Kim Peretti, partner and co-chair of the firm’s Cybersecurity Preparedness & Response Team, was quoted in an InsideCybersecurity daily news report on October 2 titled, “Amid regulatory fears, boards improve on cybersecurity.” A recent report from Georgia Tech Information Security Center shows an increase in boardroom involvement in cybersecurity management – 63 percent of boards are now actively addressing IT […]
Data Protection
European Court of Justice Strikes Down Safe Harbor
In a momentous judgment, the European Court of Justice (“ECJ”) today invalidated the European Commission’s decision establishing the E.U.-US Safe Harbor for transfers of personal data (“Safe Harbor Decision”). The ruling was made with record dispatch, following on an Advocate General Opinion recommending invalidation that was delivered to the Court only two weeks ago. Facts […]
Swire Challenges Factual Basis of Schrems Decision
In an article published today, Senior Counsel Peter Swire challenges the factual basis for the Advocate General’s recent opinion in the so-called “Schrems case” against the E.U.-U.S. Safe Harbor framework. Thousands of U.S. businesses rely on the Safe Harbor framework in order to support the transfer of data from the European Union. As previously discussed […]
Illinois Governor Vetoes Data Protection Bill; Suggests Revisions
Illinois Governor Bruce Rauner vetoed a bill amending the state’s data breach notification law on August 21, 2015, saying in a letter to the General Assembly that the bill “goes too far, imposing duplicative and burdensome requirements that are out-of-step with other states.” The bill, S.B. 1833, would have amended Illinois’ Personal Information Protection Act […]
PCI Security Standards Council Issues New Supplementary Compliance Requirements for the Data Security Standard
The Payment Card Industry (“PCI”) Security Standards Council (“SSC”) recently published a supplement to the PCI Data Security Standard (“DSS”) that will require certain Designated Entities to comply with an additional set of compliance-based requirements. The additional requirements, called the “Designated Entities Supplemental Validation,” or DESV, are designed to “help organizations make payment security part […]