Uber Breach Highlights Data Security Risks that Exist for All Companies and the Steps Needed To Address Them

In November, Uber disclosed a security breach that occurred in October 2016, when hackers stole from a third-party server data about 57 million Uber drivers and riders. The company also revealed that they took affirmative steps to keep the data breach secret. The New York Attorney General’s office is opening an investigation of the incident, and members of Congress have sent letters to Uber demanding additional details about the breach. This case highlights the importance of having in place appropriate data security, and a plan to respond to security breaches –  to any company. Data security is critical to a company’s brand, reputation and market trust. A company’s…

READ MORE

Australia Joins Asia Pacific Data Privacy Compliance System

Australia’s plan to participate in the APEC Cross Border Privacy Rules System signals growing importance of accountability-based data practices Companies planning to expand their market into the Asia Pacific region should pay close attention to Australia’s recent announcement that it intends to participate in the APEC Cross-Border Privacy Rules (CBPR) system. It signals that accountability and effective data governance now form the basis for lawful data use and transfer across the globe and should serve as the backbone of all companies’ information governance practices. The APEC CBPR system was developed by participating Asia Pacific Economic Cooperation countries (referred to in this context as “economies”) and designed to build consumer, business and regulator trust…

READ MORE

The Five Essential Elements of Accountability Under the GDPR Every Business Should Know

The General Data Protection Regulation (GDPR), which comes into effect in May 2018 (only six months from now) has been the subject of countless conference discussions, press stories, and company meetings about the challenges of compliance. The GDPR is a lengthy and complex read, and its requirements – ranging from detailed consent requirements to the need to conduct data protection impact assessments – can seem daunting. What is often lost in the concern about specifics is that the most important change the GDPR represents is the shift in thinking it requires. The GDPR provides that companies change their mindset from one of “check-box” compliance to accountability. It requires…

READ MORE

Technology for GDPR Compliance Will Cost Top U.S. Firms $1 Million

A new survey conducted by Paul Hastings LLP provides a serious reminder that the cost associated with EU General Data Protection Regulation (GDPR) compliance is staggering, and that to be ready to comply when the regulation goes into effect on May 25, 2018, U.S. companies must act now. U.S. firms in the Fortune 500 will spend an average of $1 million on GDPR compliance technology alone. Currently, only 9 percent of U.S. companies surveyed have purchased new technology and just 34 percent have allocated the appropriate budget to hire the additional staff necessary to meet regulatory demands. The consequences of GDPR violation are immense, with fines of up to $22.4…

READ MORE