SEC Emphasizes Cybersecurity as a Focus Area for the Coming Year

Last week, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations released its enforcement priorities for 2018.  Making the list for the fifth year in a row, cybersecurity was emphasized as a focus for the SEC in the coming year.

In a recent post on Squire Patton Boggs’ anticorruption blog, Coates Lear, Tara Swaminath, and Elizabeth Weil Shaw discuss the announcement, as well as the implications of the SEC’s recent and continued emphasis on cybersecurity. Click here to read the post.

The GDPR’s Impact on CCTV and Workplace Surveillance

What is CCTV?

CCTV means closed-circuit television, also known as video surveillance. Video surveillance systems monitors the behavior, activities, or other changing information, usually, of people from a distance by means of electronic equipment.

Video surveillance can include anything from closed circuit television or automatic number-plate recognition systems, to any other system for recording, storing, receiving or viewing visual images for surveillance purposes.

In 2016, it was estimated that there were approximately 350 million video surveillance cameras installed worldwide. Continue Reading

Security and Privacy: A View from Asia and the Middle East

As 2018 picks up steam from its start, we are beginning to see traction in relation to various new regional data privacy and cybersecurity laws.  Many of the provisions seem designed to enable countries to seek an EU Adequacy Finding, which is akin to the Privacy Shield provisions between the EU and the US.  This would allow the easier transfer of EU data between the countries. Continue Reading

HHS Office for Civil Rights Issues Updated HIPAA and Research Guidance in Response to 21st Century Cures Act Mandate

Last month, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued two helpful new HIPAA guidance documents regarding research uses and disclosures of PHI, fulfilling a mandate in the 21st Century Cures Act (Public Law 114-255) (the “Act”).  Although the documents merely reaffirm prior guidance in many places, the documents also contain helpful new information and serve to collect prior guidance spread in numerous places into a single location.  The first document focuses on research authorizations and revocations: Continue Reading

A Week Later, Early Predictions about Meltdown and Spectre Largely Hold True

The two attacks affect nearly 90 percent of the world’s computers.

Recent reports suggest that computers – personal, business, and cellular alike – are susceptible to two newly discovered major security flaws. These flaws, colloquially known as “Meltdown” and “Spectre,” could open the door for hackers to access the contents of almost any computer.

Meltdown could provide hackers the ability to become squatters on cloud-based services, but more importantly provide them access to other consumers’ information, including passwords. In cloud-based services where consumers generally share servers, there are protocols in place to protect each customer’s information from being accessible to the others.  Meltdown provides a way for hackers to circumvent those protocols, read sensitive data or gain access to other applications running on a shared server. Continue Reading

How to Find Official Guidance on the EU General Data Protection Regulation (GDPR)

Happy New Year!  With 2018 off to a rapid start, companies now have fewer than five months to become GDPR-compliant.

Although the basic principles and obligations enshrined in the GDPR are not new, the GDPR contains a complex, interlinked series of requirements whose practical application to real world situations is often very unclear.  The Article 29 Working Party, a body consisting of EU national data protection authorities, has issued several important opinions and guidelines intended to help data controllers and processors interpret the new rules. These guidelines, while not legally binding, are influential and are likely to be given considerable weight by reviewing courts. Continue Reading

France’s Law to Accompany the GDPR and EU Directive Published

On December 13, 2017 the French Ministry of Justice published a draft law to accompany the implementation within France of the General Data Protection Regulation 2016/679 (GDPR) and the Directive 2016/680, governing the handling of data in law enforcement situations.

The following are some of the noticeable change brought by the draft law with respect to GDPR.

(Temporarily) Unclear and Not User-friendly

It is presented as an amendment to the existing French Data Protection Act (DPA, known as Loi Informatique & Libertés) and the press release indicates that “the government has made the choice to keep the existing structure.” Continue Reading