Archives: Information Security

Subscribe to Information Security RSS Feed

New Jersey Shopper Privacy Bill Signed into Law

On July 21, 2017, New Jersey Governor Chris Christie signed a bill that places new restrictions on the collection and use of personal information by retail establishments for certain purposes. The statute, which is called the Personal Information and Privacy Protection Act, permits retail establishments in New Jersey to scan a person’s driver’s license or other state-issued identification card only for eight purposes. … Continue Reading

Article 29 Working Party Releases Opinion on Data Processing at Work

The Article 29 Working Party issued an Opinion on data processing at work, which complements the Working Party's previous guidance on the processing of personal data in the employment context and on the surveillance of electronic communications in the workplace. This blog entry provides highlights on the Opinion.… Continue Reading

Ransomware Health Data Breach Affects 500,000 Patients

On June 26, 2017, Airway Oxygen reported that it was the subject of a ransomware attack affecting 500,000 patients’ protected health information. The attack is the second largest health data breach recorded by the Office for Civil Rights this year, and the largest ransomware incident recorded by OCR since it began tracking incidents in 2009. … Continue Reading

Record Data Breach Settlement in Anthem Class Action

On June 23, 2017, Anthem Inc., the nation’s second largest health insurer, reached a record 115 million dollar settlement in a class action lawsuit arising out of a 2015 data breach that exposed the personal information of more than 78 million people. Among other things, the settlement creates a pool of funds to provide credit monitoring and reimbursement for out-of-pocket costs for customers. … Continue Reading

Implementation of the EU GDPR: 30-Minute Guidance Review

As companies in the EU and the U.S. prepare for the application of the EU General Data Protection Regulation in May 2018, Hunton & Williams’ Global Privacy and Cybersecurity partner Aaron Simpson discusses the key, significant changes from the EU Directive that companies must comply with before next year. This blog entry contains a link to the full 30-minute webinar. … Continue Reading

UK ICO Revises Subject Access Guidance Following Court Rulings

On June 20, 2017, the UK Information Commissioner’s Office published an updated version of its Code of Practice on Subject Access Requests. The updates are primarily in response to three Court of Appeal decisions from earlier this year regarding data controllers’ obligations to respond to subject access requests. The revisions more closely align the ICO’s position with the court’s judgments.… Continue Reading

Germany Issues Ethics Report on Automated and Connected Cars

On June 20, 2017, the German Federal Ministry of Transport and Digital Infrastructure issued a report on the ethics of Automated and Connected Cars. The Report was developed by a multidisciplinary Ethics Commission established in September 2016 for the purpose of developing essential ethical guidelines for the use of automated and connected cars. … Continue Reading

China Releases Draft Guidelines on Cross-Border Data Transfers Pursuant to the Cybersecurity Law

Recently, the National Information Security Standardization Technical Committee of China published draft guidelines on cross-border transfers pursuant to the new Cybersecurity Law, entitled Information Security Technology – Guidelines for Data Cross-Border Transfer Security Assessment. Once finalized, the Guidelines are intended to establish norms regarding security assessments conducted in the context of cross-border data transfers. … Continue Reading

Washington Becomes Third State to Enact Biometric Privacy Law

On May 16, 2017, the Governor of the State of Washington, Jay Inslee, signed into law House Bill 1493, which sets forth requirements for businesses who collect and use biometric identifiers for commercial purposes. The law will become effective on July 23, 2017. Washington becomes the third state to pass legislation regulating the commercial use of biometric identifiers.… Continue Reading

Cybersecurity Law Goes Into Effect in China

On June 1, 2017, the new Cybersecurity Law went into effect in China. This post takes stock of (1) which measures have been passed so far, (2) which ones go into effect on June 1 and (3) which ones are in progress but have yet to be promulgated.… Continue Reading

New York AG Settles with Wireless Lock Maker Over Security Flaws

On May 22, 2017, New York Attorney General Eric T. Schneiderman announced that the AG’s office has reached a settlement with Safetech Products LLC regarding the company’s sale of insecure Bluetooth-enabled wireless doors and padlocks. This “marks the first time an Attorneys General’s Office has taken legal action against a wireless security company for failing to protect their [customers’] personal and private information.” … Continue Reading
LexBlog