Among the consequences of a data breach for an organization is the risk of personal liability for board members. Besides the prevention measures that can/must be taken to avoid hacking, directors and management should invest in training, procedures, detection, and response. Going in the specific, the following can help directors in case their company suffers […]
On May 16, 2016, the Commission on Enhancing National Cybersecurity (“Cybersecurity Commission’) held an open meeting. The primary purpose of the meeting was to discuss the challenges and opportunities facing the finance and insurance sectors as the Commission develops detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety […]
After the October 6, 2015, European Court of Justice’s annulment of the Safe Harbor decision of adequacy (Maximilian Schrems v. Data Protection Commissioner), the European Data Protection Authorities (DPAs) gave businesses until January 31, 2016, for the start of enforcement of the Schrems’ decision (see here). The Safe Harbor Scheme had been used for almost 15 years as the […]
On March 2, 2016, the Consumer Financial Protection Bureau (CFPB) brought its first data security enforcement action, acting as federal data security regulator to ensure that financial companies and service providers adequately secure consumers’ information. The CFPB, a federal agency – whose creation was authorized by the Dodd–Frank Wall Street Reform and Consumer Protection Act in […]
Internet-of-Things (IoT) (or internet-of-everything as it is often interchangeably called-) is a buzzword and it is all over. At present, the news is more technological than legal. Nonetheless, the IoT triggers some worrisome legal issues, among which data collection, data security, and invasion of privacy are among the most compelling. Actually, these issues are imposing because […]
On February 24, 2016, President Barack Obama signed the Judicial Redress Act into law, so granting the citizens of certain allied countries the same protection of US citizens under the Privacy Act. The full title of the Bill is: “To extend Privacy Act remedies to citizens of certified states, and for other purposes.” The President […]
Francesca Giannoni-Crystal & Allyson Haynes Stuart have just published in the Information law Journal an article dealing with privacy and data protection in the IoT. The article deals with recent developments in the IoT sector, highlights the difficulty of giving a definition of the IoT, and discuss the most important authorities (on the two side of the Atlantic) […]
On February 23, 2016, the European American Chamber of Commerce (EACC) hosted an interesting EU-US Privacy Roundtable with Privacy Activist Max Schrems, founder of the group Europe v. Facebook. The panel started by providing a brief overview of the developments in data privacy laws. It also explained the judiciary path that brought to the judgment […]
On January 22, 2016, the U.S. Food and Drug Administration (“FDA”) released draft guidance entitled “Postmarket Management of Cybersecurity in Medical Devices”. The document outlines recommendations to medical device manufacturers for managing postmarket cybersecurity vulnerabilities for marketed medical devices. The draft guidance applies to: 1) medical devices that contain software (including firmware) or programmable logic, […]
On February 9, 2016, President Obama President issued an executive order establishing the “Federal Privacy Council”, an interagency support structure consisting of senior privacy officials from each cabinet agency. The Privacy Council was established – according to the President – to protect privacy in order to maintain trust in the public institutions, considering the large amounts of […]