Data Security Breach Response

A German Court has ordered pain and suffering damages as a result of a data breach, the first decision of its kind in Europe.

According to the judgment, Scalable Capital has to pay the plaintiff, represented by consumer organization EuGD Europäische Gesellschaft für Datenschutz mbH, € 2,500 in damages for non-material damage because he was

Norwegian regulator Datatilsynet has slapped Grindr, a location-based online dating application, with a $7.1 million fine for sharing data with advertisers without the consent of its users. Here are some of my initial takeaways.

General:

  • The opinion was released in (excellent) English, and this is very important and much appreciated.
  • The opinion is very well

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint security advisory aimed at reminding businesses to be on guard over the Labor Day and other holiday weekends against cyberattacks.

History has shown threat actors often ramp up ransomware and other attacks over holidays when businesses let down their guard.

Nate

On March 26, 2020, Washington D.C. enacted bill number B23-0215, amending its data breach notification law.

In addition to the data breach notification requirements (including medical and biometric data when compromised together with a person’s name) the bill also requires businesses to:

  • “Implement and maintain reasonable security safeguards, including procedures and practices that are appropriate

California has amended its data breach notification law to include biometric and other identifiers.

The bill (AB 1130), signed by Gov. Gavin Newsom on October 11, revises the definition of personal information for purposes of data breach notification requirements to add specified unique biometric data and tax identification numbers, passport numbers, military identification numbers, and

“Learning from recent breaches and the need for a greater understanding of privacy in the enterprise, it’s time for companies to take a new, proactive approach to data management. Making data privacy decisions in a silo is no longer enough. Organizations must now implement robust data privacy practices that also involve their board members on

Passports and biometric data would be included in the types of personal information covered by California’s data breach notification law, under a bill that passed the state Senate and is headed to Gov. Gavin Newsom.

A.B. 1130 by Assemblyman Marc Levine (D) would also add taxpayer and military identification numbers, and other unique government identification

The Lithuanian data protection inspectorate issued a 61,500 EUR fine against a payment services provider for violations of the data minimization, adequate security measures and data breach reporting requirements of GDPR.

Key takeaways:

  • Data minimization:
    • Collect only the information you need. If you only need name, identification code, bank account number, currency, balance, purpose of

Strong data encryption is a best practice, but according to new guidance from the UK’s data protection authority, it may not exempt you from General Data Protection Regulation (GDPR) notification requirements if you suffer a breach. That’s a significant departure from most U.S. federal and state data privacy rules.

Our Privacy & Data Security team