Category

Data Breaches

Category

The EDPB recently published updated Guidelines 9/2022 (“Guidelines”) on personal data breach notification under GDPR, following a targeted public consultation which concerned data breach notification for controllers not established in the EU/EEA. The updated Guidelines were adopted on 28 March 2023 and can be found here. The key update to be aware of concerns paragraph 73 of the Guidelines, which relates to the notification requirements for personal data breaches at non-EU establishments. In particular, the…

Este septiembre la autoridad de protección de datos de Berlín (Berliner Beauftragte für Datenschutz und Informationsfreiheit, BInBDI) ha anunciado una importante sanción a un grupo empresarial del sector e-commerce retail de 525.000€. Sin entrar en los detalles técnicos del caso sí que hay que remarcar que la principal recriminación jurídica que hace la autoridad a la empresa sancionada es que la persona designada como delegada de protección de datos (DPO) es simultáneamente director general de…

Navigating multiple regulatory frameworks requires cross-border awareness and cooperation by numerous teams when a data breach occurs across international borders. In this particular session on International Regulatory Updates (Asia Pacific), our Partner Sonia Ong shares her views on recent and pending regulatory developments, and the future of international data protection laws in the region particularly across Southeast Asia. This webinar is part of the virtual program of the Santa Monica Cyber Risk Summit organized by…

The Securities and Exchange Commission fined a real estate services company for inadequate disclosure controls and procedures violations related to a cybersecurity vulnerability that exposed hundreds of thousands of sensitive customer records. Background In 2019, a cybersecurity journalist discovered and notified the real estate services company about a vulnerability with its document and images sharing app that exposed over 800 million images dating back to 2003, including documents that contained sensitive personal information such as…

The UK data protection regulator, the Information Commissioner’s office, has issued three significant monetary penalties over recent months focusing on cyber security issues. The most recent enforcement was a monetary penalty of £1.25 million on Ticketmaster in connection with an incident which occurred during February 2018 and June 2018 (although the enforcement only relates to the period after 25 May 2018 when the GDPR came into force). In the ICO’s view there was a failure…

The UK data protection regulator, the Information Commissioner’s Office, has issued a monetary penalty to £20m on British Airways in connection with a cyber-attack which took place in 2018. In the ICO’s view there was a failure to process personal data in a manner that ensured appropriate security, as required under Articles 5(1)(f) and Articles 32 of the GDPR. The incident commenced with a “supply chain attack” where BA’s network was accessed by an attacker…

Along with changes brought by the CCPA, companies should be aware of other important privacy developments that went into effect in early 2020.  Notable changes to data breach notification laws in California, Illinois, Oregon, and Texas promise to have a significant impact on businesses experiencing security incidents and signal a movement towards stricter and more demanding requirements in this space.    California Amends Definition of Personal Information for Breach Notification         The definition of personal information…

Mandatory data breach notification (MDBN) becomes law in Australia on 22 February 2018. This is a high-impact development requiring businesses to respond as expenditure on advertising and years of building customer trust through high-quality service and reputable conduct is put at risk by the obligation to inform customers when security measures fail. Does the law apply to you? Subject to some exceptions the mandatory notification provisions will apply to private sector entities subject to the…