If you manage a company that collects and otherwise processes personal data (which is just about every company, these days), you may need to protect your own pocketbook. As governments across the globe continue to enact and enforce data privacy, data protection, and cybersecurity laws, data becomes more readily available, and the volume of incidents … Continue Reading
In a widely anticipated ruling, the U.S. Supreme Court today ruled that just because a business has calling technology that has the capacity to store and dial multiple numbers – such as a cell phone — does not automatically subject that business to Telephone Consumer Protection Act (“TCPA”) liability for calls (and texts) to consumers … Continue Reading
Join me, Stoel Rives’ Chief Information Security Officer (and Global Privacy & Security Blog® author) Jon Washburn, for a panel discussion in which I will partner with top industry CISOs and CIOs to address the most pressing cybersecurity challenges of 2021. Register now for free for the Seattle & Portland Virtual Cybersecurity Summit, March 31 and … Continue Reading
In a recent letter to insurers, the New York State Department of Financial Services (“NYDFS”) acknowledged the key role cyber insurance plays in managing and reducing cyber risk – while also warning insurers that they could be writing policies that have the “perverse effect of increasing cyber risk.” If a cyber insurance policy does not … Continue Reading
Digital transformation refers to the process of leveraging technology, people and processes to innovate or stay competitive. The main driver of this process is often data. For a vivid illustration see Data Never Sleeps, an infographic released by Domo, a leading business analytics company. While executing digital transformation the right way can lead to great … Continue Reading
The U.S. Department of Education released some FAQs related to the Family Educational Rights and Privacy Act (FERPA) and corona virus. The Department’s Student Privacy Policy Office prepared the FAQs to assist officials in educational agencies and institutions such as school districts, schools, colleges and universities in managing public health issues related to COVID-19 while … Continue Reading
In a recent Cybercrime Tactics and Techniques Report focusing on the health care industry, cybersecurity company Malwarebytes discovered a significant 82% spike in Trojan malware attacks on health care organizations in Q3 2019. Emotet and TrickBot, two especially sophisticated and dangerous forms of malware, were mostly responsible for this surge. Used primarily as ’banking Trojans” … Continue Reading
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced recently that it has launched a collaborative project to develop a voluntary privacy framework to help organizations manage risk. According to NIST Director Walter G. Copan, “The development of a privacy framework through an open process of stakeholder engagement is intended to … Continue Reading
See European Regulation on the Protection of Personal Data Guide Sub-Contractor Edition, September 2017. Are you a contractor within the meaning of European Regulation on data protection? Are you subject to EU regulation on data protection? What is the main change introduced by the European regulation for contractors? What are your obligations as of May … Continue Reading
The Article 29 Working Party updated the Guidelines on PIAs and evaluation of risk guidance on October 4, 2017: Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 CNIL created a PIA Infography to outline the main principles. Keep … Continue Reading
CNIL, the French DPA, published a new Compliance Pack called “Connected Vehicles: A Compliance Pack for Responsible Data Use” on October 17, 2017. CNIL broke its guidance into three scenarios: Personal data remains in the car Personal data is transmitted externally to provide a service to the individual Personal data is transmitted outside to trigger … Continue Reading
The Article 29 Working Party published two Guidelines related to GDPR: Guidelines on Personal data breach notification under Regulation 2016/679, wp250 Guidelines on automated individual decision-making and profiling for the purposes of Regulation 2016/679, wp251 The Guidelines are open for comments until November, 28, 2017. Comments should be sent to JUST-ARTICLE29WP-SEC@ec.europa.eu and presidenceg29@cnil.fr.… Continue Reading
We are happy to announce that we are sponsors of this year’s Privacy + Security Forum and one of our own, Amy Carlson is speaking on Healthcare Data Breaches: Unique Industry Issues and Prevention Strategies. Please stop by and learn more about Stoel Rives LLP Privacy and Data Security Team.… Continue Reading