In response to a record year of personal data breaches in 2024, affecting millions of individuals, the French data protection authority (CNIL) has published a set of security directives for operators of large databases. While...more
In the context of a significant increase in data breaches and cyber-attacks impacting hospitals, the French Data Protection Authority (“CNIL”) has launched a series of investigations and issued several formal notices to...more
Recent decisions by the French data protection authority (CNIL) have highlighted the importance of GDPR compliance, particularly in the areas of data retention, consent for processing sensitive personal data, and marketing...more
The CNIL has launched an investigation into a significant data breach affecting over 33 million individuals in France, involving third-party payment operators Viamedis and Almerys. It is the biggest breach in France involving...more
The French supervisory authority (CNIL) asked for public comments on its draft recommendation on data security in relation to processing that presents particularly high risks to individuals or to the public interest (the...more
France’s data protection authority, the Commission Nationale de Informatique et des Libertés (“CNIL”), has issued one of its highest General Data Protection Regulation (“GDPR”) sanctions to-date against Dedalus Biologie SAS...more
FTC Warns Companies to Remediate Log4j Security Vulnerability - Log4j is a ubiquitous piece of software used to record activities in a wide range of systems found in consumer-facing products and services. Recently, a...more
France’s data protection regulator (the CNIL) said this week it has fined Google and Facebook a combined €210 million for breaches of laws on cookies use and tracking of user online activity. These fines were not under the...more
Best Practices for the Virginia Consumer Data Protection Act - The Virginia Consumer Data Protection Act (VCDA) Working Group of the Joint Commission on Technology and Science released its final report on best practices...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
In addition to the not-insignificant €2.25 million fine, CNIL's enforcement action against Carrefour France raises some universal points for companies handling data, both in the EU and in the U.S. Big Picture Takeaways:...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - Cybersecurity Standards Issued for Government Contractors - On January 31, the Office of the Under Secretary of Defense for Acquisition and...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - FTC Submits Comment on the Preliminary Draft for the NIST Privacy Framework - On October 24, 2019, the Federal Trade Commission ("FTC") announced that...more
Florida Introduces BIPA Legislation - A Florida state senator has introduced an identical version of the Illinois Biometric Information Privacy Act (BIPA)....more
The French data protection authority CNIL has received 3,767 data protection complaints since EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018. According to CNIL this is a 64 percent increase...more
The Situation: Even before the General Data Protection Regulation ("GDPR") became effective on May 25, there has been a noticeable trend in the enforcement of security obligations through increased sanctions. The...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more