Ranier Allan Ronda reports: The National Privacy Commission (NPC) has set a ceiling of P5 million on fines imposed on data privacy violators, following a revision of its penalty system based on public consultations. The NPC presented its revised schedule of administrative fines set under the updated Circular on Administrative Fines and the scope of…
Category: Legislation
Indiana Amends Breach Notification Law to Require Notification Within 45 Days
Linn Foster Freedman of Robinson + Cole writes: Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is “reasonable” if it is: “(1) necessary to restore the integrity of the…
Africa Data Security and Privacy Guide
Janet MacKenzie, Anne-Marie Allgrove, Kellie Blyth, Elisabeth Dehareng, Ghada El Ehwany, Brian Hengesbaugh, Theo Ling, Paolo Sbuttoni, and Carlos Vela-Trevino of Baker McKenzie write: The pandemic drove home the high value of personal data to the global economy, while also highlighting its vulnerability to abuse and attack. In response, governments around the world, including those…
HIPAA’s Role in Setting Good Security
Matt Fisher writes: The Office for Civil Rights is promoting HIPAA as being able to prevent or substantially mitigate the impacts of a cyber attack. It is a bold statement from OCR and one that bears unpacking. Why is OCR asserting that HIPAA can prevent or substantially mitigate a cyber attack? The primary answer is…
President Biden Signs Critical Infrastructure Ransomware Payment and Cyber Incident Reporting into Law
Ashden Fein, Robert Huffman, Moriah Daugherty, and Hensey A. Fenton III of Covington and Burling write: On March 15, 2022, President Biden signed the Consolidated Appropriations Act 2022, a $1.5 trillion omnibus spending package to fund the government through September 2022. The omnibus spending package includes the Cyber Incident Reporting for Critical Infrastructure Act of…
Hidden privacy lessons in the FTC’s CafePress security enforcement
Cobun Zweifel-Keegan writes: In its most recent cybersecurity enforcement decision, the U.S. Federal Trade Commission announced a draft settlement agreement with the current and former operators of the customized merchandise website CafePress.com. Although the unanimous consent order focuses primarily on the company’s lax security practices, which allegedly led to multiple data breaches, there are also a few…