Health care providers and suppliers should be wary of the “Orangeworm” threat, an implementation of malware out in the wild that’s gathering information off of compromised medical equipment, especially old systems where file shares and Windows XP are still in use:

https://www.zdnet.com/article/mysterious-cyber-worm-targets-medical-systems-found-on-x-ray-machines-and-mri-scanners/

While this group seems to be limiting their actions to reconnaissance and compromising

France’s Commission Nationale de l’Informatique et des Libertés (“CNIL”) provides great tools and resources as well.

  • CNIL recently updated its Privacy Impact Assessment (PIA) Guides which include application to connected objects, methodology, template and knowledge bases.
  • CNIL also recently updated its PIA software tool in four languages that companies can use for compliance.
  • CNIL provides

Germany’s Bundesbeauftragte für den Datenschutz und die Informationsfreiheit published the Federal Data Protection Act to adapt GDPR. Germany provided some extensive guidance on GDPR here. Germany also publishes the standard data protection model, SDPM, in English on its site. Also available from the site are guidance materials about GDPR from the German Data

The United Kingdom’s Information Commissioner’s Office (“ICO”) is a great resource for companies looking for clear DPA guidance. The ICO has provided a Guide to the GDPR which is very targeted and comprehensive as well as resources for organizations including several guides. Getting Ready For GDPR Resources is a nice package of information prepared by

The European Commission – Data Protection links to the Article 29 Working Party Guidelines which supplement our understanding of GDPR:

The European Commission – Data Protection provides links to EC data protection policies, information and services.  The Commission provides the official GDPR text in multiple languages, describes the European Data Protection Board and its responsibilities, provides detailed guidance and resources on data transfers outside the EU, and some focused discussion of the changes to

Recently, I have been asked several times where there are good, official resources on GDPR. The following series of posts provide links to these resources.  We will post additional resources from time-to-time.

While we have yet to see much in the way of major changes (or punishment) following the massive Equifax data breach last year, there are many changes being introduced at the state level with regard to breach notification, penalties, whether or not credit reporting agencies can charge you for freezing your credit, and consumer rights

As illustrated in this recent article in Wired, email tracking services and their counterparts, anti-tracking services, have been rapidly gaining ground on the web; to the point that 40% of all email being sent, and 99% of the majority of the emails you receive (newsletters, marketing materials, notifications and transactional emails) are now being

Some notable stats showed up in the recently-released 2017 Veracode State of Software Security report: while “nearly a third (29 percent) of survey respondents indicated that they are actively pursuing digital transformation projects [and] … a further 29 percent stated that they are either planning for or considering digital transformation projects for the future,”

About the Global Privacy & Security Blog

Learn More

Contracts, laws and regulations require privacy compliance, and good business practices demand it. This blog is designed to inform our clients and readers about developing privacy issues and regulatory updates, and provide alerts on cyber security stories and data breaches that impact various data privacy and security requirements.