PH Privacy

Swiss Privacy Shield Update: Get Ready to Certify on April 12
In less than a month, on April 12, the U.S. Department of Commerce (“Commerce”) will begin accepting applications for the Swiss-U.S. Privacy Shield Framework (“Swiss-U.S. Privacy Shield”).
New York’s New Cybersecurity Rule for Financial Institutions & How It May Affect You
New York’s top banking regulator, the New York Department of Financial Services (“NYDFS"), recently issued a revised rule, effective March 1, 2017, that requires banks, insurance companies and other financial institutions regulated by NYDFS to establish and maintain a comprehensive cybersecurity program to respond to the growing threat of cyber-attacks.
40-Day Delay in HIPAA Breach Notification Costs Illinois Health System $475,000
The U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), has recently announced its first Health Insurance Portability and Accountability Act (“HIPAA”) enforcement action for failure to timely comply with the HIPAA Breach Notification Rule (“Rule”), which came into effect in 2009.
FTC Staff Releases New Report on Cross-Device Tracking Recommending Transparency and Choice for Consumers
On January 23, 2017, the Federal Trade Commission (“FTC”) released a staff report on cross-device tracking (“Report”). The Report follows the discussions from the FTC’s November 2015 Cross-Device Tracking Workshop, which was part of a series of efforts to promote self-regulation and develop principles for the online behavioral advertising industry.
D-Link Challenges FTC’s Continued Pursuit of “Unfair” Security Practices Absent Evidence of Harm; Calls Allegations “Unsubstantiated and Vague”
Earlier this week, D-Link Systems, Inc. (“D-Link”), responded to the Federal Trade Commission (“FTC”) complaint challenging D-Link’s security practices for its routers and Internet Protocol (“IP”) cameras, calling the claim “unsubstantiated and vague”.
Swiss Privacy Shield Approved; Applications Accepted April 12
Yesterday, the U.S. International Trade Administration (“ITA”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) announced the final approval of a Swiss-U.S. Privacy Shield Framework (“Swiss Privacy Shield”), replacing the U.S.-Swiss Safe Harbor Framework (“U.S.-Swiss Safe Harbor”) for the transfer of data from Switzerland to the United States.
72-Hour Cyberattack Reporting Rule for Federal Government Contractors Finalized
The Department of Defense has promulgated a new rule, effective November 3, 2016, that requires federal defense contractors and subcontractors to report within 72 hours any cyber incidents “that result in an actual or potentially adverse effect on a covered contractor information system” (or “covered defense information residing therein”), or that affect “a contractor’s ability to provide operationally critical support.” The rule also establishes eligibility criteria for participation in the DoD’s voluntary Defense Industrial Base Cyber Security Program for sharing cyber threat information and cybersecurity best practices with program participants.
Clarifying Two Areas of Confusion on Privacy Shield: September 30, 2016, Deadline & Effect on Swiss Safe Harbor
With the European Commission’s (“EC”) approval of the U.S.-EU Privacy Shield Framework (“Privacy Shield) on July 12, 2016, many companies are rushing to self-certify to the new compliance mechanism for personal data transfers from Europe to the United States. By certifying in the first two months – by September 30, 2016 – organizations can take advantage of a nine-month grace period from the date they certify to bring their existing commercial relationships and agreements with third parties into conformity with the Accountability for Onward Transfer Principle.
Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification
On July 8, 2016, the EU Member States approved the EU-U.S. Privacy Shield, and the European Commission subsequently adopted it on July 12, 2016. With the U.S. Department of Commerce accepting certifications starting August 1, 2016, Privacy Shield will replace Safe Harbor as a compliance mechanism for personal data transfers from Europe to the United States (or a key component of a global data transfer strategy).
Privacy Shield Set For Formal Adoption Next Week: Beyond That, The Future Is Cloudy
A key European Union committee with responsibility for privacy determinations today approved the new EU-US Privacy Shield. With that approval, formal adoption by the European Commission is expected next week.
1 2 3 4