Webinar Recording Available on China’s New Cybersecurity Law

On March 7, 2017, Hunton & Williams LLP hosted a webinar with Beijing partner Bing Maisog on China’s new Cybersecurity Law. China’s new Cybersecurity Law will impose new restrictions on information flows from operators of key information infrastructure, and will become effective in June 2017. Continue Reading

NY Attorney General Announces Record Number of Data Breach Notices in 2016

On March 21, 2017, New York Attorney General Eric Schneiderman announced that the New York Office of the Attorney General received over 1,300 data breach notifications in 2016, a 60 percent increase from 2015. The reported breaches led to the exposure of personal information of 1.6 million New York residents. According to the Attorney General’s report, 46 percent of the exposed personal information consisted of Social Security numbers, and 35 percent consisted of financial account information. Attorney General Schneiderman cited the updated New York State Department of Financial Services Cybersecurity Regulation as a means of addressing financial data breaches.

FTC Announces Settlement Over Alleged Consent Order Violation

On March 17, 2017, the Federal Trade Commission announced that Upromise, Inc., (“Upromise”) agreed to pay $500,000 to settle allegations (the “Settlement”) that it violated the terms of a 2012 consent order (the “2012 Order”) that required Upromise to provide notice to consumers regarding its data collection and use practices, and obtain third-party audits. Continue Reading

Neiman Marcus Agrees to Settlement in Data Breach Class Action

On March 17, 2017, retailer Neiman Marcus agreed to pay $1.6 million as part of a proposed settlement (the “Settlement”) to a consumer class action lawsuit stemming from a 2013 data breach that allegedly compromised the credit card data of approximately 350,000 customers. Continue Reading

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

On March 15, 2017, the French data protection authority (the “CNIL”) published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation (“GDPR”) that will become applicable on May 25, 2018. Continue Reading

Webinar Recording Available on the NYDFS Regulations

On March 9, 2017, AllClear ID hosted a webinar with Hunton & Williams partner and chair of the Global Privacy and Cybersecurity practice Lisa J. Sotto on the new cybersecurity regulations from the New York State Department of Financial Services (“NYDFS”). The NYDFS regulations impose significant cybersecurity requirements on impacted businesses that will dictate how they plan for, respond to and recover from data security events. Continue Reading

ICO Publishes Guidance on Consent under the EU GDPR

On March 2, 2017, the UK Information Commissioner’s Office (“ICO”) published draft guidance regarding the consent requirements of the EU General Data Protection Regulation (“GDPR”). The guidance sets forth how the ICO interprets the GDPR’s consent requirements, and its recommended approach to compliance and good practice. The ICO guidance precedes the Article 29 Working Party’s guidance on consent, which is expected in 2017. Continue Reading

FTC Study Recommends Wider Implementation of DMARC to Combat Phishing Attacks

On March 3, 2017, the FTC announced the results of a study about online businesses’ use of proper email authentication technology to prevent phishing attacks. The study’s sample included 569 large online businesses with strong ties to the U.S. The FTC found that 86 percent of those businesses use Sender Policy Framework – an email authentication technology that enables Internet Service Providers (“ISPs”) to determine whether an email is from a legitimate source (e.g., whether an email that claims to be from a business’s domain in fact came from the business). Continue Reading

Cybersecurity Panel Discussion: A Live Cyber Attack Tabletop Exercise

On March 21, 2017, Hunton & Williams is pleased to host an in-person seminar in its London office featuring seasoned cybersecurity practitioners. Drawing from deep experience in their respective fields, the panel members will discuss the implications of the EU General Data Protection Regulation’s breach notification obligations in the context of a state-of-the-art cyber attack simulation. In doing so, the panelists will share best practices to help protect organizations in the event of a cyber attack. Continue Reading

Hunton Releases ‘Seeking Solutions,’ a Report on the Attributes of Effective DPAs

Hunton & Williams LLP, in coordination with the U.S. Chamber of Commerce, recently issued a series of recommendations to enhance the effectiveness of data privacy regulators. The report, Seeking Solutions: Attributes of Effective Data Protection Authorities, identifies seven key attributes of data protection authorities (“DPAs”) that contribute to effective data protection governance. The report also explores how the level of effectiveness varies based on differences in the structure, roles and resources of a DPA. Continue Reading