Last week, the Hollywood Presbyterian Medical Center was able to successfully negotiate the release of a collection of system resources and data files that had been encrypted and held hostage by ransomware attackers. Ransomware is a peculiar type of malware that is not designed or intended to steal personal or confidential information. Rather, ransomware is built to exploit the inherent value assigned to data security and control, by taking it away from the user. It does this by combing for critical system files and potentially valuable user data (word documents, excel spreadsheets, pdf files, outlook messages, and the like). As these target files are identified, a strong encryption algorithm is applied to prevent infected computer systems from properly functioning while inhibiting bewildered users from accessing their own files, unless and until the attackers are paid to provide the decryption key.
February 2016
German law authorizing privacy “class actions” goes into force
A new German law, which grants authority to the country’s consumer and business associations to enforce compliance with data protection laws, goes into force on February 24, 2016. A representative of the German Ministry of Justice pointed out that the new enforcement powers are specifically aimed at foreign companies having their headquarters or operating from outside Germany, including the U.S.
EU Article 29 Working Party prepares for General Data Protection Regulation and responsibilities as European Data Protection Board
On February 11, 2016, the Article 29 Working Party (WP29) issued a statement setting out its 2016 action plan for implementation of the General Data Protection Regulation (GDPR) and its work programme for 2016-2018. WP29 will…
EU-US Privacy Shield – UK ICO updates its interim position on transfers to the US
Today the UK data protection authority (the ICO) published a blog post and consolidated interim guidance on how to handle EU/US data transfers while the EU-US Privacy Shield is being scrutinised by the Article 29 Working Party.
Hamburg DPA leader addresses EU-US Privacy Shield
On February 5, 2016, Article 29 Working Party member and head of the Hamburg Data Protection Authority, Prof. Dr. Johannes Caspar, spoke about the EU-US Privacy Shield.
Caspar observed that, once approved, the EU-US Privacy Shield system will initially …
FDA issues guidance on medical device cybersecurity and interoperable medical devices
Security researchers have been discussing medical device security for some time now, with some even predicting that there will be medical device ransomware attacks this year. It is therefore timely that the US Food and Drug Administration (FDA) – which oversees medical devices – recently issued two pieces of draft guidance.
FTC Commissioner Julie Brill comments on EU-US Privacy Shield
FTC Commissioner Julie Brill sat down this morning with the Information Technology and Innovation Foundation to discuss the EU-US Privacy Shield, the new framework for transatlantic transfer of personal data announced earlier this week.
Commissioner Brill began by discussing the agreement generally, and provided valuable insight on the role of the Federal Trade Commission (FTC) and the implications of the EU-US Privacy Shield for commercial entities in the US. Read on for a discussion of key takeaways from the event.
EU-US Privacy Shield scrutinized in Article 29 Working Party initial response
On February 3, 2016, the Article 29 Working Party (WP29) released a statement on the consequences of the Schrems judgment, following an assessment of the legal framework and the practices of US intelligence services. The WP29 expressed continuing concerns about the US framework for processing personal data for intelligence purposes, in spite of recent reforms.
EU and US reach agreement on cross-border data transfer framework, but uncertainty remains
On February 2, 2016, the European Commission and the United States reached an agreement on a new framework to permit transatlantic transfers of personal data. The new framework — named “EU-US Privacy Shield” — is slated to replace the US-EU Safe Harbor framework that was invalidated by the Court of Justice for the European Union.