Data breaches, Examples, Exercises and Government

Free resources to help you prevent and respond to data breaches

IT Governance

SEPTEMBER 20, 2018

With stories of data breaches appearing daily, many organisations will be wondering when their time will come. This blog outlines some of the free resources IT Governance offers to help organisations prevent, prepare for and respond to data breaches. This means ensuring you have a plan for responding to breaches.

Data breaches

Data breaches GDPR Security awareness Paper

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

The Last Watchdog

AUGUST 23, 2021

Inconsistent data regulations. Countries have different data security laws, and these can get in the way of one another. For example, suppose you have workers in the EU. In that case, you must abide by the General Data Protection Regulation (GDPR), which imposes fines on some activities that are perfectly legal in the U.S.

Communications

Communications Cybersecurity GDPR Risk

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Data Protection Report

JUNE 22, 2022

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill. The Department for Culture, Media and Sport (DCMS) has finally published the UK government’s long-awaited response to the consultation on the future of the UK data protection regime.

GDPR

GDPR Government Personal data Risk

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

Important Changes to the Singapore Data Privacy Regime

Data Matters

NOVEMBER 16, 2020

The changes become law once a government gazette is passed (possibly before the end of 2020). If you operate in Singapore, handle Singapore data, or maintain a server in Singapore, it is crucial that you have protocols in place to guide employees on what to do when a data breach occurs and consider doing a data breach tabletop exercise. (We

Data Privacy

Data Privacy Privacy Data breaches Personal data

Ransomware – To Pay, or Not to Pay?

Thales Cloud Protection & Licensing

JUNE 14, 2022

However, with many cyber-gangs pivoting to the theft of the data and extorting the victim with threat of release of that sensitive data, paying a ransom no longer minimizes the risk of future extortion. And perhaps most importantly, ensure that all those plans are exercised and tested on a regular basis. Data Security.

Ransomware

Ransomware Government Risk Data breaches

UAE: Federal level data protection law enacted

DLA Piper Privacy Matters

DECEMBER 3, 2021

However, businesses that are not used to compliance with laws like the GDPR may find some of the new obligations challenging, for example, the PDPL introduces rights for individuals to access; rectify; correct; delete; restrict processing; request cessation of processing or transfer of data; and object to automated processing.

Personal data

Personal data Data breaches GDPR Compliance

The Evolving Cybersecurity Threats to Critical National Infrastructure

Thales Cloud Protection & Licensing

OCTOBER 23, 2023

The Evolving Cybersecurity Threats to Critical National Infrastructure andrew.gertz@t… Mon, 10/23/2023 - 14:07 Cyberattacks on critical vital infrastructure can have disastrous results, forcing governments and regulatory bodies to pay close attention to intensifying the efforts to safeguard these industries. And only a mere 2.6%

Energy and Utilities

Energy and Utilities Cybersecurity Ransomware Authentication

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The GDPR applies to any organization that processes the personal data of European residents, regardless of where that organization is based. Inventory personal data While the GDPR does not explicitly require a data inventory, many organizations start here for two reasons.

GDPR

GDPR Compliance Personal data Privacy

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. Schools, hospitals and government agencies all fall under GDPR authority.

GDPR

GDPR Compliance Personal data Privacy

CIPL Submits Response to DCMS Consultation on Representative Actions

Hunton Privacy

NOVEMBER 5, 2020

On October 22, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response to the UK Department for Digital, Culture, Media and Sport (“DCMS”) call for views and evidence on its review of representative actions under Section 189 of the Data Protection Act 2018 (“DPA”).

Compliance

Compliance Data breaches Personal data Marketing

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

Data Matters

JULY 8, 2019

Ensuring that a company is properly prepared for and responds to privacy and cyber security threats is a key corporate governance responsibility for directors and senior officers. Maintain an asset inventory of key information and data systems to assess how the business can be impacted by cyber threats.

GDPR

GDPR Privacy Data breaches Risk

2022 Cyber Security Review of the Year

IT Governance

DECEMBER 20, 2022

Cyber criminals continued to wreak havoc, with the likes of Twitter , Uber and Neopets all reporting mammoth data breaches. In total, we have so far reported more than 1,000 data breaches in 2022, with almost half a billion breached records. Did anyone purchase the apparently stolen data?

Security

Security Data breaches Ransomware Military

5 Steps to build an enterprise data protection framework

Collibra

JANUARY 14, 2021

In this blog post, we’ll outline the steps it takes to get an enterprise data protection program going by leveraging core data governance principles. These guidelines will form the base for a data protection framework that is ready to support the concept of Crown Jewels, GDPR and more. Identify business data owners.

