On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union and the Directive on the resilience of critical entities entered into force.
Continue Reading New Cybersecurity Directives (NIS2 and CER) Enter into Force
Encryption
FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers
Posted on
On October 31, 2022, the Federal Trade Commission announced a proposed settlement with education technology provider Chegg in connection with the company’s alleged poor cybersecurity practices. …
Continue Reading FTC Takes Action Against Chegg for Alleged Security Failures that Exposed Data of Employees and 40 Million Consumers
SEC Fines Morgan Stanley $35 Million for Alleged Failure to Protect Customer Data
Posted on
Posted in Financial Privacy, Information Security
On September 20, 2022, the U.S. Securities and Exchange Commission announced that Morgan Stanley Smith Barney agreed to pay a $35 million fine for the firm’s alleged failure to adequately protect the personal information of approximately 15 million customers.
Continue Reading SEC Fines Morgan Stanley $35 Million for Alleged Failure to Protect Customer Data
FTC Announces Enforcement for Inadequate Third-Party Risk Management Practices Under the GLBA’s Safeguards Rule
Posted on
On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company, to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders.
Continue Reading FTC Announces Enforcement for Inadequate Third-Party Risk Management Practices Under the GLBA’s Safeguards Rule
Takeaways from 100th Anniversary Meeting of German Data Protection Authorities
Posted on
Posted in European Union, International
On November 26, 2020, the Conference of the German Data Protection Authorities issued a press release with conclusions from their 100th anniversary meeting. The key issues discussed were the implications of Schrems II on German privacy and cybersecurity.
Continue Reading Takeaways from 100th Anniversary Meeting of German Data Protection Authorities
FTC Postpones Safeguards Rule Workshop until July
Posted on
Posted in Financial Privacy, U.S. Federal Law
As part of its regulatory review of the Gramm-Leach-Bliley Act Safeguards Rule, the Federal Trade Commission will hold a workshop, Information Security and Financial Institutions: An FTC Workshop to Examine the Safeguards Rule. The workshop, originally scheduled for May, has been postponed until July 13, 2020.
Continue Reading FTC Postpones Safeguards Rule Workshop until July
Philippines NPC Investigating COVID-19 Related Breaches
Posted on
On April 25, 2020, the Philippines National Privacy Commission issued a statement that it is investigating several breach notifications it has received relating to the unauthorized disclosure of sensitive personal information of confirmed and suspected COVID-19 patients. …
Continue Reading Philippines NPC Investigating COVID-19 Related Breaches
Irish DPA Issues Guidance to Secure Cloud-Based Environments
Posted on
Posted in European Union, International
On March 19, 2020, the Irish Data Protection Authority published guidance to assist organizations in understanding their data security obligations and to mitigate their risks of a personal data breach when using cloud-based services.
Continue Reading Irish DPA Issues Guidance to Secure Cloud-Based Environments
FTC Proposes Changes to GLB Privacy and Safeguards Rules
Posted on
Posted in Financial Privacy, U.S. Federal Law
On March 5, 2019, the Federal Trade Commission announced that it is seeking comment on proposed changes to the FTC’s Safeguards Rule and Privacy Rule under the Gramm-Leach-Bliley Act.
Continue Reading FTC Proposes Changes to GLB Privacy and Safeguards Rules
Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action
Posted on
On August 15, 2018, U.S. District Judge Lucy Koh signed an order granting final approval of the record 115 million dollar class action settlement agreed to by Anthem Inc. in June 2017. …
Continue Reading Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action