Archives: Information Security

Subscribe to Information Security RSS Feed

Article 29 Working Party Releases Opinion on EU-U.S. Privacy Shield

On April 13, 2016, the Article 29 Working Party published its Opinion on the EU-U.S. Privacy Shield draft adequacy decision. The Working Party also published a Working Document on the justification for interferences with the fundamental rights to privacy and data protection through surveillance measures when transferring personal data.… Continue Reading

Hunton & Williams Launches Cyber and Physical Security Task Force

Hunton & Williams LLP announces the formation of a Cyber and Physical Security Task Force to assist companies in minimizing the risks and consequences of a serious security incident. The task force is being led by global privacy and cybersecurity head Lisa Sotto, cybersecurity partner Paul Tiao, and energy partner Kevin Jones, and includes lawyers from a wide range of practice groups within the firm. … Continue Reading

NERC Report Highlights Lessons Learned from Ukraine Electric Utility Cyber Attack

On March 18, 2016, a report was released by a joint team from the North American Electric Reliability Corporation’s Electricity Information Sharing Analysis Center and SANS Industrial Control Systems. According to the report, the cyber attack against a Ukrainian electric utility in December 2015 was based on months of undetected reconnaissance that gave the attackers a sophisticated understanding of the utility’s supervisory control and data acquisition networks. … Continue Reading

Draft E-Commerce Standards Published for Comment in China

On March 22, 2016, the Ministry of Commerce of the People’s Republic of China published drafts of its proposed (1) Specifications for Business Services in Mobile E-commerce and (2) Specifications for Business Services in Cross-border E-commerce. Public comments on the drafts will be accepted until May 31, 2016.… Continue Reading

Consumer Financial Protection Bureau Imposes First Ever Data Security Fine

On February 27, 2016, the Consumer Financial Protection Bureau reached a settlement with Dwolla, Inc., an online payment system company, to resolve claims that the company made false representations regarding its data security practices in violation of the Consumer Financial Protection Act. Among other things, the consent order imposes a 100,000 dollar fine on Dwolla. This marks the first data security-related fine imposed by the CFPB. … Continue Reading

How to Safeguard Privacy and Data Security in Corporate Transactions

In a recent article published by Corporate Counsel, Hunton & Williams partner Lisa Sotto and associate Ryan Logan discuss the privacy and data security-related legal issues that arise in corporate transactions, and provide a how-to guide on addressing those issues during the various stages of a transaction.… Continue Reading

European Commission Presents EU-U.S. Privacy Shield

On February 29, 2016, the European Commission issued the legal texts that will implement the EU-U.S. Privacy Shield, including a draft adequacy decision of the European Commission, Frequently Asked Questions and a Communication summarizing the steps that have been taken over the last few years to restore trust in transatlantic data flows.… Continue Reading

FTC Settles with Router Manufacturer over Software Security Flaws

On February 23, 2016, the Federal Trade Commission announced that it reached a settlement with Taiwanese-based hardware manufacturer ASUSTeK Computer, Inc. to resolve claims that the company engaged in unfair and deceptive security practices in connection with developing network routers and cloud storage products sold to consumers in the U.S.… Continue Reading

California Attorney General Releases Report Defining “Reasonable” Data Security

On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 which, among other things, provides (1) an overview of businesses’ responsibilities regarding protecting personal information and reporting data breaches and (2) a series of recommendations for businesses and state policy makers to follow to help safeguard personal information. … Continue Reading
LexBlog