Archives: Information Security

Subscribe to Information Security RSS Feed

Working Party Adopts Revised Guidelines on Data Portability, DPOs and Lead SA

On April 5, 2017, the Article 29 Working Party adopted the final versions of its guidelines on the right to data portability, Data Protection Officers and Lead Supervisory Authority, which were first published for comment in December 2016. The final publication of these revised guidelines follows the public consultation which ended in February 2017. … Continue Reading

FTC Announces Settlement Over Alleged Consent Order Violation

On March 17, 2017, the Federal Trade Commission announced that Upromise, Inc., agreed to pay 500,000 dollars to settle allegations that it violated the terms of a 2012 consent order that required Upromise to provide notice to consumers regarding its data collection and use practices, and obtain third-party audits.… Continue Reading

Home Depot Settles Data Breach Claims

On March 9, 2017, Home Depot reached an agreement that includes the payment of 25 million dollars and the implementation of new data security measures to resolve a putative class action brought by financial institutions impacted by the company’s 2014 data breach.… Continue Reading

CNIL Launches New Public Consultation on the GDPR

On February 23, 2017, the French Data Protection Authority launched an online public consultation on three topics identified by the Article 29 Working Party in its 2017 action plan for the implementation of the EU General Data Protection Regulation. The three topics are consent, profiling and data breach notification. … Continue Reading

OCR Settlement Emphasizes Importance of Audit Controls

On February 16, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Memorial Healthcare System that emphasized the importance of audit controls in preventing breaches of protected health information. The 5.5 million dollar settlement with Memorial is the fourth enforcement action taken by OCR in 2017, and matches the largest civil monetary ever imposed against a single covered entity.… Continue Reading

CIPL Submits Comments to Article 29 Working Party’s Proposed Guidelines

On February 15, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP submitted two sets of formal comments to the Article 29 Working Party. CIPL commented on the Guidelines for identifying a controller or processor’s lead supervisory authority, and on the Guidelines on the right to data portability.… Continue Reading

Australia Enacts New Data Breach Notification Law

On February 13, 2017, the Parliament of Australia passed legislation that amends the Privacy Act of 1988 and requires companies with revenue over 3 million AUD (2.3 million USD) to notify affected Australian residents and the Australian Information Commissioner in the event of an "eligible data breach."… Continue Reading

European Data Protection Supervisor Publishes Priorities for 2017

On February 15, 2017, the European Data Protection Supervisor published its Priorities for 2017. The EDPS Priorities consist of a note listing the strategic priorities and a color-coded table listing the European Commission’s proposals that require the EDPS’ attention, sorted by level of priority.… Continue Reading

China Publishes Draft Measures for Security Review of Network Products and Services

On February 4, 2017, the Cyberspace Administration of China published a draft of its proposed Measures for the Security Review of Network Products and Services. Under the Cybersecurity Law of China, if an operator of key information infrastructure purchases network products and services that may affect national security, a security review is required. The draft is open for comment until March 4, 2017.… Continue Reading

CIPL to Hold Next GDPR Implementation Workshop in Madrid

On March 6 and 7, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP and over 100 public and private sector participants in CIPL’s GDPR Implementation Project will convene in Madrid, Spain, for CIPL’s third major GDPR implementation workshop.… Continue Reading

DPA of Argentina Issues Draft Data Protection Bill

Pablo Palazzi, from Buenos Aires law firm Allende & Brea, reports that earlier this month, the Argentine Data Protection Agency posted the first draft of a new data protection bill on its website. The Draft Bill is heavily based on the EU GDPR and maintains the structure of Argentina’s current data protection bill.… Continue Reading

House of Representatives Passes Email Privacy Act

On February 6, 2017, the House of Representatives suspended its rules and passed by voice vote H.R 387, the Email Privacy Act. The Email Privacy Act now moves to the Senate, where it will be considered by the Senate Judiciary Committee. … Continue Reading
LexBlog