On May 20, 2021, the Belgian Data Protection Authority announced that it had approved the EU Data Protection Code of Conduct for Cloud Service Providers, the first transnational EU code of conduct since the entry into force of the EU General Data Protection Regulation.
Continue Reading Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers

On November 2, 2020, the comment period for the Federal Acquisition Security Council’s interim final rule implementing the Federal Acquisition Supply Chain Security Act of 2018 will close.
Continue Reading Federal Acquisition Security Council Accepting Comments on Interim Final Rule Regarding Information Technology Supply Chain Risk

The Article 29 Working Party issued an Opinion on data processing at work, which complements the Working Party’s previous guidance on the processing of personal data in the employment context and on the surveillance of electronic communications in the workplace. This blog entry provides highlights on the Opinion.
Continue Reading Article 29 Working Party Releases Opinion on Data Processing at Work

On November 14, 2016, Lincoln Financial Securities Corp., a subsidiary of Lincoln Financial Group, entered into a settlement with the Financial Industry Regulatory Authority, requiring LFS to pay a 650,000 dollar fine and implement stronger cybersecurity protocols following a 2012 hack into its cloud-based server.
Continue Reading FINRA Fines Brokerage Firm $650,000 After Cyber Attack

On February 23, 2016, the Federal Trade Commission announced that it reached a settlement with Taiwanese-based hardware manufacturer ASUSTeK Computer, Inc. to resolve claims that the company engaged in unfair and deceptive security practices in connection with developing network routers and cloud storage products sold to consumers in the U.S.
Continue Reading FTC Settles with Router Manufacturer over Software Security Flaws