Document, Privacy and Security - Information Management Today

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

New Jersey Becomes 14th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

JANUARY 19, 2024

On January 16, 2024, Governor Phil Murphy signed into law Bill 332 , making New Jersey the 14 th state with a comprehensive state privacy law. In line with the CCPA and other state privacy laws, the New Jersey law broadly defines “sale” as the disclosure of personal data to a third party for “monetary or other valuable consideration.”

Privacy

Privacy Personal data Sales Risk

Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law

Hunton Privacy

JULY 20, 2023

On June 30, 2023, the Delaware House of Representatives passed the Delaware Personal Data Privacy Act ( H.B. state to enact comprehensive privacy legislation. 154 ) (the “DPDPA”), a day after the Delaware Senate passed the legislation. The DPDPA heads to Governor John Carney for a final signature. This could make Delaware the 13th U.S.

Privacy

Privacy Personal data Sales Risk

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

NYSE:FAF ] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.

Insurance

Insurance Risk Financial Services Mining

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Think: an online retailer that stores customers’ email addresses to send order updates. Special category data includes biometrics, health records, race, ethnicity, and other highly personal information.

GDPR

GDPR Compliance Personal data Privacy

How Companies Need to Treat User Data and Manage Their Partners

Security Affairs

MAY 12, 2021

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers. Vendor Assessment Process. Data Protection.

GDPR

GDPR Privacy Personal data Data breaches

Online Trust Alliance Releases Privacy and Data Security Framework for Internet of Things

Hunton Privacy

AUGUST 21, 2015

On August 11, 2015, the Online Trust Alliance, a nonprofit group whose goal is to increase online trust and promote the vitality of the Internet, released a framework (the “Framework”) for best practices in privacy and data security for the Internet of Things.

Privacy

Privacy Security Encryption Cloud

List of Data Breaches and Cyber Attacks – May 2023

IT Governance

JUNE 1, 2023

IT Governance found 98 publicly disclosed security incidents in May 2023, accounting for 98,226,877 breached records. You can find the full list below, divided into four categories: cyber attacks, ransomware, data breaches, and malicious insiders and miscellaneous incidents. million) Apria Healthcare suffers security breach (1.8

Data breaches

Data breaches Ransomware Insurance Personal data

Belgian Privacy Commission Issues Priorities and Thematic Dossier to Prepare for GDPR

Hunton Privacy

SEPTEMBER 21, 2016

On September 16, 2016, the Belgian Data Protection Authority (the “Privacy Commission”) published a 13-step guidance document (in French and Dutch ) to help organizations prepare for the EU General Data Protection Regulation (“GDPR”). The 13 steps recommended by the Privacy Commission are summarized below. Privacy Notice.

GDPR

GDPR Privacy Personal data Data breaches

CCPA In-Depth Series: Draft Attorney General Regulations on Verification, Children’s Privacy and Non-Discrimination

Data Matters

OCTOBER 24, 2019

Today we look at verification, children’s privacy and the non-discrimination provisions. In the summer of 2018, the California Legislature drafted and passed the California Consumer Privacy Act (CCPA) in record time. DETAILED ANALYSIS ON VERIFICATION, CHILDREN’S PRIVACY AND NON-DISCRIMINATION. INTRO AND BACKGROUND.

Privacy

Privacy Sales Passwords Authentication

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

Data Matters

OCTOBER 22, 2019

In the summer of 2018, the California Legislature drafted and passed the California Consumer Privacy Act (CCPA) in record time. Businesses, consumer advocates, and privacy watchers thus have been eagerly waiting for over a year for the Attorney General to propose the regulations the CCPA requires him to promulgate.

Privacy

Privacy Sales Paper Compliance

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

Data Matters

APRIL 10, 2020

While the world seems to have ground to a halt in so many ways, time still marches on, and along with it, the California Consumer Privacy Act (“CCPA”) enforcement date (July 1, 2020) inches ever closer. Restoration of privacy policy disclosures (§ 999.308). Guidance on user-enabled global privacy controls (§ 999.315).

Privacy

Privacy Sales Insurance Compliance

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

NOVEMBER 29, 2021

The DPO must be invited to strategic meetings and requested to provide advice on all processing where his/her intervention or presence must be systematic, notably in case of evolution of processing, conduct of a data protection impact assessment(“DPIA”), revision of existing privacy policies or drafting of new policies, data breaches etc.

