IT Governance

DECEMBER 1, 2022

Welcome to our November 2022 review of data breaches and cyber attacks. The first was a data breach at Twitter, in the latest PR disaster for the social media giant. The second was a cyber attack on the Russian scooter-sharing service Whoosh, which was discovered after customers’ data was put up for sale on the dark web.

Data breaches 115

Data breaches Ransomware Personal data Insurance 115

IT Governance

AUGUST 1, 2022

Welcome to our July 2022 review of data breaches and cyber attacks. You can find the full list below, broken into categories. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox. Cyber attacks. Cyber attacks. Ransomware.

Data breaches 119

Data breaches Ransomware Insurance Access 119

IT Governance

JUNE 30, 2022

Welcome to our June 2022 review of data breaches and cyber attacks. You can find the full list below, broken down into categories. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox. Cyber attacks. Cyber attacks.

Data breaches 136

Data breaches Ransomware Personal data Blockchain 136

IT Governance

DECEMBER 19, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. We’re also introducing two new categories this week: ‘AI’ and ‘Key dates’. Data breached: personal data belonging to 14,690,284 individuals.

Data Privacy 52

Data Privacy Manufacturing Privacy Energy and Utilities 52

IT Governance

NOVEMBER 28, 2023

At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. The ‘enforcement’ and ‘other news’ categories remain unchanged. The data contains more than 56 million records, some of which are duplicates.

Data Privacy 52

Data Privacy Privacy Energy and Utilities Data breaches 52

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR-style data privacy laws came to the U.S. Healthcare Data Privacy Laws.

Data Privacy 145

Data Privacy Compliance Privacy Security 145

DLA Piper Privacy Matters

OCTOBER 25, 2022

The ICO found that Interserve had failed to put appropriate technical and organisational measures in place to secure personal data (in contravention of Articles 5(1)(f) and 32 GDPR) for a period of ~20 months. On 24 October 2022, the ICO issued a penalty notice (MPN) to Interserve Group Limited (Interserve), imposing a fine of £4.4m

Security 52

Security GDPR Personal data Insurance 52

Adam Levin

JUNE 30, 2020

No industry, category, size, or group is safe from this cyber scourge. In the same survey, 35 percent thought CEOs should be fined for a cyber failure, and 30 percent wanted to see a CEO lose his or her right to run any company following a serious cyber event. 1-99-employee companies are a target. What can CEOs do?

Ransomware 74

Ransomware Insurance Cybersecurity Manufacturing 74

Data Protection Report

JANUARY 4, 2024

a. Automated Decision-Making Technology b. Cybersecurity Audits c. Risk Assessments 4. The exception applied to the workers’ data because the biometric data was “collected, used or stored for health care treatment, payment or operations under HIPAA” only, and the source of the data was not relevant.

Privacy 111

Privacy Cybersecurity Artificial Intelligence e-Discovery 111

DLA Piper Privacy Matters

DECEMBER 3, 2021

The United Arab Emirates (“UAE”) has enacted its long awaited federal level data protection law. 45 of 2021 on the Protection of Personal Data Protection (“ PDPL ”), which was issued on 26 September 2021. This article examines some of its key features. What does the PDPL cover and who does it apply to? Definitions.

Personal data 105

Personal data Data breaches GDPR Compliance 105

DLA Piper Privacy Matters

NOVEMBER 6, 2019

On 30 October 2019, the Berlin Commissioner for Data Protection and Freedom of Information ( Berliner Beauftragte für Datenschutz und Informationsfreiheit – “ Berlin DPA ”) imposed an administrative fine of about EUR 14.5 million against Deutsche Wohnen SE for infringements of the General Data Protection Regulation (GDPR).

GDPR 98

GDPR Personal data Archiving Compliance 98

Data Protection Report

AUGUST 16, 2017

On the 7 th August 2017, the UK’s Government Department for Digital, Culture, Media and Sport issued a Statement of Intent (the Statement ) outlining its planned reforms of the UK’s data protection laws which are to be implemented by the Data Protection Bill (the Bill ).

Government 40

Government GDPR Personal data Insurance 40

AIIM

JULY 24, 2018

Given the imposition of more onerous GDPR accountability provisions its incumbent on both data controllers and processors to ensure that their respective obligations are clearly spelled out in their respective Data Processing Agreements and that such provisions adhere to GDPR controller and processor obligations.

GDPR 83

GDPR Compliance Privacy Data Privacy 83

DLA Piper Privacy Matters

NOVEMBER 19, 2018

The French supervisory authority (the CNIL) has been very active regarding DPIAs by developing online tools and assessment forms to provide step by step guidance to data controllers on how to conduct a DPIA. the processing is already covered by a record of processing held by the data protection officer, where applicable.

Data Privacy 40

Data Privacy IT GDPR Privacy 40

IT Governance

JANUARY 7, 2020

In our first review of 2020, we look at a new twist on a PayPal scam, and discuss data breaches at an IVF treatment facility and in the Singapore government. It begins with a standard phishing email, but victims end up handing over financial and personal details in addition to their login credentials. The final trick.

Phishing 94

Phishing Passwords Access Government 94

Data Protection Report

MAY 23, 2018

The stated purpose of the new law is to give people more control over their personal data and make it easier to access it. So if you’re not a social network, mobile app, driverless car, or one of the big data companies, does this mean you can breathe a sigh of relief? Challenge #3.

GDPR 40

GDPR Personal data Compliance Data breaches 40

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

Consumers will be permitted to request that a business disclose both the categories and specific pieces of the personal information collected. Consumers will be permitted to request that a business delete personal information it has collected about the consumer, including all data in the possession of the businesses’ vendors.

Privacy 58

Privacy Sales Compliance Cybersecurity 58

DLA Piper Privacy Matters

FEBRUARY 7, 2019

Likewise, although more limited, GDPR imposes direct obligations on the Processor, including the (joint) requirement to implement appropriate technical and organisational security measures under Article 32 and the obligation to notify the Controller of a personal data breach without undue delay under Article 33(2).

GDPR 49

GDPR Risk Data breaches Personal data 49

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

Consumers will be permitted to request that a business disclose both the categories and specific pieces of the personal information collected. Consumers will be permitted to request that a business delete personal information it has collected about the consumer, including all data in the possession of the businesses’ vendors.

Privacy 58

Privacy Sales Education Compliance 58