On May 20, 2021, the Belgian Data Protection Authority announced that it had approved the EU Data Protection Code of Conduct for Cloud Service Providers, the first transnational EU code of conduct since the entry into force of the EU General Data Protection Regulation.
Continue Reading Belgian DPA Approves First EU Data Protection Code of Conduct for Cloud Service Providers
Cloud
Federal Acquisition Security Council Accepting Comments on Interim Final Rule Regarding Information Technology Supply Chain Risk
On November 2, 2020, the comment period for the Federal Acquisition Security Council’s interim final rule implementing the Federal Acquisition Supply Chain Security Act of 2018 will close.
Continue Reading Federal Acquisition Security Council Accepting Comments on Interim Final Rule Regarding Information Technology Supply Chain Risk
Irish DPA Issues Guidance to Secure Cloud-Based Environments
On March 19, 2020, the Irish Data Protection Authority published guidance to assist organizations in understanding their data security obligations and to mitigate their risks of a personal data breach when using cloud-based services.
Continue Reading Irish DPA Issues Guidance to Secure Cloud-Based Environments
DOJ Releases a White Paper on the CLOUD Act
Earlier this month, the U.S. Department of Justice published a white paper entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act.”…
Continue Reading DOJ Releases a White Paper on the CLOUD Act
Utah Governor Signs Electronic Data Privacy Bill Requiring Warrants to Access Certain Types of Data
On March 27, 2019, Utah Governor Gary Herbert signed HB57, the first U.S. law to protect electronic information that individuals have shared with certain third parties.
Continue Reading Utah Governor Signs Electronic Data Privacy Bill Requiring Warrants to Access Certain Types of Data
GSA to Upgrade Cybersecurity Requirements
Recently, the General Services Administration announced its plan to upgrade its cybersecurity requirements in an effort to build upon the Department of Defense’s new cybersecurity requirements that became effective on December 31, 2017.
Continue Reading GSA to Upgrade Cybersecurity Requirements
Article 29 Working Party Releases Opinion on Data Processing at Work
The Article 29 Working Party issued an Opinion on data processing at work, which complements the Working Party’s previous guidance on the processing of personal data in the employment context and on the surveillance of electronic communications in the workplace. This blog entry provides highlights on the Opinion.
Continue Reading Article 29 Working Party Releases Opinion on Data Processing at Work
FINRA Fines Brokerage Firm $650,000 After Cyber Attack
On November 14, 2016, Lincoln Financial Securities Corp., a subsidiary of Lincoln Financial Group, entered into a settlement with the Financial Industry Regulatory Authority, requiring LFS to pay a 650,000 dollar fine and implement stronger cybersecurity protocols following a 2012 hack into its cloud-based server.
Continue Reading FINRA Fines Brokerage Firm $650,000 After Cyber Attack
OCR Settles Two HIPAA Cases with Public Health Centers in Oregon and Mississippi
The U.S. Department of Health and Human Services’ Office for Civil Rights recently entered into resolution agreements with two large public health centers over alleged HIPAA violations.
Continue Reading OCR Settles Two HIPAA Cases with Public Health Centers in Oregon and Mississippi
FTC Settles with Router Manufacturer over Software Security Flaws
On February 23, 2016, the Federal Trade Commission announced that it reached a settlement with Taiwanese-based hardware manufacturer ASUSTeK Computer, Inc. to resolve claims that the company engaged in unfair and deceptive security practices in connection with developing network routers and cloud storage products sold to consumers in the U.S.
Continue Reading FTC Settles with Router Manufacturer over Software Security Flaws