The U.S. Department of Education released some FAQs related to the Family Educational Rights and Privacy Act (FERPA) and corona virus. The Department’s Student Privacy Policy Office prepared the FAQs to assist officials in educational agencies and institutions such as school districts, schools, colleges and universities in managing public health issues related to COVID-19 while … Continue Reading
In a recent Cybercrime Tactics and Techniques Report focusing on the health care industry, cybersecurity company Malwarebytes discovered a significant 82% spike in Trojan malware attacks on health care organizations in Q3 2019. Emotet and TrickBot, two especially sophisticated and dangerous forms of malware, were mostly responsible for this surge. Used primarily as ’banking Trojans” … Continue Reading
Stoel Rives LLP is pleased to announce that information privacy & data security attorney Dustin Berger has been recognized as an (ISC)2 Certified Information Systems Security Professional (CISSP). This certification demonstrates an individual’s understanding of cybersecurity strategy and its hands-on implementation. It also confirms that the holder has the advanced knowledge and technical skills to … Continue Reading
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced recently that it has launched a collaborative project to develop a voluntary privacy framework to help organizations manage risk. According to NIST Director Walter G. Copan, “The development of a privacy framework through an open process of stakeholder engagement is intended to … Continue Reading
See European Regulation on the Protection of Personal Data Guide Sub-Contractor Edition, September 2017. Are you a contractor within the meaning of European Regulation on data protection? Are you subject to EU regulation on data protection? What is the main change introduced by the European regulation for contractors? What are your obligations as of May … Continue Reading
The Article 29 Working Party updated the Guidelines on PIAs and evaluation of risk guidance on October 4, 2017: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 CNIL created a PIA Infography to outline the main principles. Keep … Continue Reading
CNIL, the French DPA, published a new Compliance Pack called “Connected Vehicles: A Compliance Pack for Responsible Data Use” on October 17, 2017. CNIL broke its guidance into three scenarios: Personal data remains in the car Personal data is transmitted externally to provide a service to the individual Personal data is transmitted outside to trigger … Continue Reading
The Article 29 Working Party published two Guidelines related to GDPR: Guidelines on Personal data breach notification under Regulation 2016/679, wp250 Guidelines on automated individual decision-making and profiling for the purposes of Regulation 2016/679, wp251 The Guidelines are open for comments until November, 28, 2017. Comments should be sent to JUST-ARTICLE29WP-SEC@ec.europa.eu and presidenceg29@cnil.fr.… Continue Reading
We are happy to announce that we are sponsors of this year’s Privacy + Security Forum and one of our own, Amy Carlson is speaking on Healthcare Data Breaches: Unique Industry Issues and Prevention Strategies. Please stop by and learn more about Stoel Rives LLP Privacy and Data Security Team.… Continue Reading
