Jan. 20, 2021
Jan. 20, 2021
Disputed Twitter Fine Offers Breach Response Lessons
Ireland’s Data Protection Commission recently issued its first GDPR fine against a big tech company, finding that Twitter had reported a breach late and inadequately documented its actions, including why it missed GDPR’s 72-hour deadline. Several other countries’ data protectors objected to Ireland’s fine amount and conclusions, eliciting a first-ever ruling from the European Data Protection Board to settle enforcement arguments between countries. In this article, we discuss with data protection leaders from Cordery Compliance, Ropes & Gray and Steptoe & Johnson key aspects of the ruling, what clarity it provides about the 72-hour deadline and other takeaways for companies. See “GDPR Enforcement Lessons and New ICO Guidance on COVID-19” (Apr. 22, 2020). Read full article …
Privacy Resolutions for 2021
The start of the year presents an opportunity for organizations to assess the efficacy of their existing privacy and data security programs and the projects they should tackle in the coming months. The Cybersecurity Law Report spoke with multiple experts about where companies should direct their attention and resources and compiled the top themes for a two-part series. This second installment covers this year’s privacy priorities. Part one offered a dozen cybersecurity initiatives for 2021, including three action items tied to the fallout from the SolarWinds breach. See also “Ten Cyber and Privacy Resolutions for the New Year” (Jan. 9, 2019). Read full article …
eDiscovery in Multi-Jurisdictional Investigations: Preparing to Play Multi-Level Chess
In recent years, there have been two converging trends in multi-jurisdictional corporate investigations: a greater willingness of enforcement authorities from multiple jurisdictions to coordinate enforcement and a significant increase in their willingness to use eDiscovery to assist in investigations. Combined, these two trends have made multinational internal corporate investigations similar to playing a multi-level game of chess – one wrong move can have serious consequences in multiple jurisdictions. In a guest article, Ben Barnett, Karen Coppens, Richard Hodge and Garbis Latifyan of Dechert lay out the key steps in the process and then identify six pitfalls to avoid when undertaking an integrated review plan for data in multiple jurisdictions. See “Advice on Incorporating Cybersecurity in eDiscovery” (May 31, 2017). Read full article …
Most-Read Articles
-
Jan. 13, 2021
Cybersecurity Resolutions for 2021 -
Jan. 6, 2021
Six Practical Tips for Building an Effective Privacy Risk Assessment Program -
Jan. 20, 2021
Privacy Resolutions for 2021 -
Jan. 6, 2021
Maintaining Privacy While Staying Competitive in an Evolving Regulatory Landscape -
Jan. 20, 2021
Disputed Twitter Fine Offers Breach Response Lessons
H&M’s Data Protection Fine
In this short video, we discuss Germany’s highest GDPR fine so far in a case against H&M relating to their mishandling of sensitive employee data. The full article on the case is here.
Summer 2020 Editorial Update
Register here to view the complimentary recording or here for an audio version.
CCPA and Third Parties
Editor-in-Chief Rebecca Hughes Parker discusses the California Attorney General’s final CCPA regulations and their effect on contracts with vendors in this video.