• |

    Jan. 20, 2021

Disputed Twitter Fine Offers Breach Response Lessons

Ireland’s Data Protection Commission recently issued its first GDPR fine against a big tech company, finding that Twitter had reported a breach late and inadequately documented its actions, including why it missed GDPR’s 72-hour deadline. Several other countries’ data protectors objected to Ireland’s fine amount and conclusions, eliciting a first-ever ruling from the European Data Protection Board to settle enforcement arguments between countries. In this article, we discuss with data protection leaders from Cordery Compliance, Ropes & Gray and Steptoe & Johnson key aspects of the ruling, what clarity it provides about the 72-hour deadline and other takeaways for companies. See “GDPR Enforcement Lessons and New ICO Guidance on COVID-19” (Apr. 22, 2020).

Privacy Resolutions for 2021

The start of the year presents an opportunity for organizations to assess the efficacy of their existing privacy and data security programs and the projects they should tackle in the coming months. The Cybersecurity Law Report spoke with multiple experts about where companies should direct their attention and resources and compiled the top themes for a two-part series. This second installment covers this year’s privacy priorities. Part one offered a dozen cybersecurity initiatives for 2021, including three action items tied to the fallout from the SolarWinds breach. See also “Ten Cyber and Privacy Resolutions for the New Year” (Jan. 9, 2019).

eDiscovery in Multi-Jurisdictional Investigations: Preparing to Play Multi-Level Chess

In recent years, there have been two converging trends in multi-jurisdictional corporate investigations: a greater willingness of enforcement authorities from multiple jurisdictions to coordinate enforcement and a significant increase in their willingness to use eDiscovery to assist in investigations. Combined, these two trends have made multinational internal corporate investigations similar to playing a multi-level game of chess – one wrong move can have serious consequences in multiple jurisdictions. In a guest article, Ben Barnett, Karen Coppens, Richard Hodge and Garbis Latifyan of Dechert lay out the key steps in the process and then identify six pitfalls to avoid when undertaking an integrated review plan for data in multiple jurisdictions. See “Advice on Incorporating Cybersecurity in eDiscovery” (May 31, 2017). 

Most-Read Articles

H&M’s Data Protection Fine

In this short video, we discuss Germany’s highest GDPR fine so far in a case against H&M relating to their mishandling of sensitive employee data. The full article on the case is here.

CSLR Q3 Editorial Update

Register here to view the complimentary recording.

Apple App Privacy Policy Makes Waves

Summer 2020 Editorial Update

 

 

 

 

 

 

Register here to view the complimentary recording or here for an audio version.

CCPA and Third Parties

Editor-in-Chief Rebecca Hughes Parker discusses the California Attorney General’s final CCPA regulations and their effect on contracts with vendors in this video.