The NIST Privacy Framework is a voluntary tool intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.
On December 19, 2019, the European Court of Justice (ECJ) Advocate General, Henrik Saugmandsgaard ØE, provided his opinion on the validity of Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. The rendered opinion confirms that companies relying upon SCCs do not need to consider changing their approach at this time.
Released in December of 2019, Norton Rose Fulbright’s 2019 Litigation Trends Annual Survey highlighted that a majority of corporate counsel respondents foresee an economic downtown that will lead to a rise in disputes. Additionally, the number of in-house counsel who rated cybersecurity and privacy as the most important litigation issue facing them doubled from 2018 to 2019. Respondents said worries over cybersecurity and data protection risks are rooted in the volume of such threats, the creativity of cyber criminals, the sensitive nature of some data content and some jurisdictions’ enactment of stringent data privacy laws.
In this recently published guidance note, DPC Ireland shares important considerations for both data requestors and controllers on the topic of Data Subject Access Requests (DSARs).
In this eDiscovery Day educational panel with eDiscovery experts including Jennifer Hamilton (John Deere) and Scott Thayer (Dawn Food Products), presenters will discuss how to create a holistic framework for effectively managing data in the midst of new privacy and eDiscovery requirements.
In this recently published information note (October 2019), the Data Protection Commission (DPC) Ireland shares country-specific statistics and trends related to data breach notifications during the first year of GDPR.
Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when a subject compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds. Between June 2016, and July 2019, more than $26B in exposed dollar losses due to BEC/EAC were reported to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3).
Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.
The recently published research paper “Estimating the Success of Re-identifications in Incomplete Datasets Using Generative Models” shows how the likelihood of a specific individual to have been correctly re-identified can be estimated with high accuracy even when an anonymized dataset is heavily incomplete. The presented results reject the claims that, first, re-identification is not a practical risk and, second, sampling or releasing partial datasets provide plausible deniability. Moving forward, the results also question whether current de-identification practices satisfy the anonymization standards of modern data protection laws such as GDPR and CCPA and emphasize the need to move, from a legal and regulatory perspective, beyond the de-identification release-and-forget model.
“As technology seeps into practically every aspect of our daily lives, it is increasingly critical that we do everything we can to ensure the information that companies are trusted with is secure,” Governor Cuomo said. “The stark reality is security breaches are becoming more frequent and with this legislation New York is taking steps to increase protections for consumers and holding these companies accountable when they mishandle sensitive data.”