Data Protection

News & Analysis as of

Cyber Security and Loss Recovery - A New Alternative for Organizations

The largest data breaches ever have occurred since 2015, and targets have encompassed a wide spectrum of entities. Organizations affected range from U.S. DOJ and the IRS—where citizens’ personally identifying information was...more

How Can Yahoo E-Mail Scanning Impact the EU-U.S. Privacy Shield?

Reuters reported earlier this month that, according to three former employees, Yahoo Inc. had “complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo mail accounts at the behest of the NSA...more

Asia-Pacific Data Flow

On October 19, the US Department of Commerce and the Personal Information Protection Commission of Japan announced their commitment to expand the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules (CBPR)...more

Prepare for the Hack: Five Things to Keep in Mind when Shopping for Cybersecurity Insurance

When your company's confidential information ends up on the dark web, it is obviously too late to start thinking about adequate insurance coverage for the barrage of claims and expenses that are about to hit like a tidal...more

UK ICO Offers Guidance on Privacy Notices Under the GDPR and the UK Data Protection Act

In an anticipated guidance, the United Kingdom's Information Commissioner's Office (ICO) updated its code of practice for privacy notices titled Privacy notices, transparency and control (the Code). Significantly, the ICO has...more

And suddenly, an ancillary law significantly changes the scope of sanctions in France well in advance of the General Data...

French regulatory framework is undergoing an important shift in terms of sanctions imposed by the French Data Protection Authority (the ‘CNIL’) in case of non-compliance with French Data Protection Law as the administrative...more

Bitcoin: Cybersecurity Regulations on the Horizon?

As legislators grapple with creating legislation intended to bring virtual currencies, such as bitcoin, within the scope of anti-money laundering regulations, the vulnerability of Bitcoin exchanges to theft and other cyber...more

California Updates Data Breach Notification Statute for 2017

California, which has historically been one of the states at the vanguard of data breach notification issues, has made an update to its statute that takes effect on January 1, 2017. The update will require companies to notify...more

Industry Insight: Information Governance – Leverage Your Business Intelligence and Reduce Risk

“The goal is to turn data into information, and information into insight.” – Carly Fiorina, former CEO, Hewlett-Packard Co. The most valuable asset of every organization is information. Organizing, analyzing and...more

Vermont Settles with B2B Software Developer over Security Practices

Yesterday, the Vermont Attorney General announced a settlement with business-to-business software developer Entrinsik, Inc., resolving allegations that the company’s Informer program violated Vermont law, including the law...more


Following the UK Brexit referendum businesses will now find themselves assessing their future. Below is a checklist designed to raise some important questions that should be considered in order to assess potential risks and...more

Safe Travel Series: Dos and Don'ts of Hotel Safety

Hotels are susceptible to a wide array of thefts, scams, hacks, and assaults. Today, the savvy traveler needs to be security conscious. That especially applies to hotels. While any given stay will, in all likelihood, turn out...more

NIST Extends Deadline for Comments to Mobile Device Infrastructure Guidance

All enterprises are struggling with the security risks posed by the use of mobile devices by employees. Companies want their employees to have easy access to information so that they can perform their job functions in an...more

Draft Cybersecurity Self-Assessment Tool Published

The National Institute of Standards and Technology (NIST) recently published a draft cybersecurity self-assessment tool entitled “The Baldrige Cybersecurity Excellence Builder,” which provides organizations with a tool to...more

Small Companies and Those Not Certified Under the Safe Harbor Face Hidden Costs in the EU/US Privacy Shield Certification Process

The Privacy Shield in a nutshell. The Privacy Shield permits U.S. businesses to process and control the personal data of individuals, aka data subjects, located in the European Union (EU). Without the Privacy Shield,...more

Update from the French Data Protection Authority on the compliance package for connected vehicles

The market of the so-called “connected vehicles” has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40...more

In the age of Big Data, the EDPS issues an Opinion on enforcement and upholding fundamental rights

The European Data Protection Supervisor (“EDPS”) issued an Opinion on coherent enforcement of fundamental rights in the age of big data”. This is an update to the EDPS’ Preliminary Opinion in 2014 on “Privacy and...more

Cybersecurity Q&A: What Canadian Companies Need to Know about the EU’s New Data Protection Law

It is trite to point out that information crosses national borders today at an unprecedented rate and with very few barriers. A consequence of this unconstrained international flow of information is that domestic data...more

The New European Union-U.S. Data Privacy Shield…Is It Right for You?

U.S. companies with transatlantic operations should carefully balance the need to transfer personal data about European customers and employees from Europe to the U.S. in light of the increased burdens and cost of compliance...more

OCR Releases HIPAA Guidance on Cloud Computing

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) released HIPAA guidance on cloud computing (Guidance). The Guidance is intended to help covered entities and business associates...more

New NIST Study Shows Risks of Security Fatigue

The National Institute of Standards and Technology (NIST) recently published a new article that finds that most typical computer users experience security fatigue that leads users to engage in risky behavior when they are at...more

What You Must Know about New York’s Proposed Cybersecurity Regulation for the Banking, Insurance, and Financial Services Sectors

Last week, New York’s Department of Financial Services released its long-awaited proposed cybersecurity regulation, which promises to deliver sweeping protections to consumers and financial institutions alike. The proposed...more

UK 'must avoid data protection Brexit'

According to the UK's new information commissioner, Elizabeth Denham, who was interviewed by the BBC, the UK “should adopt forthcoming EU data protection laws, despite its plan to leave the Union”. The new EU data...more

French Data Protection Authority Reveals the Scope of its Connected Car “Compliance Package”

On October 3, 2016, during a conference organized by the French Comity of Car Manufacturers (“CCFA”) during the Paris Motor Show, Mrs. Sophie Nerbonne, the Compliance Director of the French Data Protection Authority...more

GAO Study Slams HHS For Lack of Guidance to Covered Entities

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only...more

2,798 Results
View per page
Page: of 112
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.