Plaintiff is Able to Get Some Subpoenas for Personal Data Quashed, But Not All: eDiscovery Case Law

eDiscovery Daily

Lasnik granted in part and denied in part the plaintiff’s motion to quash subpoenas for personal phone records and bank records, finding that phone records before the plaintiff’s hand injury on the defendant’s fishing boat were “of vital importance to defendants’ theory of the case” , but that the need for pre-incident bank records was not proportional to the needs of the case and that, with regard to subpoenas of post-incident data, defendants were “fishing”. In Delgado v.

REvil ransomware gang recommends that Apple buy back its data stolen in Quanta hack

Security Affairs

REvil ransomware gang is attempting to extort Apple ahead of the Apple Spring Loaded event threatening to sell stolen blueprints belonging to the IT giant that were stolen from Quanta Computer. Quanta Computer is a Taiwan-based manufacturer of notebook computers and other electronic hardware.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Utah Governor Signs Electronic Data Privacy Bill Requiring Warrants to Access Certain Types of Data

Hunton Privacy

law to protect electronic information that individuals have shared with certain third parties. Representative Craig Hall, R-Utah, who introduced the bill, stated that the goal “is to provide the same protections we have in the physical world and apply those to the electronic world.” State Law Cloud Congress Internet Personal Data Trump Administration UtahOn March 27, 2019, Utah Governor Gary Herbert signed HB57, the first U.S.

Belgium Adopts Law Reforming the Belgian Privacy Commission

Hunton Privacy

On January 10, 2018, the Law of 3 December 2017 creating the Data Protection Authority (the “Law”) was published in the Belgian Official Gazette (available in French and Dutch ). The EU General Data Protection Regulation (“GDPR”) provides national data protection authorities with a strengthened enforcement role. The DPA will also have to cooperate with other national data protection authorities.

Draft Released in the Philippines Implementing Rules for the Data Privacy Act

Hunton Privacy

On June 17, 2016, the National Privacy Commission (the “Commission”) of the Philippines released draft guidelines entitled, Implementing Rules and Regulations of the Data Privacy Act of 2012 (“IRR”), for public consultation. Under the IRR, the processing of personal data has to adhere to the principles of transparency, legitimate purpose and proportionality. The IRR defines personal data as personal information, sensitive information and privileged information.

Pennsylvania Supreme Court holds common law duty for employers extends to protecting sensitive employee information

Data Protection Report

On November 21, 2018, the Pennsylvania Supreme Court broke new ground by holding that employers have a legal duty to take reasonable care to safeguard its employees’ sensitive personal information from cyberattacks. UPMC was filed by a group of employees of the University of Pittsburg Medical Center (“UPMC”), alleging a failure in data security resulted in a data breach and the theft of the personal and financial information of UPMC’s 62,000 employees.

Indonesia Soon to Become the Fifth ASEAN Country to Adapt Data Privacy Laws

Security Affairs

Earlier this year, Indonesia joined the ranks with the first four ASEAN countries including Malaysia, Singapore, Philippines and Thailand to have enacted laws relating to personal data protection. Some key provisions in the draft personal data protection law are: Personal Data.

An Early Recap of Privacy in 2020: A US Perspective

Data Matters

*This article was adapted from “Global Overview,” appearing in The Privacy, Data Protection and Cybersecurity Law Review (7th Ed. Even the European Data Protection Board conceded that data protection measures, like the EU General Data Protection Regulation, “do not hinder measures taken in the fight against the coronavirus pandemic. Department of Commerce to facilitate data flows to the United States. Moreover, where the requested data concerns a non-U.S.

Data Protection: Where’s the Brexit Privacy Dividend?

Data Protector

One of the Government's core objectives throughout the Brexit negotiations has been to respect data protection rights, slash Brussels' red tape and allow the United Kingdom to be a competitive safe haven for businesses all over the world.

