyber Security Centre (ACSC) with details of: the identity …

Australia takes steps towards the mandatory reporting of ransomware payments Read More »

EU: Second wave of noyb complaints targets cookie banners

17 June 2021 / , , ,

Authors: Heidi Waem and Simon Verschaeve Recently, the European Center for Digital Rights (better known as noyb), founded by privacy activist Max Schrems, announced a new initiative that focuses on compliance of cookie banners in Europe. Alongside the launch of the campaign, noyb reported that it issued more than 500 draft complaints to the owners …

EU: Second wave of noyb complaints targets cookie banners Read More »

The CNIL’s key priorities for upcoming dawn-raids in 2021

2 April 2021 / , , , , , ,

Every year, the French supervisory authority (the “CNIL”) publishes its key priorities for upcoming dawn-raids. In 2021, more than 50% of the CNIL’s dawn-raids will focus on: (i) websites cybersecurity, (ii) health data protection and (ii) cookies. 1. Websites cybersecurity Website security incidents are among the most common non-compliances identified by the CNIL during its …

The CNIL’s key priorities for upcoming dawn-raids in 2021 Read More »

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced

25 March 2021 / , , ,

Authors: Carolyn Bigg, Venus Cheung Operators of e-commerce platforms, websites and apps in China, and those using third party e-commerce, social media or livestreaming platforms to sell their products and services in China, must update their operations, services and systems in advance of wide-ranging new rules. The Measures for the Supervision and Administration of Online …

CHINA: Navigating China Episode 15: Comprehensive New E-Commerce Rules Introduced Read More »

Global: International Data Protection Day!

12 October 2020 / , , ,

International Data Protection Day, which falls annually on January 28, is “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust”. We would like to take this opportunity to share a number of data protection resources developed by our global Data Protection, Privacy and Security team to assist …

Global: International Data Protection Day! Read More »

US: Surviving the service provider data breach

30 July 2019 / ,

It’s summer, and life’s a breach. A data breach, that is. It’s your service provider’s breach, but it involves your (more likely, your customer’s) data. So put down the beach reading, for some breach reading. Service provider cyber incidents have exploded in volume, type, frequency, response time and cost. That makes sense, because the surface attack …

US: Surviving the service provider data breach Read More »

CHINA: Data and cyber – New guidelines you need to know

29 June 2018 / , ,

In the last two weeks the Chinese authorities have been busy providing much-anticipated guidance on the practical steps organisations must take to comply with the new data protection, cybersecurity and technology regulations. In short, the key developments are: Practical implementation guidance under PRC Cybersecurity Law Draft Guidelines on Multi Level Protection Scheme (MLPS) for information …

CHINA: Data and cyber – New guidelines you need to know Read More »

FRANCE: New “data security kit” published by the ANSSI

12 December 2018 / ,

The French national digital security agency (ANSSI) has recently published a “data security kit” on the occasion of the entry into application of the EU General Data Protection Regulation (GDPR) on last May 25. Security of the personal data, to preserve their integrity and confidentiality, is one of the main data protection principles set out …

FRANCE: New “data security kit” published by the ANSSI Read More »

FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business

30 January 2019 / , ,

Written by Michelle Anderson and Samantha Glazer In a June 21, 2017 blog post, the FTC announced updates to its Six-Step Compliance Plan for Your Business under the Children’s Online Privacy Protection Act (COPPA). The revisions make clear that the FTC considers new business models (e.g., voice-activated devices) and products (e.g., connected toys) to be covered under COPPA. …

FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business Read More »

CHINA: PRC Cybersecurity Law – take action and monitor developments to avoid losing your China business

21 June 2017 / , ,

The PRC Cybersecurity Law is three weeks old, and non-compliant international businesses are already facing severe consequences. Since 1 June, twenty-two people engaged by a global technology giant have been arrested, and sixty online entertainment news sites have been shut down. The law continues to evolve. The latest guidance provides practical answers to previous areas …

CHINA: PRC Cybersecurity Law – take action and monitor developments to avoid losing your China business Read More »

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates

31 January 2019 / , ,

Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only holdouts: South Dakota and …

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates Read More »

Blog post: swiss-us privacy shield adopted, aligns with eu-us privacy shield

31 January 2019 / , , ,

Written by Michelle Anderson The Department of Commerce International Trade Administration and Swiss Federal Council announced on January 11, 2017, the creation of a Swiss-US Privacy Shield framework that will “apply the same conditions as the European Union” under the EU-US Privacy Shield framework. This is welcome news for companies that transfer personal data from both the EU and Switzerland …

