In a cautionary decision for companies handling personal data, the Spanish Data Protection Authority (AEPD) issued a substantial fine to a telecommunications distributor following a significant data breach. In April 2021, the company at the center of the case had been targeted by a ransomware attack using Babuk malware, which encrypted files and interrupted operations. When the company refused to pay the ransom, cybercriminals published the personal data of around 13 million individuals on the dark web, exposing affected users to serious risks of fraud and identity theft.Continue Reading When Data Breaches Cost Twice – AEPD’s Landmark Fine Shows That Being the Victim of a Cyberattack Doesn’t Excuse GDPR Failures
Ransomware
BREAKING: Former Uber CSO Convicted of Criminal Obstruction and Concealment of a Felony for 2016 Data Breach Cover Up
After several days of deliberating, a jury today convicted Uber Technologies Inc.’s (“Uber’s”) former chief security officer (the “Former CSO”) of criminal obstruction and concealing the theft of personal data of fifty million Uber customers and seven million Uber drivers from the Federal Trade Commission (“FTC”).
Recall that back in 2016, two hackers stole data…
CPW Week in Review
In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
CPW’s Shea Leitch and Kyle Dull to Speak at ACC South Florida’s 12th Annual CLE Conference
The NYDFS Proposes Substantial Amendments to Cyber Regulations
The New York Department of Financial Services (“NYDFS”) recently posted a request for public comment on a set of proposed amendments to NYDFS’ current “Cybersecurity Requirements for Financial Services Companies” (“Regulations”).[1] The amendments to the Regulations (“Pre-Proposal Amendments”) are in the “pre-proposal” phase, meaning that the NYDFS will issue official proposed amendments in the near future. Once official proposed amendments are issued, a 60-day public comment period starts, which means that amended Regulations likely will take effect sometime in 2023. In the meantime, entities subject to the Regulations should review the Pre-Proposal Amendments to help ensure sufficient time and resources to implement new requirements.
As background, the Regulations became effective on March 1, 2017, but followed a phased implementation process. The Regulations apply to all entities licensed by the NYDFS (“covered entities”), including banks, insurance companies, money transmitters and other financial services firms doing business in New York. The last phase of the Regulations was implemented in March 2019, at which point the Regulations were fully effective.Continue Reading The NYDFS Proposes Substantial Amendments to Cyber Regulations
CPW Week in Review
In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
CPW Week in Review
In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Connecticut General Assembly Passes Comprehensive Privacy Bill
Double Trouble: Why Organisations Need to Consider the Legal Consequences of Ransomware and DDoS Attacks
Ransomware and DDoS attacks are costly to organisations that fall victim in terms of reputational damage, picking up the pieces as well as potential enforcement from the ICO and compensation claims by data subjects.
Continue Reading Double Trouble: Why Organisations Need to Consider the Legal Consequences of Ransomware and DDoS Attacks
New Law Requires 72-Hour Notice for Cyber Incidents
Background
President Biden has recently delivered on a long stated priority of his presidency: requiring the disclosure of cyber security incidents for companies that operate critical infrastructure. After announcing an executive order in May 2021 aimed at modernizing the federal government’s cybersecurity practices, the same sweeping changes will now effect private companies that operate critical…
Squire Patton Boggs Named a World Leader in Data Protection by Global Data Review
CPW is proud to share with its readers that Global Data Review, a leading data law and regulation publication, has ranked Squire Patton Boggs among 25 Elite firms in its 2022 edition of the GDR 100. GDR identifies and profiles the world’s leading law firms. GDR notes that firms with the Elite designation in…
California Attorney General Issues Guidance on Health Data Privacy Issues
Citing “multiple unreported ramsomware attacks” targeting the healthcare sector, last month the California Attorney General (CA AG) issued guidance reminding healthcare entities of their requirements under state and federal health data privacy laws to implement adequate security measures and comply with breach notification requirements. Although the document does not provide any “new” guidance, it signals…