Timothy J. Muris Joins Sidley in Washington, D.C.

Washington, D.C. – Sidley Austin LLP is pleased to announce that Timothy J. Muris has joined the firm as senior counsel in its Antitrust/Competition practice. Mr. Muris, a former chairman of the Federal Trade Commission (FTC), has substantial experience in every aspect of antitrust enforcement as well as in key consumer protection issues, including advertising, consumer finance and privacy regulation.

Read More

SHARE
EmailPrintShare

Singapore’s Personal Data Protection Commission Publishes Advisory Guidelines on the Use of Anonymized Data

The Personal Data Protection Act, 2012 (PDPA), Singapore’s general data protection law, governs the collection, use and disclosure of personal data. The Singapore Personal Data Protection Commission (PDPC), which enforces the PDPA, recently updated the chapter on data anonymization found in its Advisory Guidelines (Guidelines). The Guidelines are not legally binding but provide guidance on how the PDPC will interpret the PDPA. The revisions encourage organizations to incorporate into the process of anonymizing data an inquiry into the risks that the data may be re-identified and any potential negative effect on the individuals involved rather than focusing purely on the various techniques to anonymize the data.

Read More

SHARE
EmailPrintShare

Federal Judge Finds No General Obligation for Companies To Protect Employee Data

In a ruling on March 31, Enslin v. The Coca-Cola Co. (E.D. Pa. Mar. 31, 2017), Hon. Joseph F. Leeson, Jr., of the United States District Court for the Eastern District of Pennsylvania, dismissed a proposed class action on behalf of 74,000 Coca-Cola employees. The proposed suit was brought by a former Coca-Cola technician who claimed that his identity was stolen after a laptop with his unsecured sensitive employee information fell into the public’s hands.

Read More

SHARE
EmailPrintShare

EU Lawmakers Say That Privacy Shield Deficiencies Must Be Fixed Urgently

On 6th April, 2017, the European Parliament adopted a resolution stating that there are deficiencies in the EU-US data transfer accord Privacy Shield which must be “urgently resolved” in order to give citizens and companies legal certainty. MEPs called on the EU Commission to conduct an assessment and to ensure that the Privacy Shield complies sufficiently with the EU Charter of Fundamental Rights and new EU data protection rules.

Read More

SHARE
EmailPrintShare

Proposed Strengthening of Singapore Cybersecurity Law

In keeping with Singapore’s recent emphasis on strengthening national cybersecurity protections, on March 9, 2017, the Ministry of Home Affairs (MHA) announced proposed amendments to the existing Computer Misuse and Cybersecurity Act (CMCA). The proposed amendment, Bill No. 15/2017, would broaden the scope of the CMCA by criminalizing certain conduct not covered by the existing law and enhancing penalties in certain situations.

Read More

SHARE
EmailPrintShare

New Mexico Enacts Breach Notification and Data Security/Secure Disposal Law, While Tennessee Clarifies Encryption Exception

New Mexico has become the 48th state to enact a data breach notification law, which also includes data security requirements. The Data Breach Notification Act, signed by Governor Martinez on April 6, 2017, requires notification within 45 days of discovery of a security breach, or “unauthorized acquisition” of computerized personal information, subject to the needs of law enforcement. A security breach is also limited to unencrypted data or encrypted data when the decryption key is compromised. Personal data protected by the law includes Social Security numbers, driver’s license numbers, government-issued identification numbers, account, credit card or debit card number paired with the security code or other pin, and biometric data.

Read More

SHARE
EmailPrintShare

The Widening Data Breach Standing Split: Fourth Circuit Finds No Standing From Increased Risk of Future Identity Theft

The U.S. Court of Appeals for the Fourth Circuit has added to the growing circuit split on standing in data breach cases in Beck v. McDonald, No. 15-1395 (Feb. 6, 2017). The circuit split now divides at least six federal courts of appeal regarding what data-breach victims must show to establish an “injury-in-fact” under Article III. The Fourth Circuit held that merely having your personal data stolen — and the alleged corresponding increased risk of future theft—is insufficient to satisfy Article III’s injury-in-fact requirement.

Read More

SHARE
EmailPrintShare
SHARE
EmailPrintShare
XSLT Plugin by BMI Calculator