Binding corporate rules (BCRs) are a legally recognized mechanism that facilitate intra-group transfers of personal data from the European Economic Area (EEA) to the rest of the world. Adopting BCRs not only allows for the free flow of information across an organization but also builds a strong digital culture which is crucial in this data […]
Board Governance & Cyber Risk Management
DOJ Releases “Best Practices for Victim Response and Reporting of Cyber Incidents,” Version 2.0
On September 27, 2018, the Department of Justice Computer Crime and Intellectual Property (CCIPS) Cybersecurity Unit released Version 2.0 of its “Best Practices for Victim Response and Reporting of Cyber Incidents.” Originally issued in 2015, the updated guidance seeks to help organizations better equip themselves to be able to respond effectively and lawfully to cyber […]
SEC Brings First Enforcement Action for Violation of the Identity Theft Red Flags Rule
On September 26, 2018, the SEC brought its first ever enforcement action for violations of Regulation S-ID (the “Identity Theft Red Flags Rule”), 17 C.F.R. § 248.201, in addition to violations of Regulation S-P, 17 C.F.R. 30(a) (the “Safeguards Rule”). Regulation S-ID and Regulation S-P apply to SEC-registered broker-dealers, investment companies, and investment advisers, and […]
Ohio Enacts Cybersecurity Safe Harbor Law
Ohio recently enacted the Ohio Data Protection Act (2018 SB 220), a law that offers a breach litigation safe harbor to businesses meeting specific cybersecurity standards. While the law does not prevent a plaintiff from filing a lawsuit following a data breach, it does provide an affirmative defense to companies defending themselves against such claims. […]
India’s Draft Data Protection Bill: Another GDPR Around The Corner?
India recently introduced the Personal Data Protection Bill 2018 (“Bill”). The transfer of personal data in India is currently governed by the SPD Rules (Sensitive Personal Data and Information, 2011), which is however considered outdated and not fully protective of personal data. The Bill comes as a result of the country’s Supreme Court recent judgment […]