Assuming your business activities fall within the territorial scope of the GDPR, you may be required to designate a Data Protection Officer (DPO). A DPO may be an employee or designated outside service provider who has expert knowledge of data protection law and practices. The DPO’s job is to inform and advise the company of… Continue reading Do You Need A DPO?
The GDPR represents a complete overhaul to the EU’s current privacy framework. The GDPR is intended to have broader and more comprehensive rules regarding the processing, use, and storage of personal data than the EU’s prior Data Protection Directive 95/46/EC. More importantly, unlike the Data Protection Directive the GDPR will not require transposition into legislation… Continue reading The GDPR’s Territorial Scope
This month, Tracking Data will be covering the EU’s General Data Protection Regulation (GDPR), which was adopted on April 27, 2016 and goes into effect on May 25, 2018. The GDPR defines a broad set of rights and principles governing the protection of EU data subjects. These rights include the right to access one’s personal… Continue reading March Is GDPR Awareness Month
Last week the U.S. Securities and Exchange Commission (SEC) published new cybersecurity guidance for public companies. The guidance reinforces and expands upon a 2011 SEC publication, and highlights two additional topics: (1) the importance of robust cybersecurity disclosure policies and procedures and (2) the application of insider trading prohibitions in the cybersecurity context. Disclosure Controls and… Continue reading SEC Issues Interpretive Guidance on Cybersecurity Disclosures
On Tuesday, Attorney General Jeff Sessions announced that the Department of Justice would create a “Cyber-Digital Task Force” designed to investigate and identify ongoing global cybersecurity threats. According to a press release issued by the Justice Department, the proposed task force would prioritize its efforts on specific areas of cybersecurity risk, including efforts to interfere… Continue reading The DOJ Announces the Creation of a New Cybersecurity Task Force
This week, Oregon lawmakers introduced a bill (HB4147) that would require companies to notify consumers within 45 days of discovering a data breach of their personal information. The so-called “Equifax Bill” also would prohibit companies from charging consumers or requesting their credit or debit card numbers to redeem offers for free credit card monitoring or a… Continue reading Oregon Legislation Alert
Earlier this week, Apple, Cisco, Aon, and Allianz announced their plan to create a joint cyber risk management service intended to better protect companies facing or dealing with cyber attacks. According to the companies’ joint press release, the proposed solution would be comprised of “cyber resilience evaluation services from Aon, the most secure technology from… Continue reading Apple, Cisco, Aon, and Allianz Announce Joint Cyber Risk Management Solution