On December 4, 2024, four of the five members of the Five Eyes intelligence-sharing group (the United States, Australia, Canada, and New Zealand) law enforcement and cyber security agencies (Agencies) published a joint guide...more
CYBERSECURITY -
Patch Adobe ColdFusion Vulnerabilities Being Exploited in the Wild ASAP -
Adobe has issued alerts on three vulnerabilities affecting its ColdFusion product. The first alert, issued on July 11, 2023,...more
7/24/2023
/ Adobe ,
Artificial Intelligence ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Framework ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Drones ,
EU ,
Hackers ,
Machine Learning ,
Vulnerability Assessments
On July 10, the European Commission (EC) published its data adequacy decision for the new EU-U.S. Data Privacy Framework (EU-U.S. DPF). This means that companies can transfer personal data from EU countries and from Iceland,...more
CYBERSECURITY FBI, CISA + MS-ISAC Warn of LockBit 3.0 Ransomware The FBI, CISA and the Multi-State Information Sharing and Analysis Center (MSISAC) recently released a joint cybersecurity advisory, warning organizations about...more
3/24/2023
/ Artificial Intelligence ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
TikTok ,
Vulnerability Assessments
CYBERSECURITY -
Joint Advisory Outlines Attacks by Daixin Team -
The Cybersecurity & Infrastructure Security Agency, the FBI and the U.S. Department of Health & Human Services released a Joint Advisory last week warning...more
11/4/2022
/ Biometric Information ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Employee Monitoring ,
EU-US Privacy Shield ,
Popular ,
Ransomware ,
Vulnerability Assessments
President Biden recently signed an executive order establishing the implementation of the new EU-U.S. Data Privacy Framework, which would provide for the possibility of the lawful transfer of personal data from the European...more
11/4/2022
/ Biden Administration ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
Data Protection ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Agenda ,
Regulatory Reform ,
Schrems I & Schrems II
CYBERSECURITY -
Second Security Directive Issued by TSA to Pipeline Operators -
The U.S. Transportation Security Administration (TSA) issued its second Security Directive to the pipeline industry on July 20, 2021,...more
7/23/2021
/ Customs and Border Protection ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Drones ,
FBI ,
Hackers ,
Infrastructure ,
Location Data ,
NASA ,
Olympics ,
Pipelines ,
Ransomware ,
TSA
CYBERSECURITY -
President Biden Signs Executive Order to Strengthen Cybersecurity for Federal Government Following Colonial Pipeline Attack -
President Joe Biden signed an Executive Order on Wednesday, May 12, 2021,...more
5/14/2021
/ Biden Administration ,
Critical Infrastructure Sectors ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Sellers ,
FBI ,
Hackers ,
Pipelines ,
Regulatory Agenda ,
Supply Chain
Cyber-attacks and Cybersecurity Failure Are Top Risks of the Next Decade Says World Economic Forum -
Although somewhat obvious, the World Economic Forum, in partnership with Marsh McLennan, SK Group and Zurich Insurance...more
2/16/2021
/ Critical Infrastructure Sectors ,
Cryptocurrency ,
Cyber Attacks ,
Cyber Insurance ,
Cybersecurity ,
Cybertheft ,
Data Breach ,
Data Protection ,
Hackers ,
NYDFS ,
Personally Identifiable Information ,
Popular ,
Social Media
A Tampa, Florida area water facility was recently hacked using a popular remote-access software tool. The unidentified hacker also used the software to connect to an on-site computer and then used that computer to access the...more
The Irish Data Protection Commission (DPC) fined Twitter 450,000 euros (about US$546,000) for failing to timely notify the Irish DPC within the required 72 hours of discovering a Q4 2018 breach involving a bug in its Android...more
1/5/2021
/ Breach Notification Rule ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
Failure to Notify ,
General Data Protection Regulation (GDPR) ,
Ireland ,
Regulatory Violations ,
Twitter
Last week, the High Court of Ireland submitted eleven questions to the Court of Justice for the European Union (CJEU) to consider about the personal data transfer regime between the European Union (EU) and the United States....more
Privacy laws in Asia-Pacific countries such as Japan, Australia, New Zealand and Singapore restrict the export of personal information except when the exporter meets certain qualifying conditions. One qualifying condition is...more
Tobias Boelter, a University of California Berkeley cryptography researcher claims that last year he found a security flaw in WhatsApp’s encrypted smart phone messaging application. The flaw, which relates to the unique...more
2/6/2017
/ Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Facebook ,
Germany ,
Mobile Apps ,
Mobile Devices ,
Personally Identifiable Information ,
Social Networks ,
WhatsApp
As we previously reported, this February, United States (U.S.) and European Union (EU) negotiators announced the “U.S.-EU Privacy Shield” as a replacement to the U.S. Safe Harbor. Many U.S. companies relied on the Safe Harbor...more
More than a billion people on the planet use online messaging service WhatsApp to send and receive messages, photo and videos and to make phone calls over the Internet. Most of WhatsApp’s users are outside the United States....more
The General Data Protection Regulation (GDPR) was recently approved by the 28 member states of the Council of European Union. By plenary vote, the European Parliament approved GDPR on April 14.
The GDPR will take effect...more
Twitter International Company (TIC) in Dublin, Ireland was reportedly ordered by a High Court to disclose data about the source of tweets about a whistleblower. The tweets, which included allegations of insurance fraud, are...more
10/8/2015
/ Data Protection ,
Defamation ,
Disclosure ,
Gifts ,
Healthcare ,
Hospitals ,
Insurance Fraud ,
Ireland ,
Privacy Policy ,
Retaliation ,
Twitter ,
Whistleblower Protection Policies ,
Whistleblowers
The Securities and Exchange Commission (“SEC”) recently settled its first cybersecurity-related enforcement action against a Missouri based registered investment adviser, R.T. Jones Capital Equities Management, Inc. (the ...more
10/2/2015
/ Broker-Dealer ,
Compliance ,
Confidential Information ,
Credit Monitoring ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Equity Plans ,
Fair Credit Reporting Act (FCRA) ,
Gramm-Leach-Blilely Act ,
Investment Adviser ,
Investment Companies ,
Investment Firms ,
Investment Portfolios ,
OCIE ,
Personally Identifiable Information ,
Regulation S-P ,
Risk Alert ,
Safeguards Rule ,
Securities and Exchange Commission (SEC)
Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) has been amended by The Digital Privacy Act (the “DPA”). DPA updates PIPEDA and modernizes Canadian data privacy and security law. DPA is now...more
8/21/2015
/ Breach Notification Rule ,
Canada ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
DPA ,
Electronically Stored Information ,
Personally Identifiable Information ,
PIPEDA ,
Prior Express Consent ,
Privacy Laws
This month, the Ponemon Institute released its Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data and its findings are generating a good deal of attention. In the past, the Study has found that most data...more