GDPR 156

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

eDiscovery Daily

While we were preparing to eat turkey and stuff ourselves with various goodies last week, the Cloud Security Alliance (CSA) provided an important guideline for compliance with the European Union General Data Protection Regulation (GDPR). Companies worldwide are struggling to keep pace with shifting regulations affecting personal data protection. With the introduction of GDPR, data protection compliance becomes increasingly risk-based.

GDPR 36

Cyber Blackmail: More Than Just Ransomware

The Texas Record

Ransomware, which is when a criminal encrypts an organization’s data and then demands payment before releasing the key required to reverse the encryption that is holding the victim’s data hostage, has made international headlines lately. While we have the current media favorite (ransomware), two other cyber blackmail data crimes are also running rampant: data theft (then used in exploitation), and sextortion. Ransomware Hits CDOT Computers.

Uber’s Response to Data Breach? Pay the Hackers to Keep Quiet About It: Cybersecurity Trends

eDiscovery Daily

Hackers stole the personal data of 57 million customers and drivers from Uber last year. Conceal the breach for more than a year, and pay the hackers $100,000 to delete the data (sure they did) and keep quiet about the breach. The personal information of about 7 million drivers was accessed as well, including some 600,000 U.S. No Social Security numbers, credit card information, trip location details or other data were taken, Uber said.

List of data breaches and cyber attacks in June 2021 – 9.8 million records breached

IT Governance

It’s simply the case that in the majority of cases, the breached organisation didn’t reveal how much data was compromised, either because it didn’t know or wasn’t obliged to reveal it publicly. Data breaches. Data breaches. Monthly Data Breaches and Cyber Attacks

Tending Your Garden: Why Information Governance Should be an Ongoing Process in Your Organization: eDiscovery Best Practices

eDiscovery Daily

Editor’s Note: Jim Gill’s writing about eDiscovery and Data Management has been twice recognized with JD Supra Reader’s Choice Awards and he holds an MFA in Creative Writing from Southern Illinois University, Carbondale. Jim’s post below highlights the importance of a strong information governance program and how creation of a data map can be a key component to that IG program. Does your organization have a data map that is periodically updated?

COVID-19 Interest Rates Present Mortgage Industry Challenges

InfoGoTo

There is no physical sharing of documents, and extra precautions must be taken to ensure any electronic document sharing is done securely, amongst a host of other challenges. Mortgage files contain sensitive personal data.

French Data Protection Authority Unveils Its Agenda for 2012

Hunton Privacy

On April 19, 2012, the French Data Protection Authority (the “CNIL”) issued a press release detailing its enforcement agenda for 2012. Scrutiny will focus on the data collection practices of both mobile operators and mobile application providers. The storage of health records using cloud computing solutions will be of particular interest.

Maura R. Grossman of the University of Waterloo: eDiscovery Trends 2018

eDiscovery Daily

Cheriton School of Computer Science at the University of Waterloo and principal of Maura Grossman Law. Previously, she was Of Counsel at Wachtell, Lipton, Rosen & Katz, where she pioneered the use of technology-assisted review (TAR) for electronic discovery. I think you have to consider how things might be done in a perfect world, and how they might be done in the real world we live in, which includes time, cost, and burden for ingesting and hosting large volumes of data.

2017 eDiscovery Case Law Year in Review, Part 3

eDiscovery Daily

Today, let’s take a look back at cases related to possession, custody and control, subpoena of cloud provider data, waiver of privilege and the first part of the cases relating to sanctions and spoliation. Just because you don’t physically have your hands on the data doesn’t mean you’re not responsible for it. Cloud Data is Within Defendant’s Possession, Custody and Control, Court Rules : In Williams v. SUBPOENA OF CLOUD PROVIDER DATA.

German DPAs Issue Joint Position Paper on Alternatives to Safe Harbor

Hunton Privacy

On October 26, 2015, the German federal and state data protection authorities (the “German DPAs”) published a joint position paper on Safe Harbor and potential alternatives for transfers of data to the U.S. To the extent that they become aware, the Position Paper indicates that the German DPAs will prohibit data transfers to the U.S. At this time, the Position Paper discloses that the German DPAs will not issue new approvals for data transfers to the U.S.

