Encryption

FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule

Posted on December 24, 2020

Posted in Enforcement, Information Security, U.S. Federal Law

On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company, to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders.…
Continue Reading FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule

Takeaways from 100th Anniversary Meeting of German Data Protection Authorities

Posted on December 2, 2020

Posted in European Union, International

On November 26, 2020, the Conference of the German Data Protection Authorities issued a press release with conclusions from their 100th anniversary meeting. The key issues discussed were the implications of Schrems II on German privacy and cybersecurity.…
Continue Reading Takeaways from 100th Anniversary Meeting of German Data Protection Authorities

FTC Postpones Safeguards Rule Workshop until July

Posted on May 4, 2020

Posted in Financial Privacy, U.S. Federal Law

As part of its regulatory review of the Gramm-Leach-Bliley Act Safeguards Rule, the Federal Trade Commission will hold a workshop, Information Security and Financial Institutions: An FTC Workshop to Examine the Safeguards Rule. The workshop, originally scheduled for May, has been postponed until July 13, 2020.…
Continue Reading FTC Postpones Safeguards Rule Workshop until July

Philippines NPC Investigating COVID-19 Related Breaches

Posted on May 1, 2020

Posted in Health Privacy, Information Security, International

On April 25, 2020, the Philippines National Privacy Commission issued a statement that it is investigating several breach notifications it has received relating to the unauthorized disclosure of sensitive personal information of confirmed and suspected COVID-19 patients. …
Continue Reading Philippines NPC Investigating COVID-19 Related Breaches

Irish DPA Issues Guidance to Secure Cloud-Based Environments

Posted on March 20, 2020

Posted in European Union, International

On March 19, 2020, the Irish Data Protection Authority published guidance to assist organizations in understanding their data security obligations and to mitigate their risks of a personal data breach when using cloud-based services.…
Continue Reading Irish DPA Issues Guidance to Secure Cloud-Based Environments

FTC Proposes Changes to GLB Privacy and Safeguards Rules

Posted on March 8, 2019

Posted in Financial Privacy, U.S. Federal Law

On March 5, 2019, the Federal Trade Commission announced that it is seeking comment on proposed changes to the FTC’s Safeguards Rule and Privacy Rule under the Gramm-Leach-Bliley Act.…
Continue Reading FTC Proposes Changes to GLB Privacy and Safeguards Rules

Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action

Posted on August 24, 2018

Posted in Cybersecurity, Enforcement, Health Privacy, Security Breach

On August 15, 2018, U.S. District Judge Lucy Koh signed an order granting final approval of the record 115 million dollar class action settlement agreed to by Anthem Inc. in June 2017. …
Continue Reading Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action

China Releases National Standard on Personal Information Security

Posted on January 26, 2018

Posted in Cybersecurity, Information Security, Online Privacy, Security Breach

On January 25, 2018, the Standardization Administration of China published the full text of the Information Security Technology – Personal Information Security Specification.…
Continue Reading China Releases National Standard on Personal Information Security

UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security

Posted on January 12, 2018

Posted in Cybersecurity, Enforcement, International, Security Breach

On January 8, 2017, the UK Information Commissioner issued an unprecedented monetary penalty of 400,000 pounds against British mobile phone retailer, The Car Phone Warehouse Limited. Following an attack on their system in 2015, the ICO found that the company had failed to take adequate steps to protect the personal data it held on its system.…
Continue Reading UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security

FTC Posts Fifth Blog in Its “Stick with Security” Series

Posted on August 18, 2017

Posted in Information Security

On August 18, 2017, the FTC published the fifth blog post in its “Stick with Security” series, which outlines steps businesses can take to secure sensitive data, including when it is in transit. …
Continue Reading FTC Posts Fifth Blog in Its “Stick with Security” Series

Menu

Privacy & Information Security Law Blog