Data Security

The CNIL’s key priorities for upcoming dawn-raids in 2021

Every year, the French supervisory authority (the “CNIL”) publishes its key priorities for upcoming dawn-raids. In 2021, more than 50% of the CNIL’s dawn-raids will focus on: (i) websites cybersecurity, (ii) health data protection and (ii) cookies. 1. Websites cybersecurity Website security incidents are among the most common non-compliances identified by the CNIL during its …

The CNIL’s key priorities for upcoming dawn-raids in 2021 Read More »

US: Cyber Risk: Facing Off Against Employee Monitoring Requirements

Authors: Carol A.F. Umhoefer and Alaa Salaheldin Global companies face increased pressure to adopt strong cyber risk mitigation measures in today’s rapidly evolving cyber threat-heavy business environment. According to security company PurpleSec LLC, in 2020 alone, cybercrime is reported to have increased by up to 600% as a result of new incentives and opportunities for …

US: Cyber Risk: Facing Off Against Employee Monitoring Requirements Read More »

France: First sanction of an online shoes company by CNIL acting as a lead authority for several infringements to GDPR requirements

On 28 July 2020, the French Supervisory Authority (the “CNIL”) sanctioned the online shoes retail company, SPARTOO SAS, by a €250,000 fine and an injunction to comply with GDPR within 3 months under penalty for various non-compliances with the GDPR of the personal data processing related to clients, prospects and employees[1]. I. Factual background and …

France: First sanction of an online shoes company by CNIL acting as a lead authority for several infringements to GDPR requirements Read More »

US: California AG posts final proposed CCPA Regulations and offers insights ahead of July 1 enforcement deadline

By Kate Lucente, Jim Halpert, Lael Bellamy   The California Attorney General has posted the final proposed CCPA Regulations, which were submitted to the California Office of Administrative Law (OAL) on June 1, 2020. The final proposed regulations are virtually unchanged from the prior version, posted on March 11. (You can review our analysis of the prior …

US: California AG posts final proposed CCPA Regulations and offers insights ahead of July 1 enforcement deadline Read More »

FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business

Written by Michelle Anderson and Samantha Glazer In a June 21, 2017 blog post, the FTC announced updates to its Six-Step Compliance Plan for Your Business under the Children’s Online Privacy Protection Act (COPPA). The revisions make clear that the FTC considers new business models (e.g., voice-activated devices) and products (e.g., connected toys) to be covered under COPPA. …

FTC Updates COPPA Guidance: Six-Step Compliance Plan for Your Business Read More »

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates

Written by Jim Halpert and Anne Kierig An active spring state legislative session has already produced a few new state data breach laws. Notably, when New Mexico HB 15 was signed into law on April 6, the state became the 48th in the nation to have a data breach law on the books. The only holdouts: South Dakota and …

New Mexico becomes 48th state to enact a data breach law, plus US state-level updates Read More »

Congress Rolls Back FCC Broadband Privacy Rules: What Does It Mean?

Written by Sydney White and Jim Halpert This week the US House of Representatives passed a Congressional Review Act (CRA) resolution of disapproval of the US Federal Communications Commission (FCC) broadband privacy rules that were approved by the FCC in a straight partisan vote at the end of the Obama Administration, but have not yet …

Congress Rolls Back FCC Broadband Privacy Rules: What Does It Mean? Read More »

New York AG Announces Record Year for Data Breaches in New York – and Updates Guidance on Reasonable Security Measures

Written by Michelle Anderson and Anne Kierig New York Attorney General Eric Schneiderman announced that his office received a record number (1,300) of data breach notices in 2016. In the press release, Attorney General Schneiderman also provided a list of recommendations for how organizations can help protect sensitive personal data—a list that could be used as a …

New York AG Announces Record Year for Data Breaches in New York – and Updates Guidance on Reasonable Security Measures Read More »

How to get the best out of data at the age of the EU Privacy Regulation

By Giulio Coraggio Personal data, including big data, is a valuable asset for businesses, but how to maximise its exploitation at the age of the EU Privacy Regulation? The decision of the ECJ on personal data The European Court of Justice (ECJ) issued a landmark decision on the definition of personal data which very well summarised in …

How to get the best out of data at the age of the EU Privacy Regulation Read More »

CASL made clearer: CRTC releases its first compliance and enforcement decision under Canada’s Commerce Messages Law

Written by Kelly Friedman, Tamara Hunter and Jim Halpert The Canadian Radio-Television and Telecommunications Commission (CRTC) has issued its first Compliance and Enforcement Decision for violation of Canada’s anti-spam legislation (CASL). Until now, CRTC CASL enforcement actions have taken the form of settlements reached in confidential negotiations between the  Enforcement Branch and the company. But this decision, …