Compliance

Compliance Government Risk Privacy

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The DPO must be invited to strategic meetings and requested to provide advice on all processing where his/her intervention or presence must be systematic, notably in case of evolution of processing, conduct of a data protection impact assessment(“DPIA”), revision of existing privacy policies or drafting of new policies, data breaches etc.

GDPR

GDPR Compliance Personal data Communications

Why your DPO needs specialised training

IT Governance

MAY 7, 2019

It’s only through practical exercises that DPOs can learn to bridge that gap. Arguably the trickiest part of being a DPO is liaising with employees on the organisation’s data protection practices. DPOs play a crucial role in the data breach response process. They need to learn how to be independent advisors.

GDPR

GDPR Data breaches Compliance Privacy

Update of Japan’s Privacy Law Approved by Cabinet

HL Chronicle of Data Protection

MARCH 31, 2020

The reported goals of the bill include, for example: (i) broadening data subjects’ powers to exercise control over their data; and (ii) to establish a system to facilitate corporation’s internal use of “big data.” This may apply to, for example, data collected through Internet cookies.

Privacy

Privacy Personal data Big data Data collection

When And How Cos. Should Address Cyber Legal Compliance

Data Matters

OCTOBER 30, 2017

When a company experiences a major data breach or hacking incident, media attention turns to speculation or allegations about the company’s past history of underinvesting in cyber defenses, its supposed culture of cyber complacency, or its history of unaddressed (but, in retrospect, allegedly clear) vulnerabilities. 1] The U.S.

Compliance

Compliance Cybersecurity Risk Government

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

For example, under GDPR data subjects and/or regulators may now pursue direct remedies against data processors in the event of infringement of obligations, whereas such remedies did not exist under the prior data privacy regulation. Want more information?

GDPR

GDPR Compliance Privacy Data Privacy

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. Be one step ahead.

Privacy

Privacy GDPR Data breaches Risk

CHINA: important new developments in PRC data privacy regulations

DLA Piper Privacy Matters

OCTOBER 31, 2019

Promotion of online mechanisms for users to exercise data subject rights (deletion, de-registration, access, correction, revoke consent etc.). Clarity that data controllers are liable for their data processors’ acts and omissions. Clearer data breach notification procedures and requirements.

Data Privacy

Data Privacy Privacy Data collection Data breaches

5 best online cyber security training courses and certifications in 2020

IT Governance

APRIL 20, 2020

This one-day course is designed and run by real-world practitioners, who help you gain an understanding of risks through practical exercises, group discussions and case studies. Although it’s no longer making as many headlines, the GDPR (General Data Protection Regulation) remains an essential part of organisations’ security practices.

Security

Security GDPR Phishing Data breaches

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

It was also the first to enact data breach notification legislation, which all other states have now followed. Publicly available” is narrowly defined in AB 375 to mean essentially only records of federal, state or local government that is used in a manner compatible with the purpose for which the records are maintained.

GDPR

GDPR Privacy Sales Data breaches

Navigating China: The digital journey

DLA Piper Privacy Matters

NOVEMBER 5, 2019

Promotion of online mechanisms for users to exercise data subject rights (deletion, de-registration, access, correction, revoke consent etc.). Clarity that data controllers are liable for their data processors’ acts and omissions. Clearer data breach notification procedures and requirements.

Data collection

Data collection Data breaches Privacy Information Security

Expert Insight: Cliff Martin

IT Governance

NOVEMBER 28, 2023

For more details on the first core requirement, risk management, see our interview with Andrew Pattison, head of GRC [governance, risk and compliance] consultancy Europe, from two weeks ago. For DDoS [distributed denial-of-service] attacks, for example, it faced over 30% of attacks, making it the second-most attacked sector.

Risk

Risk Compliance Government Security

Driving GDPR Compliance

Collibra

FEBRUARY 25, 2021

The General Data Protection Regulation (GDPR) mandates businesses to make provisions for EU citizens to exercise their right to access and control their personal data, including the export of personal data outside the EU. GDPR adds more granular and secure data governance requirements. Conclusion.

GDPR

GDPR Compliance Personal data Data Privacy

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

Step 1: Appointing a Data Protection Officer (“DPO”) or “Pilot”. The CNIL’s methodology first stresses the need for organizations to appoint a leader to pilot governance of data protection within their structure. verifying the data security measures implemented. internal procedures in the event of a data breach.

GDPR

GDPR Personal data Compliance Privacy

10 key areas to identify gaps in your GDPR compliance

IT Governance

APRIL 12, 2018

The newly updated EU GDPR Compliance Gap Assessment Tool identifies ten key areas that your organisation should analyse to establish its current stance against the requirements: Governance – awareness of the leadership team, management and functional management. For example, do you have a GDPR project team?

