On October 5, 2022, former Uber security chief Joe Sullivan was found guilty by a jury in U.S. federal court for his alleged failure to disclose a breach of Uber customer and driver data to the FTC in the midst of an ongoing FTC investigation. This case is significant because it represents the first time a company executive has faced criminal prosecution related to the handling of a data breach.
Continue Reading Former Uber Security Chief Found Guilty in Criminal Trial for Failure to Disclose Breach to FTC

The U.S. Department of Justice has unsealed an indictment accusing nine Iranian nationals of engaging in a “massive and brazen cyber assault” against at least 176 universities, 47 private companies and 7 government agencies and non-governmental organizations, including the Federal Energy Regulatory Commission.
Continue Reading DOJ Accuses Iranian Nationals of “Brazen Cyber Assault” on Universities and Government Agencies

In March 2014, the State Postal Bureau of the People’s Republic of China formally issued three rules establishing significant requirements regarding the protection of personal information. This blog post highlights some of the key elements of the new rules, which are now in effect.
Continue Reading Chinese Postal Bureau Issues Personal Information Protection Rules

On November 27, 2013, the State Postal Bureau of the People’s Republic of China released five draft normative rules for solicitation of public comment. This blog entry highlights three of these rules relating to the protection of personal information. The deadline for submitting comments on the rules is December 27, 2013.
Continue Reading State Post Bureau of China Releases Draft Normative Rules Involving Personal Information Protection for Public Comment