Art 29 Working Party guidance summary
The EU's Art 29 Data Protection Working Party recently published draft guidelines on administrative fines and personal data breach notification under the General Data Protection Act (GDPR). The aim of the guidelines is to ensure consistent levels of protection on personal data throughout the EU and help controllers and processors prepare for the GDPR by explaining the new mandatory breach notification obligations in more detail and by providing examples of different types of breaches and who should be notified in different scenarios.
Employer held vicariously liable for employee's deliberate data breach
The decision was described by the judge as having "the possibility of eye-watering liability" for employers. Even where employers adopt processes and systems to comply with the security requirements of data protection legislation, they may still be exposed because of their employee’s unlawful actions.
New Cyber Protocol Rules in New York
The New York Department of Financial Services ("NYDFS"), which is responsible for the regulation of banks, insurers and other financial institutions that do business in New York, is a leader in the United States in putting more responsibility for cybersecurity on the entities it regulates and their respective directors and officers.
Cyber Threat Advisory Summary
NCC Group malware researchers recently published a blog post outlining the technical details of a recently identified Trojan, known as Volgmer, created by the Hidden Cobra / Lazarus group which is assessed to be closely linked to the North Korean state.
According to Bloomberg, Uber suffered a major data breach in October 2016 when hackers discovered developers had published usernames and passwords into a publically available computer code repository - Github. The credentials gave the attackers instant access to Uber data stores containing troves of sensitive customer and driver information.