GDPR

GDPR Compliance Personal data Risk

Saudi Arabia’s New Data Protection Law – What you need to know

DLA Piper Privacy Matters

OCTOBER 7, 2021

The Middle East’s data protection regulatory landscape is complex, and continues to develop with Saudi Arabia’s ( KSA ) newly published Personal Data Protection Law ( PDPL ). While the PDPL contains the main features of a modern data protection law, it cannot be considered a direct analogue of the GDPR.

Personal data

Personal data Compliance Computer and Electronics IoT

California Enacts Broad Privacy Protections Modeled on GDPR

Data Matters

JUNE 29, 2018

It was also the first to enact data breach notification legislation, which all other states have now followed. Publicly available” is narrowly defined in AB 375 to mean essentially only records of federal, state or local government that is used in a manner compatible with the purpose for which the records are maintained.

GDPR

GDPR Privacy Sales Data breaches

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

For example, in the Enron financial fraud, executives and board members claimed ignorance or that they could not understand the financial maneuvering of Enron’s CFO (chief financial officer). See the top Governance, Risk & Compliance (GRC) tools. SOX: Consequences. Proposed SEC Security Changes. In fact, the U.S.

Cybersecurity

Cybersecurity Compliance Risk Communications

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

The New York State Department for Financial Services regulations require covered entities to have appropriate record retention policies and procedures and the CCPA provides an extra incentive to implement proper information governance to minimise the costs data access requests. Be one step ahead.

Privacy

Privacy GDPR Data breaches Risk

Organisations ignore cyber security staff training in favour of unnecessary technological solutions

IT Governance

NOVEMBER 21, 2019

For example, layering one anti-malware solution on top of another will not make an organisation significantly more secure. Now it seems that management are all too aware of the financial effects of data breaches and are willing to invest heavily. But there’s only so much technology can do. Join our Rewards Club.

Security

Security Information Security Government Security awareness

Takeaways From CCPA Public Forums

Data Matters

FEBRUARY 12, 2019

Establishing rules and procedures governing requests from consumers to opt-out of the sale of personal information, including through the development and use of a recognizable and uniform opt-out logo or button by all businesses to promote consumer awareness of the opportunity to opt-out. Rules for Opt-Out of Sale.

Sales

Sales Privacy Data Privacy Compliance

Preparing for GDPR: Less than 80 working days to go

CGI

FEBRUARY 28, 2018

One of the new challenges imposed by GDPR is the mandatory obligation on data controllers to report a data breach within 72 hours of first becoming aware of the breach. Crucially, it should be clear about governance – who is responsible for what, who has authority to make certain decisions, and so on.

GDPR

GDPR Data breaches Personal data Risk

How to comply with Article 30 of the GDPR

IT Governance

JUNE 21, 2018

If any personal data is unaccounted for, you are not only at risk of a data breach but are also non-compliant with Article 30 of the GDPR. But data flow maps are about more than being organised and efficient. Where to begin with a data flow map? hard copy forms, online data entry, database). Formats (e.g.

GDPR

GDPR Personal data Risk Cloud

The Impact of Data Protection Laws on Your Records Retention Schedule

ARMA International

APRIL 18, 2022

The purpose of this article is to remove the fear and intimidation of domestic and global data protection laws and show how these laws and requirements are consistent with the existing objectives of your records retention schedule and information governance policy. Definition and Purpose of a Records Retention Schedule.

Personal data

Personal data GDPR Privacy Records Management

California Consumer Privacy Act: The Challenge Ahead – CCPA and Employee Data

HL Chronicle of Data Protection

OCTOBER 26, 2018

For example, organizations are to satisfy the core notice obligations by posting the notice on their public-facing website. The provision does not address workplace-related anti-discrimination activities based on the exercise of CCPA rights. In addition, various provisions appear to not fit employment relationships.

Privacy

Privacy Sales Compliance Personal data

Singapore proposes changes to cybersecurity and data protection regimes

Data Protection Report

SEPTEMBER 25, 2017

In a bid to keep pace with advancements in the technological landscape, the Singapore Government has in recent months embarked on public consultations on its draft Cybersecurity Bill (the Cyber Bill) and its proposed amendments to Singapore’s Personal Data Protection Act (PDPA) to update the country’s data protection regime.

