Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

Iranians Hackers Targeted Control of New York Dam

The seven Iranian hackers that were indicted for conducting distributed denial of service attacks on banks also were charged with illegally accessing the supervisory control and data acquisition, or “SCADA,” system at a dam in New York State. This is reportedly the first time a breach in a U.S. computer system that controls critical infrastructure has been linked by the FBI to a hacker...

FTC Orders Data Security Auditors to Provide PCI DSS Assessment Data

On March 7, 2016, the Federal Trade Commission (“FTC”) ordered nine data security auditing companies to provide detailed information within 45 days about how they conduct assessments of companies when measuring their compliance with the Payment Card Industry Data Security Standards (“PCI DSS”).  The FTC announced it is specifically seeking information about “the assessment process...

EU-U.S. Privacy Shield – Full Text Released

On February 29, 2016, the European Commission released the text of the EU-U.S. Privacy Shield. The text reveals the details of a new framework that will place stronger obligations on U.S. companies to protect the personal data of EU citizens. It will also involve heightened compliance requirements and authorizes enforcement measures by the U.S. Department of Commerce (Commerce) and the...

Data Sentinel: The Evolving Role of the Attorney as Protector of Company Data

Data. It is one of your organization’s greatest assets, and a necessary part of doing business. But in today’s financial services environment, it is also a source of one of your organization’s greatest risks. In their article for FinTech Law Report, Sutherland attorneys Michael Steinig and Mary Jane Wilson-Bilik describe the attorney’s evolving role in protecting company data, and...

Pros and Cons of the Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (the PCI DSS) establishes the self-described minimum data protection measures required of all entities involved in payment card transactions. The PCI DSS consists of 12 basic requirements, along with testing procedures and guidance designed to assist entities in meeting each requirement. The PCI DSS itself is not a law or regulation, and...