As part of its regulatory review of the Gramm-Leach-Bliley Act Safeguards Rule, the Federal Trade Commission will hold a workshop, Information Security and Financial Institutions: An FTC Workshop to Examine the Safeguards Rule. The workshop, originally scheduled for May, has been postponed until July 13, 2020.
Continue Reading FTC Postpones Safeguards Rule Workshop until July
Encryption
Philippines NPC Investigating COVID-19 Related Breaches
Posted on
On April 25, 2020, the Philippines National Privacy Commission issued a statement that it is investigating several breach notifications it has received relating to the unauthorized disclosure of sensitive personal information of confirmed and suspected COVID-19 patients. …
Continue Reading Philippines NPC Investigating COVID-19 Related Breaches
Irish DPA Issues Guidance to Secure Cloud-Based Environments
Posted on
Posted in European Union, International
On March 19, 2020, the Irish Data Protection Authority published guidance to assist organizations in understanding their data security obligations and to mitigate their risks of a personal data breach when using cloud-based services.…
Continue Reading Irish DPA Issues Guidance to Secure Cloud-Based Environments
FTC Proposes Changes to GLB Privacy and Safeguards Rules
Posted on
Posted in Financial Privacy, U.S. Federal Law
On March 5, 2019, the Federal Trade Commission announced that it is seeking comment on proposed changes to the FTC’s Safeguards Rule and Privacy Rule under the Gramm-Leach-Bliley Act.…
Continue Reading FTC Proposes Changes to GLB Privacy and Safeguards Rules
Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action
Posted on
On August 15, 2018, U.S. District Judge Lucy Koh signed an order granting final approval of the record 115 million dollar class action settlement agreed to by Anthem Inc. in June 2017. …
Continue Reading Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action
China Releases National Standard on Personal Information Security
Posted on
On January 25, 2018, the Standardization Administration of China published the full text of the Information Security Technology – Personal Information Security Specification.…
Continue Reading China Releases National Standard on Personal Information Security
UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security
Posted on
On January 8, 2017, the UK Information Commissioner issued an unprecedented monetary penalty of 400,000 pounds against British mobile phone retailer, The Car Phone Warehouse Limited. Following an attack on their system in 2015, the ICO found that the company had failed to take adequate steps to protect the personal data it held on its system.…
Continue Reading UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security
FTC Posts Fifth Blog in Its “Stick with Security” Series
Posted on
Posted in Information Security
On August 18, 2017, the FTC published the fifth blog post in its “Stick with Security” series, which outlines steps businesses can take to secure sensitive data, including when it is in transit. …
Continue Reading FTC Posts Fifth Blog in Its “Stick with Security” Series
Colorado Publishes Cybersecurity Regulations for Financial Institutions
Posted on
Recently, the Colorado Division of Securities published cybersecurity regulations for broker-dealers and investment advisers regulated by the Division. Colorado’s cybersecurity regulations follow similar regulations enacted in New York that apply to certain state-regulated financial institutions.…
Continue Reading Colorado Publishes Cybersecurity Regulations for Financial Institutions
New York AG Settles with Wireless Lock Maker Over Security Flaws
Posted on
On May 22, 2017, New York Attorney General Eric T. Schneiderman announced that the AG’s office has reached a settlement with Safetech Products LLC regarding the company’s sale of insecure Bluetooth-enabled wireless doors and padlocks. This “marks the first time an Attorneys General’s Office has taken legal action against a wireless security company for failing to protect their [customers’] personal and private information.” …
Continue Reading New York AG Settles with Wireless Lock Maker Over Security Flaws