In December 2016, the EU’s Article 29 Working Party a number of GDPR guidance documents, including explanations for the mandatory DPO role, new individual right to data portability, and how to identify a “lead authority” for the GDPR’s one-stop shop enforcement mechanism.
The DPO Guidelines cover the designation of the DPO, the position of the DPO, and the DPO’s role/tasks. The GDPR requires the designation of a DPO in three cases.
Phishing scams are arising at a fast and furious pace in the first quarter of 2017, with the IRS recently issuing a warning that these attacks are now targeting non-profits and school districts.
New York attorneys Bill Tanenbaum and Randall Stempler published an article in Healthcare Business & Technology that explores how millennials view healthcare IT and more specifically, their concerns with the fragmented nature of medical online systems, and data security.
An Austrian hotel was a recent victim of a “ransomware” computer attack that disabled its electronic room key system and locked up its own computers. This demonstrates that hotel owners and managers should be sure IT agreements adequately address the risks of cyberattacks.
An Executive Order from President Trump’s first days in office raised questions about its impact on the hard-won Privacy Shield, which allows about 1,700 companies to legally transfer data between the EEA and Switzerland and the US.
The Federal Trade Commission (FTC) recently issued guidance for both businesses and consumers on defending against ransomware, both of which are based on lessons learned from the FTC’s recent ransomware workshop, with panelists that included security researchers, technologists, law enforcers, and bu
New York counsel Eric Biderman and James Westerlind were recently asked by the American Express Open Forum to provide their insights into the growing sophistication of cyberattacks.
At its monthly Open Meeting on October 27, the Federal Communications Commission adopted, but has not yet released, new privacy rules requiring retail broadband providers to offer consumers more choice over how their personal information is used.
While autonomous car technology currently dominates privacy and security headlines in the automotive sector, cybersecurity should be top of mind for all players in our industry, including retail automotive dealerships.
Cybersecurity and data intrustions have dominated business headlines this year, ranging from the rise of ransomware to international hacking of US political parties.
The enactment of new Federal Aviation Administration (FAA) regulations governing unmanned aircraft systems – or “drones” – has companies and consumers alike dreaming of the stuff of science fiction, but if the new regulations are any indication, the FAA is in no rush to see those dreams become reali
The Supreme Court case involving Spokeo and Thomas Robins, a consumer whose information was included in the search engine’s reports, highlights the limitations to a consumer’s ability to enforce their rights under the Fair Credit Reporting Act (FCRA).
This survey focuses on the data breach notification statutes of the states and territories within the US, and should be a useful tool and guide for data security planning and response purposes.