Minimizing board members’ responsibility for data breach

Among the consequences of a data breach for an organization is the risk of personal liability for board members. Besides the prevention measures that can/must be taken to avoid hacking, directors and management should invest in training, procedures, detection, and response. Going in the specific, the following can help directors in case their company suffers […]

Commission on Enhancing National Cybersecurity’s open meeting in NYC

On May 16, 2016, the Commission on Enhancing National Cybersecurity (“Cybersecurity Commission’) held an open meeting. The primary purpose of the meeting was to discuss the challenges and opportunities facing the finance and insurance sectors as the Commission develops detailed recommendations to strengthen cybersecurity in both the public and private sectors while protecting privacy, ensuring public safety […]

Francesca Giannoni-Crystal, so much promise, so little delivery …, i.e. why the Privacy Shield might not matter much for the biggest American businesses (read: tech-giants)

After the October 6, 2015, European Court of Justice’s annulment of the Safe Harbor decision of adequacy (Maximilian Schrems v. Data Protection Commissioner), the European Data Protection Authorities (DPAs) gave businesses until January 31, 2016, for the start of enforcement of the Schrems’ decision (see here). The Safe Harbor Scheme had been used for almost 15 years as the […]

Consumer Financial Protection Bureau (CFPB) issued first order for violation of privacy

On March 2, 2016, the Consumer Financial Protection Bureau (CFPB)  brought its first data security enforcement action, acting as federal data security regulator to ensure that financial companies and service providers adequately secure consumers’ information. The CFPB, a federal agency – whose creation was authorized by the Dodd–Frank Wall Street Reform and Consumer Protection Act in […]

Francesca Giannoni-Crystal and Allyson Haynes Stuart, EU data protection and cybersecurity law as applied to the IoT – some thoughts about why it is inadequate

Internet-of-Things (IoT) (or internet-of-everything as it is often interchangeably called-) is a buzzword and it is all over. At present, the news is more technological than legal. Nonetheless, the IoT triggers some worrisome legal issues, among which data collection, data security, and invasion of privacy are among the most compelling. Actually, these issues are imposing because […]

Judicial Redress Act signed into law by President Obama

On February 24, 2016, President Barack Obama signed the Judicial Redress Act into law, so granting the citizens of certain allied countries the same protection of US citizens under the Privacy Act. The full title of the Bill is: “To extend Privacy Act remedies to citizens of certified states, and for other purposes.” The President […]

The Internet-of-Things (IoT) (or Internet of Everything) – privacy and data protection issues in the EU and the US

Francesca Giannoni-Crystal & Allyson Haynes Stuart have just published in the Information law Journal an article dealing with privacy and data protection in the IoT. The article deals with recent developments in the IoT sector, highlights the difficulty of giving a definition of the IoT, and discuss the most important authorities (on the two side of the Atlantic) […]

FDA issues draft guidance “Postmarket Management of Cybersecurity in Medical Devices”

On January 22, 2016, the U.S. Food and Drug Administration (“FDA”) released draft guidance entitled “Postmarket Management of Cybersecurity in Medical Devices”. The document outlines recommendations to medical device manufacturers for managing postmarket cybersecurity vulnerabilities for marketed medical devices. The draft guidance applies to: 1) medical devices that contain software (including firmware) or programmable logic, […]

Obama establishes Federal Privacy Council

On February 9, 2016, President Obama President issued an executive order establishing the “Federal Privacy Council”, an interagency support structure consisting of senior privacy officials from each cabinet agency. The Privacy Council was established – according to the President – to protect privacy in order to maintain trust in the public institutions, considering the large amounts of […]