2017, Document, Privacy and Security - Information Management Today

The Week in Cyber Security and Data Privacy: 23–29 October 2023

IT Governance

OCTOBER 31, 2023

Thousands of drivers have sensitive data exposed to hackers in major IT breach Date of breach: Unclear, but breached documents date back to 2017. Incident details: A security vulnerability in a third party left personal data exposed of thousands of motorists who had their vehicle towed on behalf of the An Garda Síochána.

Data Privacy

Data Privacy Privacy Data breaches Security

The Burden of Privacy In Discovery

Data Matters

SEPTEMBER 29, 2021

With the proliferation of social media platforms and other new technologies has come a renewed legal focus on privacy. Could a party, for instance, decline to produce, review, or even collect certain types of data due to privacy concerns? But what about other contexts? In this essay, Robert D.

Privacy

Privacy e-Discovery Computer and Electronics e-Delivery

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

MARCH 9, 2023

While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years. ’s Companies House shows that in 2017 Mr. Zanko became an officer in a company called Godbex Solutions LTD.

Access

Access Passwords Sales Retail

The Belgian Constitutional Court annuls Data Retention Act

DLA Piper Privacy Matters

MAY 18, 2021

The Data Retention Act was created to address the annulment of article 126 of the Act of 13 June 2005 concerning electronic communication by the judgment of 11 June 2015 of the Constitutional Court. By interim judgment of 19 July 2018, the Constitutional Court referred a request for preliminary ruling to the CJEU.

Communications

Communications Privacy Personal data Security

Top 12 Cloud Security Best Practices for 2021

eSecurity Planet

SEPTEMBER 10, 2021

From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. In addition, 95 percent of survey respondents confirmed that they are extremely to moderately concerned about public cloud security. What is cloud security?

Cloud

Cloud Security Encryption Risk

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

SailPoint, which went public in November 2017, has grown to more than 1000 employees in 30 locations. The key security lesson is that an identity gets assigned to each and every RPA, creating fresh attack vectors. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Digital transformation

Digital transformation Insurance Compliance Healthcare

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

ARMA International

DECEMBER 26, 2019

Nineteen percent of RIM programs report into IT (up from 15% in 2017), and 28% into legal (up from 18.5% in 2017), with the remainder reporting into senior administrative roles, compliance, corporate services, or finance teams. In 2017, only 25% of respondents reported they had re-organized their programs.

Content services

Content services Cloud Records Management Privacy

Mark your calendars: Mandatory data-breach notification rules come into force November 1

Privacy and Cybersecurity Law

APRIL 4, 2018

After nearly three years, sections 10, 11, and 14, subsections 17(1) and (4) and sections 19 and 22 to 25 of the Digital Privacy Act, Chapter 32 will come into effect to amend the Personal Information Protection and Electronic Documents Act (PIPEDA). Stay tuned for further updates. …

Data breaches

Data breaches Compliance Privacy Government

NextMotion plastic surgery tech firm data leak

Security Affairs

FEBRUARY 15, 2020

Hundreds of thousands of documents containing photos and personal information belonging to patients of the plastic surgery technology company NextMotion have been exposed online through an unsecured Amazon Web Services (AWS) S3 bucket. . In October 2017, another incident affected plastic surgery patients. Pierluigi Paganini.

Access

Access Phishing Cloud Cybersecurity

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

Data Matters

JUNE 24, 2021

In September 2017, then-SEC Chairman Jay Clayton issued a public statement that provided an overview of the SEC’s approach to cybersecurity and underscored it as a priority for the SEC. The SEC is considering enhancing its disclosure rules concerning cybersecurity risk governance and has indicated a target release date of October 2021.

Cybersecurity

Cybersecurity Financial Services Risk Compliance

China Publishes Draft Measures for Security Assessments of Data Transfers

Hunton Privacy

APRIL 11, 2017

If an entity has a genuine need resulting from a business necessity to transmit critical data or personal information to a destination outside of China, it can do so provided it undergoes a “security assessment.”. The Draft provides further guidance on how the security assessments might be carried out.

Security

Security Cybersecurity Military Risk

U.S. Financial Regulators Clarify Oversight of AML/CFT Obligations in Connection With Digital Asset Activities

Data Matters

OCTOBER 16, 2019

On October 11, 2019, the leaders of the U.S. These obligations extend to activities related to digital assets, regardless of whether the digital assets are characterized as convertible virtual currency, securities, or commodities or derivatives. Background. The BSA applies to “financial institutions.”

