A recent U.S. federal district court decision in California has underscored the duty of care software developers owe to individuals whose data is exposed in cyberattacks, even if they are not direct software users. The case involved Accellion, whose legacy file transfer software (FTA) was breached twice between late 2020 and early 2021. The breach led to the disclosure of ...
The U.S. Securities and Exchange Commission (SEC) charged four companies with making materially misleading disclosures regarding cybersecurity risks and intrusions. The companies have settled the SEC’s charges, paying a total of $7 million in civil penalties.
The companies, Unisys Corp., Avaya Holdings Corp., Check Point Software Technologies Ltd, and Mimecast Limited, were victims of breaches resulting from the SolarWinds Cyber-attack ...
Two new instructive documents published by the European Data Protection Board (EDPB) clarify the responsibilities of controllers in verifying processers’ ability to provide adequate data protection, and when “legitimate interests” can be relied on as the legal basis for processing.
According to the EDPB's opinion on the controller's oversight responsibilities, controllers must actively verify sufficient compliance by processors and sub-processors, ...
The Israeli Privacy Protection Authority (the “PPA”) published the final version of its position paper regarding international transfers of personal information. Like the draft paper in 2022, the final version recognizes the significant practical difficulties that regulations on international data transfers raise, given Regulation 3 of the Privacy Protection Regulations (Transfer of Information to Databases Outside the State’s Boards), 5761-2001 ...
The U.S. Federal Trade Commission (FTC) announced the adoption of a “click-to-cancel” rule that will require subscription sellers and service providers to make it “as easy for consumers to cancel their enrollment as it was to sign up”. The rule is set to take effect in April 2025.
The rule targets what are called “Negative option programs”, where a seller ...
Two new instructive documents published by the European Data Protection Board (EDPB) clarify the responsibilities of controllers in verifying processers’ ability to provide adequate data protection, and when “legitimate interests” can be relied on as the legal basis for processing.
According to the EDPB's opinion on the controller's oversight responsibilities, controllers must actively verify sufficient compliance by processors and sub-processors, ...
In an appeal by the Texan internet service provider (ISP) Grande Communication Networks LLC (“Grande”), a U.S. federal court of appeals upheld the lower court's decision finding the ISP liable for copyright infringements and pirating practices committed by its subscribers. However, the court of appeals dismissed the nearly $47 million dollar jury verdict of the lower court.
In the lower ...
A federal court in New York found that the online e-commerce giant eBay bears no liability for products sold on its platform by merchants when these products are banned by federal laws. The decision was handed down in the Justice Department’s lawsuit against eBay, which alleged that eBay has been allowing businesses to use its platform to sell banned engine ...
New user? Click here to register