The U.S. National Labor Relations Board (NLRB) recently filed complaints against the United States Postal Service (USPS), alleging that the USPS violated the National Labor Relations Act (NLRA) by failing to collectively bargain with its employees’ union regarding the postal service’s response to a 2014 data breach that reportedly affected over 800,000 current and former postal employees. Specifically, in one of its complaints, the NLRB alleged that the postal service’s unilateral decision to provide credit monitoring and fraud insurance to affected employees without engaging in collective bargaining with the union on these issues violated Sections 8(a)(1) and (5) of the NLRA. These provisions of the NLRA mandate collective bargaining for any issue that relates to the “wages, hours, and other terms and conditions of employment.”
April 2015
NAIC adopts cybersecurity guidance for insurance regulators and the insurance industry
The National Association of Insurance Commissioners (“NAIC”), a standards-setting organization comprised of insurance regulators from across all U.S. jurisdictions, has recently adopted twelve Principles for Effective Cybersecurity Insurance Regulatory Guidance (the “Principles”). The Principles arrive in in the wake of the prominent Anthem data breach, highlighting the importance of protecting sensitive personal data in the insurance sector. Addressing this challenge, the NAIC established the Principles to provide state insurance regulators and industry participants guidance regarding the protection of sensitive personal, financial, and healthcare data. The Principles broadly lay out the practices, guidelines, and measures that both regulators and the industry should take to protect personal information.
Dell highlights POS attacks and SCADA incidents in 2015 security report
In its 2015 Annual Security Threat Report, released last week, Dell looks at trends from the 2014 security landscape and suggests methods to mitigate new and growing risks, focusing on eight key findings.
Dispute resolution mechanisms for SAs and individuals are key part of proposed EU regulation
This is Part 5 — the final part — of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In Part 2 we examined the concept of main establishment and the position of entities without an EU establishment. In Part 3 we considered the competency of supervisory authorities (SAs), the cooperation obligations in relation to SAs and the functions of the European Data Protection Board (EDPB). In Part 4 we discussed the consistency mechanism applicable to supervisory authorities. In this Part we look at the application of sanctions by the lead SA across the EU, disagreements between SAs, complaints and litigation for affected data subjects, the application of foreign laws by the lead SA, and matters of language and culture.
Application of sanctions by lead SA across the EU
A Council debate note of 26 May 2014 flagged that at least one EU Member State had raised constitutional problems regarding the legal effect of applying measures decided by the lead SA in other EU Member States.
The Italian Presidency of the Council has addressed these concerns by clarifying that the lead SA would be competent in applying its supervisory powers, deciding on the case and directing the decision, on its own territory, to the main establishment of the controller or processor. It would then be for the data controller or data processor to implement the decision as regards all its establishments in the EU.
Washington poised to collaborate on cybersecurity legislation
It appears that Congress and the Administration are finally prepared to collaborate on addressing cybersecurity threats facing the nation. The Administration is moving forward on its cyber threat initiative, and a recent New York Times article suggested that Congress is…
Washington State amends its breach notification law
A more robust data breach notification law looks to make its way onto the books in the state of Washington as newly passed legislation was sent to Governor Jay Inslee’s desk earlier this week for final approval. House Bill 1078…
EU regulation proposal seeks to encourage consistency in data protection enforcement
This is Part 4 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it …
EU focuses on authority of SAs to enforce “One Stop Shop,” proposes a replacement for WP29
This is Part 3 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it…
EU’s “One Stop Shop” Proposal Focuses on “Main Establishment” as Nexus of DPA Enforcement Authority
This is Part 2 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it …
EU Proposes “One Stop Shop” for Data Protection Supervision and Enforcement
This is Part 1 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation.
The Council of the European Union (the Council) has recently published a partial general agreement on its…