On February 16, 2023, the National Credit Union Administration Board unanimously approved a final rule requiring federally insured credit unions to notify the NCUA as soon as possible, within 72 hours, after the FCIU “reasonably believes” that a reportable cyber incident has occurred.
Continue Reading NCUA Board Approves Cyber Incident Reporting Requirement for Credit Unions
Cloud
Google Enters into Agreement with DOJ over 2016 Search Warrant Data Loss
Posted on
Posted in Enforcement, U.S. Federal Law
On October 25, 2022, the U.S. Department of Justice announced that Google had entered into an agreement to resolve a dispute over the loss of data responsive to a search warrant issued in 2016.
Continue Reading Google Enters into Agreement with DOJ over 2016 Search Warrant Data Loss
Wegmans Agrees to Pay $400,000 Penalty After Cloud Security Lapse
Posted on
On June 30, 2022, the New York Office of the Attorney General announced a $400,000 agreement with Wegmans Food Markets, Inc. in connection with a cloud storage security issue. …
Continue Reading Wegmans Agrees to Pay $400,000 Penalty After Cloud Security Lapse
CIPL Publishes New White Paper on the Approach of British Columbia, Canada to Cross-Border Data Transfers by Public Sector Bodies
Posted on
On June 10, 2022, CIPL published a white paper entitled “Local Law Assessments and Online Services – Refining the Approach to Beneficial and Privacy-Protective Cross-Border Data Flows A: Case Study from British Columbia.”…
Continue Reading CIPL Publishes New White Paper on the Approach of British Columbia, Canada to Cross-Border Data Transfers by Public Sector Bodies
U.S. Senate Unanimously Passes Cybersecurity Legislation Requiring 72 Hour Cyber Incident Notification
Posted on
Posted in Cybersecurity, U.S. Federal Law
On March 2, 2022, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022 (“SACA” or the “Bill”). The Bill is now with the House of Representatives for a vote and, if passed, will be sent to President Biden’s desk for signature.
…
Continue Reading U.S. Senate Unanimously Passes Cybersecurity Legislation Requiring 72 Hour Cyber Incident Notification
French CNIL Releases 2022 Enforcement Priorities
Posted on
On February 15, 2022, the French Data Protection Authority published its enforcement priority topics for 2022, which focused on direct marketing, monitoring teleworking employees and cloud computing. …
Continue Reading French CNIL Releases 2022 Enforcement Priorities
Belgian Council of State Considers Encryption a Sufficient Measure for U.S. Data Transfers
Posted on
Posted in European Union, International
The Belgian Council of State recently confirmed a decision of the regional Flemish Authorities to contract with an EU branch of a U.S. company using Amazon Web Services, stating that the use of U.S. cloud services in itself does not infringe on the GDPR.
Continue Reading Belgian Council of State Considers Encryption a Sufficient Measure for U.S. Data Transfers
EDPS Opens Investigations Following Schrems II Judgment
Posted on
Posted in European Union, Information Security
On May 27, 2021, the European Data Protection Supervisor announced that it has opened two investigations regarding (1) the use of cloud services by European Union institutions, bodies and agencies; and (2) the use of Microsoft Office 365 by the European Commission.
Continue Reading EDPS Opens Investigations Following Schrems II Judgment
Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers
Posted on
On May 20, 2021, the Belgian Data Protection Authority announced that it had approved the EU Data Protection Code of Conduct for Cloud Service Providers, the first transnational EU code of conduct since the entry into force of the EU General Data Protection Regulation.
Continue Reading Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers
Federal Acquisition Security Council Accepting Comments on Interim Final Rule Regarding Information Technology Supply Chain Risk
Posted on
Posted in Information Security, U.S. Federal Law
On November 2, 2020, the comment period for the Federal Acquisition Security Council’s interim final rule implementing the Federal Acquisition Supply Chain Security Act of 2018 will close.
Continue Reading Federal Acquisition Security Council Accepting Comments on Interim Final Rule Regarding Information Technology Supply Chain Risk