Archives: Information Security

Subscribe to Information Security RSS Feed

HHS Announces HIPAA Settlement with UMass

On November 22, 2016, the Department of Health and Human Services announced a $650,000 settlement with University of Massachusetts Amherst, resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Rules. … Continue Reading

UK Parliament Approves Investigatory Powers Bill

On November 16, 2016, the UK Investigatory Powers Bill was approved by the UK House of Lords. The draft of the Bill has sparked controversy, as it will hand significant and wide-ranging powers to state surveillance agencies, and has been strongly criticized by some privacy and human rights advocacy groups. … Continue Reading

Russia Set to Block Access to LinkedIn

On November 10, 2016, Moscow’s Court of Appeal upheld a lower court’s decision that LinkedIn violated Russia’s data localization law requiring Russian personal data to be stored within Russian territory. Roskomnadzor, Russia’s data protection authority, is now set to block access to the social media website across Russia.… Continue Reading

Adobe Settles Multistate Data Breach Enforcement Action

On November 7, 2016, Adobe Systems Inc. entered into an assurance of voluntary compliance with 15 state Attorneys General to settle allegations that the company lacked proper measures to protect its systems from a 2013 cyber attack that resulted in the theft of the personal information of millions of customers. … Continue Reading

CIPL and AvePoint Release Global GDPR Readiness Report

On November 9, 2016, the Centre for Information Policy Leadership at Hunton & Williams LLP and AvePoint released the results of a joint global survey launched in May 2016 concerning organizational preparedness for implementing the EU General Data Protection Regulation. … Continue Reading

Final Cybersecurity Law Enacted in China

On November 7, 2016, the Standing Committee of the National People’s Congress of China enacted the final Cybersecurity Law after it held its third reading of the draft Cybersecurity Law on October 31, 2016.… Continue Reading

FTC Announces Settlement Over Illegal Telemarketing Calls

On November 1, 2016, the FTC announced that a group of entities known as the Consumer Education Group settled FTC charges that, between late 2013 and 2015, it made millions of telemarketing calls, including pre-recorded robocalls, to consumers on the national Do Not Call Registry, in violation of the Telemarketing Sales Rule.… Continue Reading

China’s Cybersecurity Law Undergoes Third Reading

On October 31, 2016, the Standing Committee of the National People’s Congress of China held a third reading of the draft Cybersecurity Law. The National People’s Congress has not yet published the full text of the third draft of the Cybersecurity Law.… Continue Reading

CIPL Hosts Workshop on Transparency and Risk Assessment

On October 20, 2016, the Centre for Information Policy Leadership hosted a side workshop at the International Conference of Data Protection & Privacy Commissioners focused on transparency and risk assessment, entitled “The Role of Risk Assessment and Transparency in Enabling Organizational Accountability in the Digital Economy.”… Continue Reading

NHTSA Releases New Automobile Cybersecurity Best Practices

The National Highway Safety Administration (“NHTSA”) recently issued non-binding guidance that outlines best practices for automobile manufacturers to address automobile cybersecurity. The guidance, entitled Cybersecurity Best Practices for Modern Vehicles (the “Cybersecurity Guidance”), was recently previewed in correspondence with the House of Representatives’ Committee on Energy and Commerce (“Energy and Commerce Committee”).… Continue Reading

FTC Issues Guide for Businesses on Handling Data Breaches

On October 25, 2016, the Federal Trade Commission released a guide for businesses on how to handle and respond to data breaches. The 16-page guide details steps businesses should take once they become aware of a potential breach. The guide also underscores the need for cyber-specific insurance to help offset potentially significant response costs.… Continue Reading

Court Rules Fraud Involving a Computer Is Not ‘Computer Fraud’ under Crime Protection Policy

On October 18, 2016, the United States Court of Appeals for the Fifth Circuit held in Apache Corp. v. Great American Ins. Co. that a crime protection insurance policy does not cover loss resulting from a fraudulent email directing funds to be sent electronically to the imposter’s bank account because the scheme did not constitute “computer fraud” under the policy. … Continue Reading

CIPL and Telefónica Call for Action on New Approaches to Data Transparency

Recently, the Centre for Information Policy Leadership at Hunton & Williams LLP and Telefónica issued a joint white paper on Reframing Data Transparency. The white paper was the outcome of a June 2016 roundtable held by the two organizations in London, discussing the importance of user-centric transparency to the data driven economy.… Continue Reading

G-7 Endorses Best Practices for Bank Cybersecurity

On October 11, 2016, Group of Seven financial leaders endorsed the Fundamental Elements of Cybersecurity for the Financial Sector, a set of non-binding best practices for banks and financial institutions to address cybersecurity threats. … Continue Reading

Department of Defense Finalizes Rule for Cyber Incident Reporting

On October 4, 2016, the U.S. Department of Defense finalized a new mandatory cyber incident reporting rule for defense contractors. The new rule applies to DoD contractors and subcontractors that are targets of any cyber incident with a potential adverse impact on information systems and "covered defense information" on those systems. … Continue Reading

EDPS Issues Opinion on Coherent Enforcement of Fundamental Rights in the Age of Big Data

Recently, the European Data Protection Supervisor released Opinion 8/2016 on the coherent enforcement of fundamental rights in the age of big data. The Opinion updates the EDPS' Preliminary Opinion on Privacy and Competitiveness in the Age of Big Data, first published in 2014, and provides practical recommendations on how the EU's objectives and standards can be applied holistically across the EU institutions.… Continue Reading
LexBlog