On February 28, 2018, the Belgian Privacy Commission issued a recommendation on the position it takes with regard to data protection impact assessments (or “DPIAs”) as foreseen in the GDPR. A DPIA under the GDPR is similar in scope and impact to its predecessor, the PIA (or “privacy impact assessment”) and requires businesses to assess […]
Data Security
Seventh Circuit Affirms Dismissal of Schnuck Markets Data Breach Lawsuit
The United States Court of Appeals for the Seventh Circuit recently affirmed the dismissal of a putative class action brought by financial institutions against Schnuck Markets, Inc., following a data breach impacting Schnuck beginning late 2012. The plaintiffs attempted to assert claims of negligence, negligence per se, various contract claims, and violation of Illinois consumer […]
DHS and FBI Issue a Joint Technical Alert with UK Warning Russian State-Sponsored Cyber Attacks
On April 16, 2018, the Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom’s National Cyber Security Centre issued a joint Technical Alert (TA), alerting the worldwide cyber exploitation of network infrastructure devices by Russian state-sponsored cyber actors. The TA explains primary targets to be government and private-sector organizations, […]
SEC Adopts Statement and Interpretive Guidance on Public Company Cybersecurity Disclosures
The Securities and Exchange Commission (SEC) issued a press release announcing its unanimous approval of a statement by SEC Chairman Jay Clayton and interpretive guidance (the “2018 Guidance”) to assist public companies in preparing disclosures about cybersecurity risks and incidents. This is the first interpretive guidance published by the full Commission on the topic of […]
100 Days Until GDPR Effective Date – Sharing Our GDPR Experience
In less than 100 days, the General Data Protection Regulation (GDPR) will go into effect. This means that as of May 25, 2018, each national Supervisory Authority will have the authority to apply and enforce the GDPR. The GDPR raises the bar in terms of requirements substantially higher than the Data Protection Framework Directive. For […]