The Network and Information security (NIS) Directive – which was put forward in 2013 by the Commission and aims at increasing cooperation between member states and laying down security obligations for operators of essential services and digital service providers – still awaits for the European Parliament second reading. An informal agreement on the proposal was reached […]
On May 4, 2016, Regulation (EU) 2016/679 of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (in short “GDPR” ) was published in the Official Journal of the European Union. The GDPR shall […]
The California Attorney General released the California Data Breach Report (February 2016). The report is based on the notifications Californians to the Attorney General of breaches by businesses and government agencies (notification is required by law when affecting more than 500). The report analyzes breaches from 2012 through 2015. In 4 years, the Attorney General received […]
On April 11, 2016, the European Commission opened a public consultation on the current text of the ePrivacy Directive (EU Directive 2002/58/EC on privacy and electronic communications). According to the EU Commission, following the adoption of the General Data Protection Regulation (GDPR, see here), the ePrivacy rules will also need to be reviewed. The Commission […]
Tennessee has modified its data breach statute. See here .Three important points: 1) the definition of data breach requiring notification now includes loss of encrypted data (not only unencrypted as before). Tennessee is first jurisdiction to provide this way; 2) the notification must be given to residents of Tennessee within a specific time limit: 45 […]
Tags: DATA PROTECTION
On April 11, 2016, the Forth Circuit held that Travelers Indemnity Company of America (“Travelers”) had a duty to defend its insured Portal Healthcare Solutions, LLC (“Portal”), sued in a lawsuit for data breach, under the terms of a commercial general liability (CGL) policy (note: not a cybersecurity policy). Travelers Indem. Co. of Am. v. […]
The Information Commissioner’s Office (ICO), i.e. the United Kingdom’s Data Protection Authority, has prepared a checklist with 12 steps that organization can take now to prepare for the General Data Protection Regulation (GDPR) which is expected to come into force in mid- 2018: Awareness: make sure that decision makers and key people in each organization must be […]
The European Parliament has approved the new General Data Protection Regulations (GDPR). European Commission First Vice-President Frans Timmermans, Vice-President in charge of the Digital Single Market Andrus Ansip, and Commissioner for Justice, Consumers and Gender Equality, Věra Jourová issued a joint statement welcoming the approval. Read more here. For more information, Francesca Giannoni-Crystal.
In its meeting of April 13, 2016 the WP29 issued a 57 pages opinion on the draft adequacy decision that the EU Commission made available on February 29, 2016. Together with the draft adequacy decision, the Commission disclosed a package of documents (including correspondence with its American counterparts). In order to give an opinion on […]
The EU Commission “seeks stakeholders’ views on the current text of the ePrivacy Directive as well as the possible changes to the existing legal framework to make sure it is up to date with the new challenges of the digital area. Public Consultation on the Evaluation and Review of the ePrivacy Directive.” In the view of […]