Privacy & Cybersecurity Newsletter

    Locke Lord Publications

    Locke Lord’s Privacy & Cybersecurity Newsletter provides topical snapshots of recent developments in the fast-changing world of privacy, data protection, and cyber risk management. For further information on any of the subjects covered in the newsletter, please contact one of the members of our privacy and cybersecurity team.

    To read the Locke Lord Privacy & Cybersecurity Newsletter, click here.

    In This Issue

    California Amends Breach Notification Law: Unique New Refinements and Requirements
    The California legislature has again amended the state’s breach notification statutes to impose new and unique requirements and refinements, adding further complexity to the patchwork of breach notification requirements. read more

    NAIC Cybersecurity Bill of Rights: The Awkward New Guest at the Data Breach Law Party
    On October 14, 2015, the NAIC’s Cybersecurity (EX) Task Force adopted a Cybersecurity Bill of Rights, an aspirational, well-intended document outlining the rights insurance consumers should (or could? or might? this point remains uncertain) expect with regard to their personal information in the hands of insurance companies, insurance agents, and any of their vendors. read more

    U.S.-EU Safe Harbor Scheme Declared Invalid
    The Court of Justice of the European Union (the “CJEU”), Europe’s highest court, declared last month that the U.S.-EU Safe Harbor Scheme is invalid. The CJEU also declared that national supervisory authorities are free to challenge findings of the European Commission (the “Commission”) that a third country ensures an adequate level of protection for personal data transferred to that country. read more

    OCR Expected to Strengthen HIPAA Enforcement in 2016
    Two recent reports issued by the Office of Inspector General (“OIG”) for the U.S. Department of Health and Human Services (“HHS”) recommended that HHS’s Office for Civil Rights (“OCR”) should fully implement a permanent audit program and strengthen its follow-up procedures relating to breaches of Protected Health Information (“PHI”). read more

    Which Way is the “Wyndham” Blowing? Cyber Regulation after FTC vs. Wyndham
    Does the Third Circuit’s recent decision in FTC v. Wyndham Worldwide Corp. usher in a new era of enforcement by the FTC and other federal agencies regarding cybersecurity practices? Regardless of the answer, it is important to note what this new decision does not do. read more

    Development of Cybersecurity Information Sharing Standards
    As the Obama administration continues to direct attention to cybersecurity, The University of Texas at San Antonio (“UTSA”) recently won an $11 million dollar grant to develop standards for so-called “Information Sharing and Analysis Organizations” (“ISAOs”). read more

    Opt-in System Introduced in Turkey for Commercial Electronic Communications in E-commerce Law
    Turkey’s solid and rapidly expanding e-commerce market volume reached 18.9 billion Turkish Liras as of the end of 2014. The Turkish e-commerce sector accounts for 1.6% of the country’s overall retail sector. read more

    Weltimmo v Hungarian DPA: Landmark Verdict on the Meaning of “Established”
    In the case of Weltimmo s.r.o. v Nemzeti Adatvédelmi és Információszabadság Hatóság, the Court of Justice of the European Union (“CJEU”) handed down a landmark judgment in October 2015 on data protection legislation, tackling the issue of jurisdiction when a company is headquartered in one EU country and operates its business in another. read more

    SEC Releases Guidance on Examination of Broker-Dealer and Investment Advisor Information Security Practices; NYSE Releases Cybersecurity Guide
    The Security and Exchange Commission’s Office of Compliance Inspections and Examinations (the “OCIE”) recently announced its 2015 Cybersecurity Examination Initiative, which describes the focus of the OCIE’s examination of cybersecurity practices within the securities industry and “encourage[s] registered broker-dealers and investment advisers to reflect upon their own practices, policies, and procedures with respect to cybersecurity.” read more

    Recent Cases Highlight Importance of Compliance with Hong Kong Privacy Law
    The use of personal data in direct marketing without the customer’s consent and without fulfilling legal prerequisites has resulted fines issued by the Hong Kong Office of the Privacy Commissioner of Personal Data (“PCPD”). read more

    Breaches, Damned Breaches and Their Statistics
    Interesting conclusions about data breach costs emerge from two new studies, the 2015 Ponemon Institute’s Cost of Cyber Crime Study: Global and the 2015 NetDiligence® Cyber Claims Study. read more

    UK Information Commissioner’s Office Assesses Nuisance Calls Fines
    The Information Commissioner’s Officer (“ICO”) has issued a fine of £200,000, its largest ever penalty for nuisance calls, to Home Energy & Lifestyle Management Ltd. (“HELM”), a green energy company. read more

    California Enacts Electronic Communication Privacy Statute, Connected Television Privacy Statute
    The California legislature recently enacted the California Electronic Communications Privacy Act (“CalECPA”) (Senate Bill 178), which provides greater protections against governmental searches for persons’ electronic communications. read more

    Explore Additional Topics


    Please understand that your communications with Locke Lord LLP through this website do not constitute or create an attorney-client relationship with Locke Lord LLP. Any information you send to Locke Lord LLP through this website is on a non-confidential and non-privileged basis. Therefore, do not send or include any information in your email that you consider to be confidential or privileged.