On December 12, 2014, the National Institute for Standards and Technology (“NIST”) announced the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (“SP 800-53A”). SP 800-53A is a companion guideline to Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations […]
Data Protection
TD Bank NA Settles Data Breach Lawsuit with Mass. AG
TD Bank North America (“TD Bank”) and the Massachusetts Attorney General announced an agreement on December 8 to end a data breach lawsuit brought against TD Bank by the Massachusetts Attorney General. The lawsuit alleged that TD Bank failed to properly protect and encrypt personal customer information contained on two server backup tapes that it […]
23 Privacy Enforcement Authorities Issue a Joint Open Letter to App Marketplaces
On December 9, 2014, a joint open letter (“Letter”) was issued to the operators of seven (7) app marketplaces, urging them to “make the basic commitment to require each app that can access or collect personal information, to provide users with timely access to the app’s privacy policy.” Although the Letter was sent to Apple, […]
Giovanni Buttarelli Confirmed as New European Data Protection Supervisor
On November 27, the European Parliament confirmed that Giovanni Buttarelli will serve as the next European Data Protection Supervisor (“EDPS”). Buttarelli will take over for Peter Hustinx, who served as EDPS for 10 years. Prior to his appointment, Buttarelli was the Assistant EDPS, a position which will now be held by Wojciech Rafal Wiewiórowski. Buttarelli’s privacy experience […]
EU’s Article 29 Working Party Releases Opinion on Internet of Things Protections
The European Union’s Article 29 Data Protection Working Party (WP29) adopted an opinion (the Opinion) on September 16, 2014 regarding data protection within the Internet of Things (IoT). Recognizing the rapid growth of the IoT, the Opinion responds to emerging data privacy concerns within the IoT, and provides recommendations for stakeholder compliance with EU data […]