Privacy & Cybersecurity

Don't forget to join us this afternoon - Wednesday - at 3 PM ET for a webinar discussion of the European Court of Justice's game changing decision invalidating the US-EU Safe Harbor framework. What's next? What should be your Plan B?

A press release issued by the Court of Justice of the EU (ECJ) regarding its decision in the Schrems Safe Harbor case (C-362/14) confirms that the ECJ has declared Safe Harbor invalid.

As I reported earlier today, the Court of Justice of the EU (ECJ) has declared Safe Harbor invalid.

Welcome to the first Monday in October!
The big issue for this week is tomorrow's impending decision from the European Court of Justice in the Schrems v. Facebook Safe Harbor matter.

Since the Snowden revelations, trouble has been brewing for the EU-US Safe Harbor program and companies which utilize this program to make transfers of personal information from the EU to the US legal under EU privacy laws.

Putting your organization's name in the paper can be a boon to both your business and your career. The ego stroke isn't bad either; it can be quite a jolt to see your name in a trade or general news publication for the first time. 

The European Court of Justice (ECJ) has announced that it will release its decision in the Schrems Safe Harbor case on Tuesday, October 6. It is highly unusual for the ECJ to issue a decision so quickly after publication of the Advocate General’s opinion on a case.  

EU data protection law prohibits the transfer of personal data to countries or territories outside the EEA unless they are considered to provide adequate protection. One of the ways certain US organisations can demonstrate an adequate level of protection is by signing up to the Safe Harbor principles, a self-certification standard operated by the US Department of Commerce and enforced by the FTC.

The SEC has announced a new round of cybersecurity inspections at broker-dealer and registered investment advisory firms. If that's not enough to catch your attention, just days after issuing the Risk Alert, the SEC censured and fined a St. Louis-based investment advisor for a failure to adopt written policies and procedures to ensure the confidentiality of personal information as required by law.

Does your company rely on Safe Harbor to transfer personal data from Europe to the U.S.? If so, it’s time to think about alternatives to Safe Harbor – and fast.

Giovanni Buttarelli, the European Data Protection Supervisor (EDPS), recently announced the formation of a new external Ethics Board that will do a deep dive into the complex ethical issues that surround the use of  personal data in the “big data” economy.

It's back to school time - time to put away the flip flops and beach chairs and settle back into the routine. To help motivate you, the Securities and Exchange Commission's Office of Compliance Inspections and Examinations (OCIE) has announced a new round of cybersecurity examinations!

Companies that require customers to agree to receive autodialed marketing calls and text messages as a condition for using the companies’ services have been put on notice that they may be in violation of the Telephone Consumer Protection Act (“TCPA”). 

Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach allegedly perpetrated by North Korean hackers in retaliation for SPE’s release of “The Interview,” a satirical comedy depicting an attempt on the life of North Korean dictator Kim Jong-Un. 

Card-issuing banks are forging ahead with their lawsuit against Target arising from the 2013 holiday shopping season data breach. Their July 1 motion for class certification has just been unsealed, allowing a glimpse at plaintiffs’ version of the events during November and December 2013 that resulted in theft of payment card data for 40 million Target customers.

Risks to sensitive data have never been greater. With the rise in cyber attacks and data breaches, outsourcing to third parties can present an exponential threat to corporations.

The National Institute of Standards and Technology has published a draft of its objectives for cybersecurity standardization, following in many ways the consultative model that it used successfully in drafting the NIST Framework for critical infrastructure cybersecurity.

Rather than our usual Privacy Monday "bits and bytes," we have a breaking story relating to the ongoing Wyndham/FTC saga.

The Impact Team, the vigilante group behind the hacking of the infamous website AshleyMadison.com has followed through on its threat to leak the full database of the site’s users online. On Tuesday, August 18, 2015, an impressive 9.7 gigabytes of compressed data was posted to the dark web using an Onion address accessible only through the Tor browser. 

Target has announced that it has entered into a settlement with Visa to resolve claims of issuers of Visa credit and debit cards arising from Target’s November 2013 data breach. The proposed settlement will pay issuers of Visa payment cards up to $67 million to reimburse losses associated with the theft of card numbers from Target POS terminals.