GDPR

GDPR Compliance Personal data Communications

UK Information Commissioner’s Office Publishes Final Guidance On Employee Monitoring

Data Protection Report

OCTOBER 12, 2023

Where looking to deploy monitoring of remote workers in their homes, employers should take into account that workers have a greater expectation of privacy at home than in the office. Where more than one lawful basis might apply, organisations should identify and document them from the start.

GDPR

GDPR Mining Risk Privacy

Canadian Privacy Commissioner Issues Report on Children’s Educational Apps

Hunton Privacy

NOVEMBER 3, 2017

Recently, the Office of the Privacy Commissioner of Canada (“OPC”) issued its 2017 Global Privacy Enforcement Network Sweep results (the “Report”), which focused on certain privacy practices of online educational tools and services targeted at classrooms.

Education

Education Privacy Access IT

Do I Need a Data Catalog?

erwin

JUNE 26, 2020

These assets can include but are not limited to structured data, unstructured data (including documents, web pages, email, social media content, mobile data, images, audio, video and reports) and query results, etc. Sales are measured down to a zip code territory level across product categories. Ensures regulatory compliance.

Metadata

Metadata Unstructured data Compliance Sales

FTC, privacy, and vendor due diligence—and opt-in consent

Data Protection Report

MAY 10, 2018

According to the FTC’s complaint, BLU Products, which has sold millions of mobile devices worldwide through online as well as brick-and-mortar retailers, outsourced the actual manufacture of the devices to third parties. and its owner and president. At least since 2015, BLU licensed software from ADUPS Technology Co., The Complaint.

Privacy

Privacy Manufacturing Compliance Retail

GDPR for small business: the ultimate guide

IT Governance

JULY 2, 2020

Second, organisations must implement security measures to protect personal data from being breached or misused, and they must disclose any security incidents involving this data. There is also a special category of personal data devoted to sensitive information. What is personal data? What does the GDPR mean for my business?

GDPR

GDPR Personal data Data breaches Compliance

List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached

IT Governance

NOVEMBER 1, 2022

We identified 102 security incidents throughout the month, which is the second largest figure so far this year – trailing only August (112). As always, you can find the full list of data breaches and cyber attacks below, divided into their respective categories. Welcome to our October 2022 review of data breaches and cyber attacks.

Data breaches

Data breaches Ransomware Insurance Phishing

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Adam Levin

SEPTEMBER 5, 2019

They did it again this week with news that 419 million records, including phone numbers and user IDs, were scraped from Facebook and stored in a database that was just sitting online accessible to anyone who might like to peruse it. So, we can call this a Facebook privacy facepalm legacy attack. Another 18 million were UK users.

Mining

Mining Authentication Financial Services Privacy

CCPA compliance: A sustainable approach

Collibra

DECEMBER 30, 2020

CCPA stands for California Consumers Privacy Act (2018), intended to enhance privacy rights and consumer protection for residents of California, United States. . Businesses are required to give consumers notice explaining their privacy practices and not discriminate against consumers for exercising their rights under the CCPA.

Compliance

Compliance Sales Privacy Data Privacy

Key steps to GDPR compliance – Part 3

IT Governance

DECEMBER 20, 2017

According to Article 30 of the GDPR, companies will be required to record personal data processing activities including, but not limited to, the categories of data being processed, the categories of recipients of the data and time limits for keeping the data. Also available as a Live Online course: 22 January, 5 February.

GDPR

GDPR Compliance Data breaches Information Security

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

Hunton Privacy

MARCH 17, 2017

The CNIL’s methodology notes that, under the GDPR, organizations will have to keep full internal documentation of their data processing activities. verifying the data security measures implemented. verifying the data security measures implemented. The CNIL’s methodology proposes a template register. Step 4: Managing Risks.

GDPR

GDPR Personal data Compliance Privacy

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act. . As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR).

GDPR

GDPR Privacy Personal data Sales

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Readers may recall that New York’s security breach notification law (N.Y.

Security

Security Financial Services Passwords Risk

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act. . As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR).

GDPR

GDPR Privacy Personal data Sales

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

HL Chronicle of Data Protection

OCTOBER 3, 2018

This is the fifth installment in Hogan Lovells’ series on the California Consumer Privacy Act. . As the most comprehensive privacy law to be enacted in the United States thus far, the California Consumer Privacy Act (CCPA) has inevitably invited comparisons to the European Union’s General Data Protection Regulation (GDPR).

