Eileen Wu reports: Singapore has taken another step towards a new bill that seeks to impose higher penalties on financial institutions that suffer a security breach as a result of oversight. It also looks to tighten regulations of digital token services providers to guard against money laundering and terrorist financing risks. If passed, the Financial…
Category: Federal
Ph: Fines for data privacy breach capped at P5 million
Ranier Allan Ronda reports: The National Privacy Commission (NPC) has set a ceiling of P5 million on fines imposed on data privacy violators, following a revision of its penalty system based on public consultations. The NPC presented its revised schedule of administrative fines set under the updated Circular on Administrative Fines and the scope of…
Africa Data Security and Privacy Guide
Janet MacKenzie, Anne-Marie Allgrove, Kellie Blyth, Elisabeth Dehareng, Ghada El Ehwany, Brian Hengesbaugh, Theo Ling, Paolo Sbuttoni, and Carlos Vela-Trevino of Baker McKenzie write: The pandemic drove home the high value of personal data to the global economy, while also highlighting its vulnerability to abuse and attack. In response, governments around the world, including those…
HIPAA’s Role in Setting Good Security
Matt Fisher writes: The Office for Civil Rights is promoting HIPAA as being able to prevent or substantially mitigate the impacts of a cyber attack. It is a bold statement from OCR and one that bears unpacking. Why is OCR asserting that HIPAA can prevent or substantially mitigate a cyber attack? The primary answer is…
President Biden Signs Critical Infrastructure Ransomware Payment and Cyber Incident Reporting into Law
Ashden Fein, Robert Huffman, Moriah Daugherty, and Hensey A. Fenton III of Covington and Burling write: On March 15, 2022, President Biden signed the Consolidated Appropriations Act 2022, a $1.5 trillion omnibus spending package to fund the government through September 2022. The omnibus spending package includes the Cyber Incident Reporting for Critical Infrastructure Act of…
Hidden privacy lessons in the FTC’s CafePress security enforcement
Cobun Zweifel-Keegan writes: In its most recent cybersecurity enforcement decision, the U.S. Federal Trade Commission announced a draft settlement agreement with the current and former operators of the customized merchandise website CafePress.com. Although the unanimous consent order focuses primarily on the company’s lax security practices, which allegedly led to multiple data breaches, there are also a few…