Eversheds Sutherland Cybersecurity and Privacy Insights Blog
content top

California’s GDPR has become law

The California legislature passed the California Consumer Privacy Act, a sweeping new law that imposes stringent new GDPR-style privacy standards across sectors. Beginning in January 2020, California consumers will be granted new rights regarding how businesses collect and use their personal data, including a “right-to-be-forgotten” in certain circumstances. The law applies to...

Navigating global regulations – GDPR is now in effect

The General Data Protection Regulation (GDPR) took effect last week after two years of anticipation and preparation. Even though the GDPR is now in effect, US-based companies are still working to make sense of whether the GDPR applies to them, and what their obligations are if it does: What questions should US companies be asking about GDPR compliance now that the regulation has come...

Hospitals’ Response to Data Breaches May Be Impacting Patient Health

A study presented last week at the 4A Security and Compliance Conference in Philadelphia, found an increase in a common measure of mortality rates at hospitals following data breaches. However, there did not appear to be any correlation between the type of breach or the number of records affected by the breach, leading the researchers to conclude that it was the response to the breach,...

Indictment in Massive Iranian Cyberbreach Shows Companies Still Vulnerable

If general counsel fear their companies are vulnerable to cyberattacks from far afield, they have good reason. An indictment unsealed Friday details how hackers hired by the Iranian government broke into computer systems of at least 36 U.S. companies, including technology firms, banks, media companies and a law firm. Learn...

NERC and power company reach settlement on violations of cybersecurity standards

A power company has reached an agreement with the North American Electric Reliability Corporation (NERC) to pay $2.7 million for violations of a cybersecurity reliability standard. This violation resulted from the online exposure of the company’s data due to a vendor’s mishandling of the data, allowing unrestricted third-party access to 30,000 asset records. The violation posed a...

« Older Entries