GDPR

GDPR Privacy Personal data Sales

Kali Linux Penetration Testing Tutorial: Step-By-Step Process

eSecurity Planet

APRIL 7, 2023

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. For now, Kali is primarily known for its roughly 600 open source pentesting tools, allowing pentesters to easily install a full range of offensive security tools.

Energy and Utilities

Energy and Utilities Cybersecurity Security Passwords

What Is Integrated Risk Management? Definition & Implementation

eSecurity Planet

APRIL 29, 2024

In our examples, the clothing brand secures a segregated design team with physical locks on the doors, extra computer security to prevent digital theft, and a backup solution for their marketing data. These include new opportunities, clear priorities, and better security, performance, and resilience.

Risk

Risk Compliance Communications Insurance

DPIAs for retail and hospitality

IT Governance

MARCH 26, 2019

You can build a picture of their behaviour and may even process special category data, such as health data. Use of facial/voice recognition and fingerprints to govern access constitutes biometric data which is special category data, the processing of which would constitute a reason to conduct a DPIA. Online tracking by third parties.

Retail

Retail Risk GDPR Government

Nevada, New York and other states follow California’s CCPA

Data Protection Report

JUNE 6, 2019

The US privacy law landscape continues to shift and evolve as state and federal privacy legislative proposals continue to be debated and become enacted. While CCPA-like bills in Washington and Texas failed to pass, Nevada passed its online privacy amendment and proposals in New York and Washington, DC appear to be gaining momentum.

Sales

Sales Privacy Insurance Manufacturing

IaaS vs PaaS vs SaaS Security: Which Is Most Secure?

eSecurity Planet

DECEMBER 18, 2023

Cloud computing services, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), each have unique security concerns. IaaS involves virtualized computing resources over the internet, with users responsible for securing the operating system, applications, data, and networks.

Security

Security Cloud Encryption Compliance

Class Action Targets Experian Over Account Security

Krebs on Security

AUGUST 5, 2022

The lawsuit, filed July 28, 2022 in California Central District Court, argues that Experian’s documented practice of allowing the re-registration of existing Experian accounts without first verifying that the existing account holder authorized the changes violates the Fair Credit Reporting Act.

Security

Security Computer and Electronics Passwords Privacy

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

Institutional Investor’s Introduction to Blockchain and Digital Asset Investing

Data Matters

NOVEMBER 2, 2021

We will also discuss a developing range of services referred to as digital asset “prime brokerage” — describing the suite of services typically provided by these prime brokers and comparing them to traditional offerings of prime brokers in the securities space. Traditional OTC Derivatives.

Blockchain

Blockchain Marketing Access Risk

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Data Matters

APRIL 6, 2022

Securities and Exchange Commission (SEC) Division of Enforcement (EXAMS or Division) issued its annual examination priorities. Microcap, Municipal, Fixed Income, and Over-the-Counter Securities. On March 30, 2022, the U.S. Broker-Dealer and Exchange Examination Program.

Retail

Retail Compliance Sales Risk

Hong Kong Regulator Imposes New Conditions to Regulate Outsourcing Arrangements for Cloud Storage

Data Matters

NOVEMBER 27, 2019

To secure SFC approval, the following summarized key requirements must be satisfied: 1) Key requirements where records are “exclusively” kept with EDSPs. ensuring information security to prevent unauthorized access, tampering or destruction of records. Eligibility requirements. Personnel requirements. by encryption).

Cloud

Cloud Access Information Security Risk

Why risk assessments are essential for GDPR compliance

IT Governance

OCTOBER 15, 2019

This isn’t just because the Regulation says so; it’s because risk assessments are essential for effective cyber security, helping organisations address an array of problems that, if left unchecked, could cause havoc. Organisations might assume that the only risks they face are from cyber criminals trying to break into their systems.

GDPR

GDPR Risk Compliance Personal data

What UK charities need to know about GDPR compliance

IT Governance

AUGUST 2, 2019

The Regulation treats charities in much the same way as any organisation, because although they’re not using personal data to make a profit, they still run the risk of data breaches and privacy violations. The UK government’s Cyber Security Breaches Survey 2019 found that one in five charities suffered a cyber attack last year.

