placeholder

Challenged by Privacy? The NIST Privacy Framework

The NIST Privacy Framework is a voluntary tool intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.

placeholder

Schrems 2.0: European Court of Justice Advocate General Renders Opinion

On December 19, 2019, the European Court of Justice (ECJ) Advocate General, Henrik Saugmandsgaard ØE, provided his opinion on the validity of Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. The rendered opinion confirms that companies relying upon SCCs do not need to consider changing their approach at this time.

placeholder

Norton Rose Fulbright Releases 2019 Litigation Trends Annual Survey

Released in December of 2019, Norton Rose Fulbright’s 2019 Litigation Trends Annual Survey highlighted that a majority of corporate counsel respondents foresee an economic downtown that will lead to a rise in disputes. Additionally, the number of in-house counsel who rated cybersecurity and privacy as the most important litigation issue facing them doubled from 2018 to 2019. Respondents said worries over cybersecurity and data protection risks are rooted in the volume of such threats, the creativity of cyber criminals, the sensitive nature of some data content and some jurisdictions’ enactment of stringent data privacy laws.

placeholder

Defining and Describing the Impact of Business Email Compromise

Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when a subject compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds. Between June 2016, and July 2019, more than $26B in exposed dollar losses due to BEC/EAC were reported to the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3).

placeholder

FBI Highlights Ransomware Threat to U.S. Businesses

Ransomware attacks are becoming more targeted, sophisticated, and costly, even as the overall frequency of attacks remains consistent. Since early 2018, the incidence of broad, indiscriminate ransomware campaigns has sharply declined, but the losses from ransomware attacks have increased significantly, according to complaints received by IC3 and FBI case information.

placeholder

From De-Identification to Re-Identification: Considering Personal Data Protection

The recently published research paper “Estimating the Success of Re-identifications in Incomplete Datasets Using Generative Models” shows how the likelihood of a specific individual to have been correctly re-identified can be estimated with high accuracy even when an anonymized dataset is heavily incomplete. The presented results reject the claims that, first, re-identification is not a practical risk and, second, sampling or releasing partial datasets provide plausible deniability. Moving forward, the results also question whether current de-identification practices satisfy the anonymization standards of modern data protection laws such as GDPR and CCPA and emphasize the need to move, from a legal and regulatory perspective, beyond the de-identification release-and-forget model.

placeholder

The SHIELD is Now Up: New Legislation To Protect New Yorkers Against Data Security Breaches

“As technology seeps into practically every aspect of our daily lives, it is increasingly critical that we do everything we can to ensure the information that companies are trusted with is secure,” Governor Cuomo said. “The stark reality is security breaches are becoming more frequent and with this legislation New York is taking steps to increase protections for consumers and holding these companies accountable when they mishandle sensitive data.”