On November 27, the European Parliament confirmed that Giovanni Buttarelli will serve as the next European Data Protection Supervisor (“EDPS”). Buttarelli will take over for Peter Hustinx, who served as EDPS for 10 years. Prior to his appointment, Buttarelli was the Assistant EDPS, a position which will now be held by Wojciech Rafal Wiewiórowski. Buttarelli’s privacy experience […]
Data Protection
EU’s Article 29 Working Party Releases Opinion on Internet of Things Protections
The European Union’s Article 29 Data Protection Working Party (WP29) adopted an opinion (the Opinion) on September 16, 2014 regarding data protection within the Internet of Things (IoT). Recognizing the rapid growth of the IoT, the Opinion responds to emerging data privacy concerns within the IoT, and provides recommendations for stakeholder compliance with EU data […]
New California Law Expands Data Security Requirements, SSN Protections and Breach Notification Obligations
On September 30, 2014, the Governor of California signed Assembly Bill 1710, which made three small but important changes to the state’s privacy laws. The bill: (1) amended California’s breach notification law to require that the notifying entities offer identity theft protection services to affected individuals in certain cases; (2) required California businesses that “maintain” […]
WP29 Announces a Common “Tool-Box” Approach to Handling of Complaints under the Right to be Forgotten
On September 18, 2014, the Article 29 Working Party (the “WP29”) issued a press release, announcing that the European data protection authorities agreed on a common “tool-box” approach to handling complaints lodged due to search engines’ refusal to remove complainant’s entries from their search results. In a landmark ruling on May 13, 2014, the Court […]
PCI Security Standards Council Publishes Third-Party Security Assurance Guidance
The Payment Card Industry Security Standards Council (PCI-SSC) today released recommendations for meeting the PCI Data Security Standard (PCI-DSS) when sharing cardholder data with third party service providers. PCI-DSS requires a merchant or other entity in entrusted with cardholder data to ensure that cardholder data continues to be protected when it is provided to a […]