Compliance

Compliance Marketing Privacy Security

FTC Posts Fourth Blog in Its “Stick with Security” Series

Hunton Privacy

AUGUST 11, 2017

On August 11, 2017, the FTC published the fourth blog post in its “Stick with Security” series. As we previously reported , the FTC will publish an entry every Friday for the next few months focusing on each of the 10 principles outlined in its Start with Security Guide for Businesses. Storing passwords securely.

Passwords

Passwords IT Security Authentication

Irish DPA Issues €450,000 Fine Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

Hunton Privacy

DECEMBER 17, 2020

Twitter estimated that 88,726 Twitter users in Europe were affected between September 5, 2017 and January 11, 2019. The alleged failures identified by the DPC were Twitter’s infringement of Articles 33(1) and (5) of the GDPR, which pertain to data breach notification and documentation.

GDPR

GDPR Data breaches Personal data Compliance

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Data Matters

AUGUST 19, 2020

2 Because First American’s violations included the exposure of millions of documents containing nonpublic information (NPI), the total penalty potentially could be substantial. Public access to these documents was caused by an application software vulnerability that was initially introduced in May 2014. e) and 500.01(g),

Financial Services

Financial Services Cybersecurity Insurance Risk

Scrutinizing the draft Investigatory Powers Bill

Data Protector

FEBRUARY 11, 2016

The measure, complete with a guide to its powers and safeguards, was published as a 296-page document on 4 November. The committee of 11 MPs had received 50 written submissions, held 2 public hearings during which witnesses gave evidence, and published a 38-page report making 14 recommendations on 30 th January.

Communications

Communications Government Privacy Encryption

CNIL Publishes DPIA Guidelines and List of Processing Operations Subject To DPIA

Hunton Privacy

NOVEMBER 9, 2018

The Guidelines aim to complement guidelines on DPIA adopted by the Article 29 Working Party on October 4, 2017, and endorsed by the European Data Protection Board (“EDPB”) on May 25, 2018. This corresponds to the three-year period mentioned in the draft guidelines on DPIAs adopted by the Article 29 Working Party on April 4, 2017.

GDPR

GDPR Risk IT Compliance

List of data breaches and cyber attacks in October 2019 – 421 million records breached

IT Governance

OCTOBER 31, 2019

In a month where security experts across Europe were boosting awareness of cyber security , organisations had mixed results in their own data protection practices. IN-based Goshen Health leans that 2018 data security incident did need to be reported (9,160). ND-based St. Data breaches.

Data breaches

Data breaches Ransomware Phishing Retail

Part 3: OMG! Not another digital transformation article! Is it about effecting risk management and change management?

ARMA International

SEPTEMBER 27, 2021

This part also discusses managing CS risks such as ransomware, privacy, change management, and user adoption. Commissioned by organizers to predict worst-case scenarios for the Munich games, [Georg] Sieber came up with a range of possibilities, from explosions to plane crashes, for which security teams should be prepared. Introduction.

Digital transformation

Digital transformation Risk IT Computer and Electronics

Weekly podcast: Exactis, BetVictor, Ticketmaster, and GDPR complaints

IT Governance

JUNE 29, 2018

According to Wired.com , the security researcher Vinny Troia discovered the database earlier this month via Shodan – the search engine that indexes Internet-connected devices such as servers and routers. Of the 19 username and password combinations Hogben discovered, 11 passwords featured in Troy Hunt’s Pwned Passwords dataset.

GDPR

GDPR Passwords Data breaches Access

Legacy Open Data Sets Now Available

Archives Blogs

NOVEMBER 30, 2017

opendata , accessed 2017-11-24. To download the data package, click on the document icon at the top of the description. Click the document to download the data. Part of the City’s response to the motion was the launch of the Open Data website in September 2009. The City’s Open Data Catalogue at vancouver.ca/opendata

Archiving

Archiving Access Privacy Security

U.S. Office of the Comptroller of the Currency Updates Third-Party Relationships Risk Management Guidance

Data Matters

MARCH 23, 2020

On March 5, 2020, the Office of the Comptroller of the Currency (OCC) issued an updated set of answers to frequently asked questions (FAQs) 1 regarding risk management in national bank relationships with third parties to further supplement its 2013 guidance, OCC Bulletin 2013-29 (the Bulletin), 2 and its 2017 FAQs (Prior FAQs) on the topic.

