Hunton & Williams writes: On May 25, 2015, the French Data Protection Authority (“CNIL”) released its long-awaited annual inspection program for 2015. Under French data protection law, the CNIL may conduct four types of inspections: (1) on-site inspections (i.e., the CNIL may visit a company’s facilities and access anything that stores personal data); (2) document reviews (i.e.,…
Category: Commentaries and Analyses
Data breach liability: confidentiality vs. privacy
Glynna Christian and Nikki Mondschein of Kaye Scholer LLP provide food for thought for businesses and covered entities when reviewing contracts with IT service providers: IT service providers, particularly cloud service providers, increasingly are resisting unlimited liability for breaches of privacy and data security obligations in their customer agreements. Instead, they offer unlimited liability for breaches of…
One More Reason for Companies to Report Data Breaches
Judith Germano follows up on a post by FTC Assistant Mark Eichorn on what to expect if the FTC comes calling after a breach. Germano writes, in part: The Department of Justice has been reaching out for years to assist victims of data breaches. Indeed, many times it is the government who informs a company that…
CareFirst breach demonstrates how assumptions hurt healthcare
Steve Ragan reports: Last week, CareFirst BlueCross BlueShield (CareFirst) reported a data breach that was initially discovered last year. When the incident was first noticed, the company assumed they had taken care of the problem – only to learn that wasn’t the case ten months later. The healthcare sector has taken center stage in the recent months…
PCI council gives up, dumbs down PCI DSS for small business
Darren Pauli reports: The Payment Card Industry Security Standards Council has created a taskforce charged with improving security among small businesses. The prodigious task will be tackled by encouraging small businesses to adopt security best practice and simplified Payment Card Industry Data Security Standards (PCI DSS). Barclaycard payment security manager and taskforce chair Phil Jones…
UK data watchdog: Massive fines won’t keep data safe
Jennifer Baker reports: The UK’s data protection watchdog has said issuing fines “left, right and centre” is not the way to ensure privacy. However, Information Commissioner Christopher Graham added that this doesn’t mean his office shouldn’t have those exact powers at its disposal. “The obligation laid on data protection authorities always to fine data controllers…