Recent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may foreshadow additional FTC action, building upon a developing trend of US regulators engaging in pre-breach enforcement action.… Continue Reading
A recently-reported court case in the United Arab Emirates has highlighted the importance of establishing and implementing good privacy practices, even in the absence of specific data protection legislation.
In late 2014, the UAE public prosecutor charged three officials from a federal authority – the general director, a branch manager and an IT manager – with violating privacy laws and breaching public security by placing CCTV cameras in a female customer service centre. The men argued that they had installed the cameras for security purposes and that the female employees were aware of the cameras. The men were initially held … Continue Reading
This is Part 3 of a five-part series on the “One Stop Shop” mechanism in the proposed new European data protection regulation. In Part 1 we examined why there is a need for a One Stop Shop, and what it is. In Part 2 we examined the concept of main establishment and the position of entities without an EU establishment. In this Part we consider the scope of authority (i.e., “competency”) of supervisory authorities (SAs), the cooperation obligations in relation to SAs and the functions of the European Data Protection Board (EDPB).
Competency of supervisory authorities
Please note that the … Continue Reading