Risk

Risk Cloud Compliance Marketing

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

Navigating Interactions Between Investment Advisers and Their Portfolio Companies: Risks and Best Practices

Data Matters

JUNE 11, 2020

Securities and Exchange Commission’s (the SEC) examination and enforcement programs. DO ensure that documentation of steps taken to confirm that relevant parties are not in possession of MNPI is substantive and consistent. 11-cv-0753 (JSR) (S.D.N.Y. 15, 2017), [link]. Cuban, No. 08-cv-2050 (N.D. 17, 2008), [link].

Risk

Risk Compliance Access IT

CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report

Hunton Privacy

APRIL 30, 2019

percent compared to the number of complaints in 2017). Overall, only 11 sanctions were imposed by the CNIL’s Restricted Committee in 2018, including 10 fines. The CNIL explained that it did not punish the companies for the incident itself, but for lack of adequate security measures, which made the incident possible.

GDPR

GDPR Personal data Data breaches Marketing

EUROPE: Article 29 Working Party publish draft Guidelines on Consent

DLA Piper Privacy Matters

DECEMBER 13, 2017

On 12 December 2017, the Article 29 Working Party (WP29) published draft Guidelines on Consent under the General Data Protection Regulation (GDPR). In the UK, they may be read alongside the separate draft GDPR consent guidance issued by the UK Information Commissioner’s Office (ICO) in March 2017. Elements of Valid Consent.

GDPR

GDPR Personal data Retail Data collection

Key takeaways for the private sector from The Bridges v South Wales police facial recognition case

Data Protection Report

AUGUST 27, 2020

On 11 August 2020, the Court of Appeal ( CA ) handed down its judgement in the case of R (on the application of Edward BRIDGES) v The Chief Constable of South Wales Police. The claim concerned the lawfulness of AFT that had been deployed by SWP on around 50 occasions between May 2017 and May 2019.

Risk

Risk Retail IT GDPR

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

DLA Piper Privacy Matters

NOVEMBER 24, 2020

million Euro fine issued by the German Federal Commissioner for Data Protection and Freedom of Information ( Bundesbeauftragter für den Datenschutz und die Informationsfreiheit – ‘BfDI’) in connection with an alleged infringement of the security of processing under Article 32 (1) GDPR ( not Article 5 (1) (f) GDPR).

GDPR

GDPR Authentication Compliance Personal data

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

HL Chronicle of Data Protection

MAY 13, 2019

Of particular concern to state-level policymakers and enforcement authorities are business practices that in their view may contribute to security incidents. The insurance industry has not been immune from such scrutiny, and the imposition of business practice requirements intended to enhance cybersecurity sector-wide.

Insurance

Insurance Cybersecurity Data breaches Financial Services

2019 end-of-year review part 1: January to June

IT Governance

DECEMBER 27, 2019

IT Governance is closing out the year by rounding up 2019’s biggest information security stories. Victims of Equifax’s 2017 data breach were given the go-ahead to launch a class-action lawsuit. Countless office workers were forced to get back to their jobs after Reddit suspended a host of accounts in light of security concerns.

Data breaches

Data breaches GDPR Passwords Personal data

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

Data Matters

JANUARY 24, 2020

Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) and the Financial Industry Regulatory Authority (FINRA) recently published their examination priorities (together, the Examination Priorities) for the 2020 calendar year.

Cybersecurity

Cybersecurity Retail Compliance Marketing

SEC and FINRA Issue 2020 Examination Priorities for Broker-Dealers and Investment Advisers

Data Matters

FEBRUARY 20, 2020

Securities and Exchange Commission’s (SEC) Office of Compliance Inspections and Examinations (OCIE) and the Financial Industry Regulatory Authority (FINRA) recently published their examination priorities (together, the Examination Priorities) for the 2020 calendar year. Retail-Targeted Investments.

Retail

Retail Compliance Marketing Risk

The debate on the Data Protection Bill in the House of Lords

Data Protector

OCTOBER 11, 2017

Noble Lords will be familiar with the role of the Information Commissioner, whose role is to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. How then will we secure adequacy without adhering to the charter? I think we can all say “Hear, hear” to that.