Data Breach Bills Clear Senate Judiciary Committee

Hunton Privacy

On September 22, 2011, the Senate Judiciary Committee approved three separate bills that would establish a national data breach notification standard. Because the bills were approved on a party-line vote, and several other data breach bills currently are under consideration by other Senate committees, the prospects for these three bills in the full Senate are uncertain. Federal Law Computer Fraud and Abuse Act Congress Federal Trade Commission Legislation Senate

Use cases of secure IoT deployment

Thales Cloud Protection & Licensing

In this article, we are going to present four use cases that demonstrate how businesses can secure devices, identities, data and software in their IoT deployments. The solution allows the manufacturer to create an innovative process that maintains data safety throughout every communication.

IoT 68

List of data breaches and cyber attacks in April 2021 – 1 billion records breached

IT Governance

Ransomware was again one of the biggest contributors to that total, accounting for almost one in three data breaches. In case you missed it, you may also be interested in our first quarterly review of data breaches and cyber attacks. Data breaches. Data breaches.

Police arrest two people over stealing sensitive data from defense giant

Security Affairs

Italian police arrested two people that have stolen 10 GB of confidental and alleged secret data from the defense company Leonardo S.p.A. According to the experts, the traffic was generated by an alleged implant used to exfiltrate the data.

Privacy and Innovation Combined in Information Governance

Everteam

European companies who have been more prudent in their use of personal data (though at the cost of innovation) have now seen their efforts rewarded in the form of increased levels of customer trust and regulatory compliance. Advancements in location-based services, facial recognition, biometrics, genome analysis, social data, cloud-based platforms, and others helped create a culture of sometimes intrusive innovation.

What is data loss and how does it work?

IT Governance

Data loss refers to the destruction of sensitive information. It’s a specific type of data breach, falling into the ‘availability’ category of data security (the other two categories being ‘confidentiality’ and ‘integrity’). What causes data loss? Computer viruses.

Why Shred?

Archive Document Data Storage

As well as a financial hit resulting from a data breach, your business’ reputation would also be damaged beyond repair in the eyes of your clients and stakeholders. It is more important than ever to ensure that your unwanted or duplicate data (both paper and electronic) is securely destroyed. To protect your business from a data breach, you must protect any data or media related to both clients and employees. Medical data. Personal data.

How To Protect Yourself From Hackers

Cyber Info Veritas

Their main aim is to exploit your “mistakes and vulnerabilities” to blackmail you into sending them money or they’ll leak your private data. If your data and online privacy are important to you, and it should be whether you use the internet for social media, shopping, making money online, or learning, read this article with keen interest and apply the various “hacker-resistant” strategies discussed herein.

Do you know the difference between cyber security and information security?

IT Governance

Information is at the heart of any organisation, whether it’s business records, personal data or intellectual property. You’re most likely to access data on your work computer or via paper records, but information can also be found on removable disks, laptops, servers, personal devices and a host of other places. The second is to make sure no one can access information electronically.

Could a Mobile App Help Contain COVID-19? Balancing Privacy Rights & Public Interest

AIIM

In one such approach, a multidisciplinary group of computer scientists, mathematicians, and epidemiologists at the Big Data Institute at Oxford University have developed a mathematical model instantiated in a mobile application that traces contact. National Electronic Health Records Database. Big Data Analytics. Privacy and Data Governance. As the COVID-19 pandemic continues to accelerate, there are some innovative efforts to minimize its impact.

Guest Blog: TalkingTrust. What’s driving the security of IoT?

Thales Cloud Protection & Licensing

Connectivity enables powerful, revenue-generating capabilities…from data telemetry and runtime analytics, to effectively predicting and maintenance requirements. Data privacy threats : man-in-the-middle attacks compromise transmission of personal data, vehicle location, travel history, etc.