Blog post: swiss-us privacy shield adopted, aligns with eu-us privacy shield Read More »

Presidential Commission Issues Recommendations for Improving Public and Private Sector Cybersecurity

31 January 2019 /

Written by James Duchesne The President’s Commission on Enhancing National Cybersecurity (the “Commission”) recently issued a thoughtful report on improving the United States’ cybersecurity posture.  (The full report can be read here.)  The majority of the Commission’s recommendations would require action by the Trump Administration but may nonetheless prove influential.   The Commission was charged under President …

Presidential Commission Issues Recommendations for Improving Public and Private Sector Cybersecurity Read More »

CHINA: significant changes to data and cybersecurity practices under PRC Cybersecurity Law

14 November 2016 / , ,

After a third deliberation, the Chinese government passed the new PRC Cybersecurity Law on 7 November 2016. The new law will come into force on 1 June 2017 and has significant implications for the data privacy and cybersecurity practices of both Chinese companies and international organisations doing business in China. The new PRC Cybersecurity Law …

CHINA: significant changes to data and cybersecurity practices under PRC Cybersecurity Law Read More »

New York proposes cybersecurity regulation aiming to protect financial services companies from criminal enterprises

31 January 2019 / , ,

Written by Jim Halpert and Michael Schearer The New York State Department of Financial Services (NYDFS) has set forth a proposed cybersecurity regulation for financial service companies. Announced this week by New York  Governor Andrew M. Cuomo, the proposed rule seeks to protect both consumer data and financial systems from terrorist organizations and other criminal …

New York proposes cybersecurity regulation aiming to protect financial services companies from criminal enterprises Read More »

UK: GOVERNMENT REPORT RECOMMENDS STRONGER POWERS FOR THE ICO

12 November 2017 / , , , ,

Background   On 17 June 2016 the House of Commons Select Committee for Culture, Media and Sport (“The Committee”) published its report on the inquiry into the current state of cyber security and protection of personal data. The inquiry was triggered by a cyber attack which compromised the data of TalkTalk customers, on 21 October, …

UK: GOVERNMENT REPORT RECOMMENDS STRONGER POWERS FOR THE ICO Read More »

New Data Breach Notification Law in Nebraska

31 January 2019 / , ,

Written by Anne Kierig An amendment to Nebraska’s data breach notification law, signed by the Governor earlier this month and effective July 20, 2016, makes key changes to the state’s notification regime.  First, the law expands the definition of “personal information” to include “a user name or email address, in combination with a password or …

New Data Breach Notification Law in Nebraska Read More »

2016 – Main trends on Cybersecurity

26 January 2018 / , ,

While many are not yet aware of the full breadth of the cybercrime phenomenon (cybercrime globally generates more revenues and is more profitable than drug trafficking!), there is a general consensus about the fact that certain breaches cannot be avoided. With a proliferation of connected devices operated remotely and a more pervasive use of data, …

2016 – Main trends on Cybersecurity Read More »

Wire transfer phishing − an old scam returns: simple steps to protect your organization

1 February 2019 / ,

Written by Tara McGraw Swaminatha and Christopher Scott Companies around the world are seeing the resurgence of an old scam: wire transfer phishing attacks that trick employees into wiring money from company bank accounts to criminals’ bank accounts. Over the past several months, many companies have lost millions of dollars to such relatively simple attacks. …

Wire transfer phishing − an old scam returns: simple steps to protect your organization Read More »

Hacking Team case – is your cyber risk strategy enough?

1 February 2019 / , , , , ,

The cyber-attack suffered by Hacking Team revealed unexpected vulnerabilities of systems with considerable consequences for businesses whose cyber risk strategy shall be reassessed. The press extensively covered during the last days the case concerning the cyber attack suffered by the Hacking Team, a government-sponsored provider of device monitoring solutions.  Following the attack, over 1 million emails …

Hacking Team case – is your cyber risk strategy enough? Read More »

Linkedin-in Twitter Facebook-f Instagram Youtube Weixin
© 2022 DLA Piper. DLA Piper is a global law firm operating through various separate and distinct legal entities. For further information about these entities and DLA Piper’s structure, please refer to the Legal Notices page. All rights reserved. Attorney advertising.​