GDPR

GDPR Personal data Government IT

Wednesday LTNY 2018 Sessions: eDiscovery Trends

eDiscovery Daily

JANUARY 30, 2018

be interviewing several industry thought leaders to see what they think are the significant trends for 2017 and, which of those are evident at LTNY. How to manage consumers’ expectations on privacy with these new ESI sources. How to leverage data security practices to ensure appropriate protection of personal data under the GDPR.

e-Discovery

e-Discovery Artificial Intelligence GDPR Education

Regulatory Update: NAIC Spring 2019 National Meeting

Data Matters

MAY 9, 2019

state regulators risk federal preemption of state law unless they adopt such reinsurance collateral reforms within 60 months from September 2017 – the date the Covered Agreement with the European Union (EU) was signed. Securities and Exchange Commission’s expected adoption of “Regulation Best Interest” in September 2019.

Insurance

Insurance Blockchain Big data Risk

I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download

Troy Hunt

FEBRUARY 21, 2018

So 6 months ago I launched the service and today, I'm pleased to launch version 2 with more passwords, more features and something I'm particularly excited about - more privacy. 11 of the 15 sites I referred to had a minimum length of 6 chars or less. pic.twitter.com/70kki5Uw7o — Troy Hunt (@troyhunt) August 15, 2017.

Passwords

Passwords Data breaches IT Search queries

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

Luckily for cybersecurity startups, there’s no shortage of interest in tomorrow’s next big security vendors. billion in 2021, and growing concerns over data security , software supply chains , and ransomware suggest the market will remain strong through economic ups and downs. How Do VC Firms Work? AllegisCyber Investments.

Cybersecurity

Cybersecurity Cloud Marketing Security

DHS and FBI – Hackers Are Targeting US Nuclear, Energy, and Manufacturing Facilities

Privacy and Cybersecurity Law

JULY 11, 2017

According to a new joint report issued by the US Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI), hackers have been penetrating the computer networks of companies that operate nuclear power stations, energy facilities, and manufacturing plants in the US since May 2017. …

Manufacturing

Manufacturing Energy and Utilities Cybersecurity Access

The Week in Cyber Security and Data Privacy: 23–29 October 2023

The Burden of Privacy In Discovery

Trending Sources

Who’s Behind the NetWire Remote Access Trojan?

The Belgian Constitutional Court annuls Data Retention Act

Top 12 Cloud Security Best Practices for 2021

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

Mark your calendars: Mandatory data-breach notification rules come into force November 1

NextMotion plastic surgery tech firm data leak

SEC Announces Settled Charges Against First American for Cybersecurity Disclosure Controls Failures – Lessons Learned

China Publishes Draft Measures for Security Assessments of Data Transfers

U.S. Financial Regulators Clarify Oversight of AML/CFT Obligations in Connection With Digital Asset Activities

FTC Posts Fourth Blog in Its “Stick with Security” Series

Irish DPA Issues €450,000 Fine Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

Historic Charges: First Enforcement Action Filed by New York Department of Financial Services Under Cybersecurity Regulation

Scrutinizing the draft Investigatory Powers Bill

CNIL Publishes DPIA Guidelines and List of Processing Operations Subject To DPIA

List of data breaches and cyber attacks in October 2019 – 421 million records breached

Part 3: OMG! Not another digital transformation article! Is it about effecting risk management and change management?

Weekly podcast: Exactis, BetVictor, Ticketmaster, and GDPR complaints

Legacy Open Data Sets Now Available

U.S. Office of the Comptroller of the Currency Updates Third-Party Relationships Risk Management Guidance

GDPR – The Year in Review

Navigating Interactions Between Investment Advisers and Their Portfolio Companies: Risks and Best Practices

CNIL Unveils 2019 Inspection Program and 2018 Annual Activity Report

EUROPE: Article 29 Working Party publish draft Guidelines on Consent

Key takeaways for the private sector from The Bridges v South Wales police facial recognition case

Germany: Bonn Regional Court overrules GDPR Fining Guidelines by German Data Protection Authorities

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

2019 end-of-year review part 1: January to June

SEC and FINRA Issue 2020 Examination Priorities (Including Cybersecurity) for Broker-Dealers and Investment Advisers

SEC and FINRA Issue 2020 Examination Priorities for Broker-Dealers and Investment Advisers

The debate on the Data Protection Bill in the House of Lords

Wednesday LTNY 2018 Sessions: eDiscovery Trends

Regulatory Update: NAIC Spring 2019 National Meeting

I've Just Launched "Pwned Passwords" V2 With Half a Billion Passwords for Download

Top VC Firms in Cybersecurity of 2022

DHS and FBI – Hackers Are Targeting US Nuclear, Energy, and Manufacturing Facilities

Stay Connected