On October 6, California Governor Jerry Brown signed into law two different updates to California’s data breach notification statute. Both updates will become effective on January 1, 2016. The first update, AB 964, defines “encrypted” for purpose of the statute to mean ”rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology […]
Security Breach
European Court of Justice Strikes Down Safe Harbor
In a momentous judgment, the European Court of Justice (“ECJ”) today invalidated the European Commission’s decision establishing the E.U.-US Safe Harbor for transfers of personal data (“Safe Harbor Decision”). The ruling was made with record dispatch, following on an Advocate General Opinion recommending invalidation that was delivered to the Court only two weeks ago. Facts […]
PCI Security Standards Council Publishes Data Breach Response Guidance
The PCI Security Standards Council (PCI-SSC) has released new guidance on its website advising merchants how to deal with a data breach. The guidance particularly details when a PCI Forensic Investigator (PFI) will be required, and provides tips on making the PFI process go smoothly. The PCI-SSC states that “preparing for the worst is the […]
Alston & Bird Conducts Cybersecurity Preparedness and Response Training with Industry Experts
Alston & Bird’s Cybersecurity Preparedness and Response (CPR) team recently partnered with Stroz Friedberg and Brunswick Group to conduct a comprehensive, all day breach preparedness and response training session for A&B team members. Approximately 35 members of the firm participated in this in person multi-disciplinary training session. CPR team members shared their experiences and insight […]
Third Circuit Affirms FTC’s Authority to Regulate Data Security
On August 24, 2015, the Third Circuit affirmed U.S. District Court Judge Esther Salas’ April 2014 ruling in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) that the FTC has the authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act. (Prior blog posts on this case can be found here […]