Happy October and Cyber Awareness Month! While October ends with ghosts and goblins and other scary monsters for Halloween, the entire month of October is dedicated to raising awareness of cyber security and preventing (and if necessary responding to) cyber
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) (Dutch DPA) recently published a report on personal data breaches, which provides valuable insights into the Dutch DPA’s views on incident response. It also contains some helpful statistics.
Increase
By Shan Nanayakkara
In TR v Land Hessen (C‑768/21) the European Court of Justice (“ECJ”) found that following a personal data breach, a supervisory authority is under no obligation to exercise its corrective powers, specifically the power to
Norton Rose Fulbright Canada’s cyber litigation team recently obtained an order in favour of an insurer, granting it relief from forfeiture in respect of more than 11 bitcoins from the assets seized from a prolific ransomware gang.[1] This case
On December 9, 2021 a critical vulnerability (CVE-2021-44228) was reported within the Apache Log4j Java logging framework. The vulnerability allows threat actors to remotely execute code on both on-premises and cloud-based application servers, thereby obtaining control of the impacted servers.
The Personal Data (Privacy) (Amendment) Bill 2021 (the Bill) aimed at combatting doxxing in Hong Kong was passed on 29 September 2021.
As discussed in our earlier post, the Bill amends the Personal Data (Privacy) Ordinance (PDPO
On September 28, 2021, the US Senate Homeland Security and Governmental Affairs Committee released a draft bill that would, among other things, require nearly all entities that make a ransom payment as the result of a ransomware attack against the
The U.S. Department of Treasury, Office of Foreign Assets Control (“OFAC”) implemented additional measures today to combat the growing ransomware problem. OFAC’s measures consist of: (1) the designation of the entire SUEX OTC, S.R.O. (“SUEX”) crypto-currency exchange (SUEX) to the
On July 22, 2021, a federal court in Pennsylvania held that an investigative report created by Kroll (the “Kroll Report”), the defendant’s third party cybersecurity consultant, and related communications were not protected by privilege. The court found that the Kroll
On March 10, 2020, the New York Department of Financial Services (NYDFS) issued guidance to all of its regulated institutions engaged in virtual currency business activity, requiring them to have plans for preparedness to manage the possible operational and financial risks posed by the COVID-19 pandemic. NYDFS requires the plans to be submitted by Thursday, April 9, 2020.