Cybersecurity

Cybersecurity Data breaches Personal data Compliance

Thailand Personal Data Protection Law

Data Protection Report

FEBRUARY 28, 2020

The Personal Data Protection Act B.E. 2562 (2019) ( PDPA ) was published on 27 May 2019 in Thailand’s Government Gazette and became effective the following day. 6) where it is necessary to comply with any laws to which the data controller is subject. Breach Notification. Background. Penalties.

Personal data

Personal data Compliance Privacy Access

The Results Are in: Modest Changes to CCPA Await the Governor’s Signature

HL Chronicle of Data Protection

SEPTEMBER 25, 2019

The temporary delay of full CCPA applicability was inserted to encourage the legislature to consider an employee privacy bill in 2020, not to exclude employee data from California privacy law entirely. AB-874 clarifies that deidentified and aggregate data are not within the definition of personal information.

Sales

Sales Communications Data breaches Compliance

Secure together: protecting your mental health during the COVID-19 pandemic

IT Governance

APRIL 1, 2020

Many people will be more attuned than ever to the risks of data breaches during the COVID-19 pandemic, either because of warnings in blogs such as ours, or because they are starting to dip their toes into the world of online services as an alternative to real-world, physical interactions.

Security

Security Data breaches Risk Passwords

Council of the European Union Proposes Risk-Based Approach to Compliance Obligations

Hunton Privacy

OCTOBER 29, 2014

This proposal was led by the current Italian Presidency and the revisions reflect input from representatives of the national governments of the EU Member States. The obligation to report data breaches (in Articles 31 and 32) extends only to those breaches that are “likely to result in a high risk for the rights and freedoms of individuals.”

Compliance

Compliance Risk Data breaches Encryption

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

HL Chronicle of Data Protection

JUNE 17, 2019

On 6 June, 2019, the Privacy Commissioner for Personal Data (the “ PCPD “) issued an enforcement notice against Cathay Pacific Airways (and its affiliate Hong Kong Dragon Airlines) (together, “ Cathay Pacific “) in respect of a data breach concerning unauthorized access to the personal data of some 9.4

Personal data

Personal data Data breaches Security Compliance

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

The CCPA governs how businesses treat “consumer” “personal information.” This page will enable consumers to exercise the right to opt-out of the sale of their personal information. Businesses will be prohibited from discriminating against any consumer for exercising their rights under the new law. What Is Covered?

Privacy

Privacy Sales Compliance Cybersecurity

Free resources to help you prevent and respond to data breaches

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

Webinars

Trending Sources

UK GDPR Reform: government publishes response to consultation – likely to form basis of forthcoming UK Data Reform Bill

Webinars

Important Changes to the Singapore Data Privacy Regime

Ransomware – To Pay, or Not to Pay?

UAE: Federal level data protection law enacted

The Evolving Cybersecurity Threats to Critical National Infrastructure

How to implement the General Data Protection Regulation (GDPR)

GDPR compliance checklist

CIPL Submits Response to DCMS Consultation on Representative Actions

UK ICO issues largest ever GDPR privacy fine of £183m ($228m)

2022 Cyber Security Review of the Year

5 Steps to build an enterprise data protection framework

France: The CNIL publishes a practical guide on Data Protection Officers

Why your DPO needs specialised training

Update of Japan’s Privacy Law Approved by Cabinet

When And How Cos. Should Address Cyber Legal Compliance

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

The Privacy Officers’ New Year’s Resolutions

CHINA: important new developments in PRC data privacy regulations

5 best online cyber security training courses and certifications in 2020

California Enacts Broad Privacy Laws Modeled on GDPR

Navigating China: The digital journey

Expert Insight: Cliff Martin

Driving GDPR Compliance

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

10 key areas to identify gaps in your GDPR compliance

Saudi Arabia’s New Data Protection Law – What you need to know

California Enacts Broad Privacy Protections Modeled on GDPR

New SEC Cybersecurity Rules Could Affect Private Companies Too

The Privacy Officers’ New Year’s Resolutions

Organisations ignore cyber security staff training in favour of unnecessary technological solutions

Takeaways From CCPA Public Forums

Preparing for GDPR: Less than 80 working days to go

How to comply with Article 30 of the GDPR

The Impact of Data Protection Laws on Your Records Retention Schedule

California Consumer Privacy Act: The Challenge Ahead – CCPA and Employee Data

Singapore proposes changes to cybersecurity and data protection regimes

Thailand Personal Data Protection Law

The Results Are in: Modest Changes to CCPA Await the Governor’s Signature

Secure together: protecting your mental health during the COVID-19 pandemic

Council of the European Union Proposes Risk-Based Approach to Compliance Obligations

The Cathay Pacific Breach: Is Data Protection and Cyber Security Law in Hong Kong About to Receive an Upgrade?

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Stay Connected