Some notable stats showed up in the recently-released 2017 Veracode State of Software Security report: while “nearly a third (29 percent) of survey respondents indicated that they are actively pursuing digital transformation projects [and] … a further 29 percent stated that they are either planning for or considering digital transformation projects for the future,”

According to a recent Genpact study:

  • Nearly two-thirds of consumers (63%) are worried that Artificial Intelligence is going to make decisions that will impact their lives without their knowledge
  • Less than one-third (30%) are at least “fairly comfortable” with the idea of companies using AI to access their personal data
  • Almost three-quarters (71%) say

As a firm with a large real estate practice, we are keenly aware of the risks of wire transfer fraud in real estate transactions – which has exploded from a reported $19 Million in 2016 to almost $1 Billion in 2017.

Often this fraud is the result of the hacker compromising a legitimate email

See European Regulation on the Protection of Personal Data Guide Sub-Contractor Edition, September 2017.

  • Are you a contractor within the meaning of European Regulation on data protection?
  • Are you subject to EU regulation on data protection?
  • What is the main change introduced by the European regulation for contractors?
  • What are your obligations as of

The Article 29 Working Party updated the Guidelines on PIAs and evaluation of risk guidance on October 4, 2017:

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

CNIL created a PIA Infography to outline the main principles. Keep

Per the Freedom of Information Act, US citizens have the right to access information from the federal government. We can visit Data.gov to search the more than 197,000 current datasets currently indexed on the site. While the intent is to leverage that data for the public good, there’s also an enormous amount of information

CNIL, the French DPA, published a new Compliance Pack called “Connected Vehicles: A Compliance Pack for Responsible Data Use” on October 17, 2017. CNIL broke its guidance into three scenarios:

  1. Personal data remains in the car
  2. Personal data is transmitted externally to provide a service to the individual
  3. Personal data is transmitted outside

The Article 29 Working Party published two Guidelines related to GDPR:

Guidelines on Personal data breach notification under Regulation 2016/679, wp250

Guidelines on automated individual decision-making and profiling for the purposes of Regulation 2016/679, wp251

The Guidelines are open for comments until November, 28, 2017. Comments should be sent to JUST-ARTICLE29WP-SEC@ec.europa.eu and presidenceg29@cnil.fr.

The United States Computer Emergency Readiness team (US-CERT) operates within the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), protecting America by responding to major incidents, analyzing threats, and exchanging critical cyber security information with trusted partners around the world.  You may have already signed up for the popular email alert

We received a proposed data breach bill (available here) recently circulated in Salem. This draft is a variant of Oregon House Bill 2581 that died in committee. That bill would have required, among other things, merchants impacted by security breaches to notify issuing banks of all the credit cards subject to the breach.

About the Global Privacy & Security Blog

Learn More

Contracts, laws and regulations require privacy compliance, and good business practices demand it. This blog is designed to inform our clients and readers about developing privacy issues and regulatory updates, and provide alerts on cyber security stories and data breaches that impact various data privacy and security requirements.