President Trump Signs Long-Awaited Cyber Executive Order

Written by
On May 11, 2017, President Trump signed a long-awaited executive order on cybersecurity (the “Order”).  The Order directs executive agencies to complete a risk management report based on the NIST Cybersecurity Framework (the “Framework”) and also requires the Department of Homeland Security (DHS) and other agencies to undertake activities in support of effective cybersecurity risk management for operators of critical infrastructure.  More generally, the Order directs several agencies to submit reports to the President on a varied set of cybersecurity-related topics.  These measures demonstrate [...] Read more

Outbreak of “WannaCry” and “Wanna Decryptor” Ransomware Affects Companies Across the Globe

Written by
On Friday, May 12, companies in countries across the globe witnessed an unprecedented malware outbreak as ransomware labeled “WannaCry” and “Wanna Decryptor” infected a large range of critical systems. The malware exploits a vulnerability in older versions of Microsoft’s Windows, locks the systems it infects, and threatens to delete files unless a bitcoin ransom is paid. What happened? An attacker or group of attackers unleashed a wave of ransomware infections beginning on Friday, May 12. More so than previous attacks, this outbreak resulted in substantial disruption to regular [...] Read more

Swire Discusses European Data Economy at European Political Strategy Centre Policy Hearing

Written by
Peter Swire, Alston & Bird Senior Counsel and Nancy J. and Lawrence P. Huang Professor of Law and Ethics at the Georgia Institute of Technology’s Scheller College of Business, recently participated in a policy hearing held by the European Political Strategy Centre, the in-house think tank of the European Commission. Swire joined five other experts in answering a series of questions posed by the Centre’s moderators on how Europe can build its data economy to compete globally, protect fundamental privacy rights, and guard against anti-competitive behavior. In his remarks, Swire pointed [...] Read more

New York High Court Denies Facebook’s Challenge of Bulk Stored Communications Act Warrants

Written by
The Court of Appeals for the State of New York recently rejected Facebook’s appeal of its challenge to bulk search warrants issued pursuant to the Stored Communications Act (SCA) and separately challenged the warrants’ nondisclosure component. The Court affirmed the lower court’s ruling that Facebook could not appeal the rejection of its motion to quash the SCA warrant. In this case, at the request of the Manhattan District Attorney’s Office, the New York Supreme Court issued 381 warrants directing Facebook to “retrieve, enter, examine, copy, analyze, and . . . search” the targeted [...] Read more

A Look Into Europe’s New Cybersecurity Regimes

Written by

Europe is facing two important reforms addressing cybersecurity, which will apply in 2018. Jan Dhont and Delphine Charlot outlined the details of these regimes in an article for the Society of Corporate Compliance and Ethics, which you can read here.

French CNIL Releases GDPR Compliance Toolkit

Written by
On March 15, 2017, the French data protection authority (CNIL) released its six step- GDPR compliance program together with GDPR-tailored templates for use by companies, the “GDPR Toolkit.” The GDPR Toolkit is helpful for companies because it provides guidance that companies may directly include in their privacy programs. Companies with sophisticated privacy programs may also use the GDPR Toolkit as a reality check against CNIL and, more generally, European data protection authorities’ standards and expectations for GDPR compliance. Click here to access the Toolkit. [...] Read more

Working Party welcomes the draft ePrivacy Regulation, yet expresses grave concerns

Written by
The Working Party recently issued its first Opinion for 2017, focusing on the EU Commission’s proposed ePrivacy Regulation (WP 247, Opinion 01/2017). The Commission’s proposal, which was published in January this year, aims to modernize the existing ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) which concerns the protection of personal data in the context of electronic communication services. In its Opinion, the Working Party overall welcomed the proposed regulation, yet expressed several points of concern and suggested amendments. The congratulations… In welcoming the regulation, [...] Read more

May 30 is Fast Approaching – Are You Ready for Compliance with the Amended Act on Protection of Personal Information in Japan?

Written by
Japan’s Act on Protection of Personal Information currently in force (“Current APPI”) dates back to 2003.  It was originally enacted on May 30, 2003, and came into effect in 2005.  Ten years later, the National Diet passed extensive reforms to modernize the Current APPI in September, 2015.  Although the Amended Act on Protection of Personal Information (“Amended APPI”) has been partly in effect, it will come fully into effect on May 30, 2017. It is important to note that the Amended APPI applies to “personal information handling business operators” which is defined as a person [...] Read more

New Mexico Data Breach Legislation Passes

Written by
New Mexico recently became the 48th state to pass some form of data breach notification legislation, leaving Alabama and South Dakota as the lone holdouts.  The Data Breach Notification Act was signed by New Mexico Governor Susana Martinez on April 6, 2017.  The law applies to persons that own or license personal identifying information of New Mexico residents, defined as an individual’s first name or first initial and last name in combination with a social security number, driver’s license number, government-issued ID number, account number plus security or access code or password, or biometric [...] Read more

New York Attorney General Announces Record Number of Data Breach Notices in 2016

Written by
On March 21, 2017, New York Attorney General (NYAG) Eric T. Schneiderman announced that his office had received a record breaking 1,282 data breach notices to his office affecting 1.6 million New York residents during 2016. Compared to 2015, these figures represent a 60 percent increase in the number of notices and a 300 percent increase in the number of New York residents affected. These research figures build on the NYAG’s 2014 report “Information Exposed: Historical Examination of Data Security in New York State,” which analyzed eight years of security breach statistics in New York from [...] Read more