GDPR

GDPR Compliance Personal data Risk

California Privacy Protection Agency Officially Commences CPRA Rulemaking Process

Hunton Privacy

JULY 8, 2022

On July 8, 2022, the California Privacy Protection Agency Board (“CPPA Board”) began the formal rulemaking process to establish regulations promulgating the amendments made to the California Consumer Privacy Act (“CCPA”) by the California Privacy Rights Act (“CPRA”) (collectively, the “CCPA/CPRA”).

Privacy

Privacy Sales Compliance Access

6 Best Threat Intelligence Feeds to Use in 2023

eSecurity Planet

AUGUST 10, 2023

Here are our picks for the top threat intelligence feeds that security teams should consider adding to their defensive arsenal: AlienVault Open Threat Exchange: Best for community-driven threat feeds FBI InfraGard: Best for critical infrastructure security abuse.ch

Cybersecurity

Cybersecurity Access Metadata Energy and Utilities

eDiscovery Expert Tom O’Connor Reviews CloudNine Platform

eDiscovery Daily

FEBRUARY 14, 2018

Platform Category: CloudNine is an eDiscovery product in the Cloud Platform category. Platform Description: CloudNine is an integrated, automated proprietary software offering which allows users to immediately upload, review, and produce electronic documents. Platform Security. Privacy Shield Framework.

Computer and Electronics

Computer and Electronics Analytics Cloud Compliance

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

We have shared below some interesting points that we’ve seen arising recently, all of which relate to how things are likely to develop from today onwards, including enforcement predictions, challenges related to operationalizing data subject access procedures, and how the GDPR may change the data privacy litigation landscape in Europe.

GDPR

GDPR Personal data Compliance Data breaches

Security Compliance & Data Privacy Regulations

New Jersey Becomes 14th State to Enact a Comprehensive State Privacy Law

Trending Sources

Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law

First American Financial Pays Farcical $500K Fine

How to implement the General Data Protection Regulation (GDPR)

How Companies Need to Treat User Data and Manage Their Partners

Online Trust Alliance Releases Privacy and Data Security Framework for Internet of Things

List of Data Breaches and Cyber Attacks – May 2023

Belgian Privacy Commission Issues Priorities and Thematic Dossier to Prepare for GDPR

CCPA In-Depth Series: Draft Attorney General Regulations on Verification, Children’s Privacy and Non-Discrimination

CCPA In-Depth Series: Draft Attorney General Regulations on Consumer Notice

CCPA Marches On: California Attorney General Proposes Further Revisions to CCPA Regulations, Industry Pleads for Enforcement Delay Amid COVID-19 Crisis

France: The CNIL publishes a practical guide on Data Protection Officers

UK Information Commissioner’s Office Publishes Final Guidance On Employee Monitoring

Canadian Privacy Commissioner Issues Report on Children’s Educational Apps

Do I Need a Data Catalog?

FTC, privacy, and vendor due diligence—and opt-in consent

GDPR for small business: the ultimate guide

List of Data Breaches and Cyber Attacks in October 2022 – 9.9 Million Records Breached

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

CCPA compliance: A sustainable approach

Key steps to GDPR compliance – Part 3

New York Enacts Stricter Data Cybersecurity Laws

CNIL Publishes Six Step Methodology and Tools to Prepare for GDPR

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

New York’s Breach Law Amendments and New Security Requirements

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

California Consumer Privacy Act: The Challenge Ahead – A Comparison of 10 Key Aspects of The GDPR and The CCPA

Kali Linux Penetration Testing Tutorial: Step-By-Step Process

What Is Integrated Risk Management? Definition & Implementation

DPIAs for retail and hospitality

Nevada, New York and other states follow California’s CCPA

IaaS vs PaaS vs SaaS Security: Which Is Most Secure?

Class Action Targets Experian Over Account Security

GDPR – The Year in Review

Institutional Investor’s Introduction to Blockchain and Digital Asset Investing

SEC Announces 2022 Examination Priorities: Private Funds, ESG, Retail, Cyber, Digital Assets Top the List

Hong Kong Regulator Imposes New Conditions to Regulate Outsourcing Arrangements for Cloud Storage

Why risk assessments are essential for GDPR compliance

What UK charities need to know about GDPR compliance

California Privacy Protection Agency Officially Commences CPRA Rulemaking Process

6 Best Threat Intelligence Feeds to Use in 2023

eDiscovery Expert Tom O’Connor Reviews CloudNine Platform

GDPR is upon us: are you ready for what comes next?

Stay Connected