Lisa Sotto Profiled in Crain’s New York Business on Breaches and Cyber Attacks

Hunton Privacy

Spearheading Superfund cases was rewarding, but she was intrigued by the then-nascent field of mopping up messes for companies whose computer networks have been compromised. Though computers have clearly made life better in lots of ways, more people than ever can crack into these electronic vaults and uncover personal data.”. On June 29, 2015, Lisa J.

Me on the Equifax Breach

Schneier on Security

Hearing on "Securing Consumers' Credit Data in the Age of Digital Commerce". Mister Chairman and Members of the Committee, thank you for the opportunity to testify today concerning the security of credit data. I have authored 13 books on these subjects, including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Norton, 2015). This was not a minor vulnerability; the computer press at the time called it "critical."

Weekly podcast: NCSC and Kaspersky, parliamentary passwords and macOS High Sierra (again)

IT Governance

In particular we are seeking verifiable measures to prevent the transfer of UK data to the Russian state.”. Dorries tweeted : “My staff log onto my computer on my desk with my login everyday. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!”. Because following security policies is something that only “geeky/tech/computer nerdy types” need to do, apparently.).

Weekly podcast: NHS upgrade, $242m Equifax loss and prison hacker jailed

IT Governance

This week, we discuss a new deal between the NHS and Microsoft, the financial cost of Equifax’s massive data breach, and a jail sentence for a hacker who altered prison records. Equifax’s huge data breach, which compromised the personal data of 147.9 Unsurprisingly, Equifax plans to spend heavily on IT and data security in the coming months.

The debate on the Data Protection Bill in the House of Lords

Data Protector

What follows below is an edited version of the debate in the House of Lords of the Second Reading of the Data Protection Bill, held on 10 October. Data is not just a resource for better marketing, better service and delivery. Data is used to build products themselves. It has become a cliché that data is the new oil. The new right to data portability—also a manifesto commitment—should bring significant economic benefits.

GDPR 120

FRANCE: NEW GUIDELINES FOR COOKIES AND AN ACTION PLAN FOR ONLINE TARGETED ADVERTISING

DLA Piper Privacy Matters

The French Data Protection Supervisory Authority (CNIL) has finally decided to replace its recommendations of 2013 which were no more compliant with the GDPR, by new guidelines. The CNIL’s new guidelines, adopted through a deliberation n°2019-093 of July 4th, 2019 , are based on Article 82 of the Data Protection Act (“Loi Informatique et Libertés”) implementing Article 5 (3) of EU directive “ePrivacy” , into French law.

The CNIL publishes new guidelines on cookies and other similar technologies

Data Protection Report

The rules apply to operations aimed at accessing, by electronic transmission, information already stored in the subscriber’s or user’s terminal or to store information in this equipment. The guidance also clarifies that the rules apply to commonly used devices such as smartphones, tablets, fixed or mobile computers, connected vehicles, games consoles, smart TVs or voice assistants where trackers are used. cookies allowing the detection of transmission errors or data loss); and.

Security and Privacy Implications of Zoom

Schneier on Security

Privacy first: Zoom spies on its users for personal profit. And it uses all of this surveillance data for profit, against your interests. Last month, Zoom's privacy policy contained this bit: Does Zoom sell Personal Data?

New French Law Authorizes the CNIL to Conduct Online Inspections

Hunton Privacy

The new law strengthens the investigative powers of the French Data Protection Authority (the “CNIL”) by giving the CNIL the ability to conduct online inspections. Currently, the CNIL may conduct three types of investigations: On-site inspections – the CNIL may visit a company’s facilities and access anything that stores personal data ( e.g. , servers, computers, applications). On March 18, 2014, a new French consumer law (Law No.

OPC reconsiders its approach to cross-border data transfers with the Equifax decision

Data Protection Report

In a significant recent decision, the Office of the Privacy Commissioner of Canada (OPC) altered the regulatory landscape when moving personal information between affiliated companies and across Canada’s border for data processing or storage purposes. the US parent company of Equifax Canada, announced an attacker had accessed the personal information of over 143 million individuals, including approximately 19,000 Canadians.