The NIST Privacy Framework is a voluntary tool intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.
Schrems 2.0: European Court of Justice Advocate General Renders Opinion
On December 19, 2019, the European Court of Justice (ECJ) Advocate General, Henrik Saugmandsgaard ØE, provided his opinion on the validity of Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. The rendered opinion confirms that companies relying upon SCCs do not need to consider changing their approach at this time.
Norton Rose Fulbright Releases 2019 Litigation Trends Annual Survey
Released in December of 2019, Norton Rose Fulbright’s 2019 Litigation Trends Annual Survey highlighted that a majority of corporate counsel respondents foresee an economic downtown that will lead to a rise in disputes. Additionally, the number of in-house counsel who rated cybersecurity and privacy as the most important litigation issue facing them doubled from 2018 to 2019. Respondents said worries over cybersecurity and data protection risks are rooted in the volume of such threats, the creativity of cyber criminals, the sensitive nature of some data content and some jurisdictions’ enactment of stringent data privacy laws.
Considering Data Subject Access Requests? An Irish Guidance Note
In this recently published guidance note, DPC Ireland shares important considerations for both data requestors and controllers on the topic of Data Subject Access Requests (DSARs).
[E-Discovery Day Educational Webcast] The Convergence of E-Discovery and Privacy: Why Legal Leaders Must Take Notice
In this eDiscovery Day educational panel with eDiscovery experts including Jennifer Hamilton (John Deere) and Scott Thayer (Dawn Food Products), presenters will discuss how to create a holistic framework for effectively managing data in the midst of new privacy and eDiscovery requirements.
Luck of the Irish? Data Breach Trends from the First Year of the GDPR (Data Protection Commission Ireland)
In this recently published information note (October 2019), the Data Protection Commission (DPC) Ireland shares country-specific statistics and trends related to data breach notifications during the first year of GDPR.
Defining and Describing the Impact of Business Email Compromise
Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when a subject compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds. Between June 2016, and July 2019, more than $26B in exposed dollar losses due to BEC/EAC were reported to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3).
FBI Highlights Ransomware Threat to U.S. Businesses
Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.
From De-Identification to Re-Identification: Considering Personal Data Protection
The recently published research paper “Estimating the Success of Re-identifications in Incomplete Datasets Using Generative Models” shows how the likelihood of a specific individual to have been correctly re-identified can be estimated with high accuracy even when an anonymized dataset is heavily incomplete. The presented results reject the claims that, first, re-identification is not a practical risk and, second, sampling or releasing partial datasets provide plausible deniability. Moving forward, the results also question whether current de-identification practices satisfy the anonymization standards of modern data protection laws such as GDPR and CCPA and emphasize the need to move, from a legal and regulatory perspective, beyond the de-identification release-and-forget model.
The SHIELD is Now Up: New Legislation To Protect New Yorkers Against Data Security Breaches
“As technology seeps into practically every aspect of our daily lives, it is increasingly critical that we do everything we can to ensure the information that companies are trusted with is secure,” Governor Cuomo said. “The stark reality is security breaches are becoming more frequent and with this legislation New York is taking steps to increase protections for consumers and holding these companies accountable when they mishandle sensitive data.”