An EDPB Update: Guidelines on Examples Regarding Data Breach Notification

The recently adopted EDPB guidelines on examples regarding data breach notification complement the Article 29 Working Party guidance on data breach notification by introducing more practice-orientated guidance and recommendations. The guidelines, adopted on January 14, 2021, and available for public commentary, aim to help data controllers in deciding how to handle data breaches and what factors to consider during risk assessment.

Playing NICE? A Workforce Framework for Cybersecurity from NIST

According to Karen Wetzel, Manager of the NICE Framework, “The NICE Framework building blocks (Tasks, Knowledge, and Skill statements) will unleash a variety of ways in which organizations can use and apply the NICE Framework within their unique context and in a manner that is consistent with the attributes of agility, flexibility, interoperability, and modularity. The introduction of Competencies, a mechanism for organizations to assess learners, is designed to increase alignment among employers, learners, and education and training providers and close the cybersecurity skills gap.”

New Rules? The European Regulation on Data Governance

According to the European Commission, the proposed Regulation on Data Governance (Data Protection Act) will create the basis for a new European way of data governance that is in line with EU values and principles, such as personal data protection (GDPR), consumer protection and competition rules. It offers an alternative model to the data-handling practices of the big tech platforms, which can acquire a high degree of market power because of their business models that imply control of large amounts of data.

From Proactive Detection to Data Breach Reviews: Sensitive Data Discovery and Extraction with Ascema

A steady rise in the number of sensitive data discovery requirements driven by events ranging from Data Subject Access Requests (DSARs) to data breaches are adding to the current ‘where’s my data’ problem; a problem increasingly complicated by enormous amounts of unstructured data widely spread across organizational systems. The ability to rapidly locate information across an organization’s digital estate and to easily review, collate, and extract that data into one central repository, is essential when faced with regulatory time constraints. Ascema, a sensitive data discovery and extraction platform from UK-based cybersecurity provider GeoLang, may be able to help eDiscovery professionals as they consider proactive detection and reactive data breach review of data.

From Metadata to Mass Surveillance? European Data Retention Revisited

This new report, “Data Retention Revisited,” published by the EDRi, critically revisits the question of data retention and concludes that the ongoing aspirations to reintroduce a data retention obligation in the EU remain in violation of EU law as long as the strict necessity of data retention is unproved and no genuinely targeted retention obligation is considered.

Socially Acceptable? EDBP Guidelines on the Targeting of Social Media Users

According to the recently published EDPB guidelines on the targeting of social media users, the term “targeter” is used to designate natural or legal persons that use social media services in order to direct specific messages at a set of social media users on the basis of specific parameters or criteria. What sets targeters apart from other social media users is that they select their messages and/or their intended audience according to the perceived characteristics, interests, or preferences of the individuals concerned, a practice which is sometimes also referred to as “micro-targeting.” Targeters can engage in targeting to advance commercial, political, or other interests.

A New Model for Cybersecurity? NIST Details Framework for Zero Trust Architecture

As highlighted in NIST Special Publication 800-207, no enterprise can eliminate cybersecurity risk. However, when complemented with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and general cyber hygiene, a properly implemented and maintained Zero Trust Architecture (ZTA) can reduce overall risk and protect against common threats.

You Want Answers? EDPB FAQ on CJEU Schrems II Decision

Following the recent judgment of the Court of Justice of the European Union in Case C-311/18 – Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems, the European Data Protection Board (EDPB) has adopted a ‘Frequently Asked Questions’ document to provide initial clarification and give preliminary guidance to stakeholders on the use of legal instruments for the transfer of personal data to third countries, including the U.S.

CJEU Invalidates Decision on the Adequacy of Protection Under EU-US Data Protection Shield

According to the Court of Justice of the European Union press announcement, in the view of the Court, the limitations on the protection of personal data arising from the domestic law of the United States on the access and use by US public authorities of such data transferred from the European Union to that third country, which the Commission assessed in Decision 2016/1250, are not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law, by the principle of proportionality, in so far as the surveillance programmes based on those provisions are not limited to what is strictly necessary.

A Pillar of Empowerment? Evaluating and Reviewing GDPR Data Protection

The general view is that two years after it started to apply, the GDPR has successfully met its objectives of strengthening the protection of the individual’s right to personal data protection and guaranteeing the free flow of personal data within the EU. However, a number of areas for future improvement have also been identified.

Reveal And Brainspace Merge

According to Wendell Jisa, founder and CEO of Reveal, "Backed by...

eDiscovery Mergers, Acquisitions, and Investments in 2020

Since beginning to track the number of publicly highlighted merger, acquisition,...

Relativity Acquires VerQu

According to Relativity CEO Mike Gamson, "It's imperative that the legal...

eDiscovery Mergers, Acquisitions, and Investments in Q4 2020

From Nuix and DISCO to Exterro and AccessData, the following findings,...

A New Era in eDiscovery? Framing Market Growth Through the Lens of Six Eras

There are many excellent resources for considering chronological and historiographical approaches...

An eDiscovery Market Size Mashup: 2020-2025 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Resetting the Baseline? eDiscovery Market Size Adjustments for 2020

An unanticipated pandemeconomic-driven retraction in eDiscovery spending during 2020 has resulted...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Five Great Reads on eDiscovery for January 2021

From eDiscovery business confidence and operational metrics to merger and acquisition...

Five Great Reads on eDiscovery for December 2020

May the peace and joy of the holiday season be with...

Five Great Reads on eDiscovery for November 2020

From market sizing and cyber law to industry investments and customer...

Five Great Reads on eDiscovery for October 2020

From business confidence and captive ALSPs to digital republics and mass...

Only a Matter of Time? HaystackID Launches New Service for Data Breach Discovery and Review

According to HaystackID's Chief Innovation Officer and President of Global Investigations,...

It’s a Match! Focusing on the Total Cost of eDiscovery Review with ReviewRight Match

As a leader in remote legal document review, HaystackID provides clients...

From Proactive Detection to Data Breach Reviews: Sensitive Data Discovery and Extraction with Ascema

A steady rise in the number of sensitive data discovery requirements...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

Issues Impacting eDiscovery Business Performance: A Winter 2021 Overview

In the winter of 2021, 43.3% of respondents viewed budgetary constraints...

Not So Outstanding? eDiscovery Operational Metrics in the Winter of 2021

In the winter of 2021, eDiscovery Business Confidence Survey more...

A Lifting of the Fog? Winter 2021 eDiscovery Business Confidence Survey Results

This is the twenty-first quarterly eDiscovery Business Confidence Survey conducted by...

High Five? An Aggregate Overview of Five Semi-Annual eDiscovery Pricing Surveys

As we are in the midst of a pandemic that has...