CASL made clearer: CRTC releases its first compliance and enforcement decision under Canada’s Commerce Messages Law Read More »

FCC Adopts Broadband Privacy Rules

Written by Sydney White Today the Federal Communications Commission (FCC) approved new privacy rules for mobile and fixed broadband ISPs by a vote of 3-2. The rules seek to harmonize the requirements for ISPs with current FCC CPNI rules that restrict usage of customer data by telecommunications carriers. The rules are broader than FTC privacy standards. In …

FCC Adopts Broadband Privacy Rules Read More »

New York proposes cybersecurity regulation aiming to protect financial services companies from criminal enterprises

Written by Jim Halpert and Michael Schearer The New York State Department of Financial Services (NYDFS) has set forth a proposed cybersecurity regulation for financial service companies. Announced this week by New York  Governor Andrew M. Cuomo, the proposed rule seeks to protect both consumer data and financial systems from terrorist organizations and other criminal …

New York proposes cybersecurity regulation aiming to protect financial services companies from criminal enterprises Read More »

EU: The right to be forgotten and the role of the Companies Registry

On 8 September 2016, Advocate General Bot released his opinion on the “Camera di Commercio Industria, Artigianato e Agricoltura di Lecce v. Salvatore Manni” c-398/15  (“Manni Case“). If confirmed by the European Court of Justice, the opinion will no doubt shed further light on the construction of the right to be forgotten. Background The original …

EU: The right to be forgotten and the role of the Companies Registry Read More »

GERMANY: Amended Liability Laws to Promote Public Wi-Fi

On May 11, 2016, the German coalition government agreed to amend the Telemedia Act, which sets the framework for Internet usage across Germany, in order to limit fault liability for Wi-Fi providers. The new regulation states that Wi-Fi providers will not be held liable for the illegal activities of persons using the service. This means …

GERMANY: Amended Liability Laws to Promote Public Wi-Fi Read More »

WP29 Says to Continue Using MCs and BCRs to transfer EU Data to US

By Kate Lucente Following on from yesterday’s announcement regarding the political agreement of the EU-US Privacy Shield, to replace the Safe Harbor program, European data protection authorities met today to be briefed on this. Their view at present seems to be cautiously optimistic. The group, called the Article 29 Working Party, welcomed the political agreement …

WP29 Says to Continue Using MCs and BCRs to transfer EU Data to US Read More »

Safe Harbor: European Commission issues guidance to clarify the EU-US data transfer conundrum

On 6 November 2015, the European Commission issued guidance in the form of a Communication on the transfer of personal data from the EU to the US following the Schrems Judgment at the beginning of October (for information on the Judgment, see DLA Piper’s Privacy Matters blog post). The following points are stressed in the Communication: Alternative bases …

Safe Harbor: European Commission issues guidance to clarify the EU-US data transfer conundrum Read More »

Ground-breaking European Court Decision – US Safe Harbor declared invalid

On October 6th, in a ground-breaking Decision, the Court of Justice of the European Union (CJEU) declared the US Safe Harbor scheme to be invalid, as well as confirming that individuals have the right to challenge any similar schemes that may be established by the European Commission through their national data protection authorities. The US Safe Harbor …

Ground-breaking European Court Decision – US Safe Harbor declared invalid Read More »

FTC Announces “Start with Security” Business Education Initiative; Issues Security Guidelines to Businesses

The Federal Trade Commission (“FTC”) has launched a new initiative, dubbed “Start with Security,” which is focused on assisting businesses in developing greater security to protect consumers’ personal information. To kick off the initiative, the FTC issued Protecting Personal Information:  A Guide for Business, which is based on the lessons learned from the approximately fifty (50) data …

FTC Announces “Start with Security” Business Education Initiative; Issues Security Guidelines to Businesses Read More »

China Adopts the New National Security Law – A Top Legislative Effort To Control Cyber Security

Written by Scott Thiel On 1 July, 2015, the Standing Committee of the National People’s Congress, China’s top legislature, approved the new National Security Law of the People’s Republic of China (中华人民共和国国家安全法, the “New Law”) which became effective on the same day. This New Law is very high-level in its nature covering a wide range …

China Adopts the New National Security Law – A Top Legislative Effort To Control Cyber Security Read More »

Internet Sweep Days: Focus on Children’s Data

Written by Carol Umhoefer Between May 12 and May 15, 2015, as part of the annual Internet Sweep Days, nearly 30 Data Protection Authorities (“DPAs”) audited child-oriented websites and mobile apps to check compliance with data privacy rules. Results are expected in Q3 2015. The Global Privacy Enforcement Network (“GPEN”), which brings together numerous countries’ …

Internet Sweep Days: Focus on Children’s Data Read More »