Archives

Leave the Excepetion, Take the Lesson from British Airways

If you are a regular follower of XPAN’s blog for cybersecurity news and updates or have tuned in to hear us at one of our speaking engagements, you know that we have been closely monitoring the European Union’s (“EU”) thorough investigation and corresponding enforcement action against British Airways for violations under the General Data Protection […]

The US Response to Schrems II: The Next Phase of EU-US Data Transfers

On July 16, 2020, the Court of Justice of the European Union (“ECJ”) held that the EU-US Privacy Shield, a mechanism to transfer data from the EU to the US, was invalid. (You can see our summary of the ECJ’s Schrems II decision here). This decision rocked much of the international privacy world, causing organizations […]

The Evolving Threats of Cybersecurity

The last six months has seen the world drastically change, facing a once-in-a-life time pandemic. Our lives rapidly transitioned to almost a completely digital world and, for many, have stayed there ever since. With this dramatic and instantaneous shift to an online society, cybersecurity threats have increased in frequency and evolved in sophistication. And, while […]

Transferring data from Switzerland for eDiscovery purposes in a post-Schrems II world

Michael Simon Introduction: another one bites the dust On September 8, 2020, Adrian Lobsiger, the Swiss Federal Data Protection and Information Commissioner (FDPIC), announced in a position paper that he no longer considers the Swiss US Privacy Shield agreement to be adequate for the purposes of lawfully transferring personal data from Switzerland to the US. […]

Transferring data from the EU for eDiscovery purposes in a post Privacy Shield World

Michael Simon A few weeks ago, I had the privilege of participating in a Masters’ Conference webinar on the topic of how to lawfully transfer EU data to the US after the Court of Justice of the European Union (“CJEU”) invalidated the Privacy Shield agreement on July 16, 2020. Despite many uncertainties that remain from […]

Lessons from the Twitter Hack

Employees continue to be one of the biggest problems facing organizations when it comes to cybersecurity and data privacy. No matter how expensive or comprehensive a company’s technological infrastructure, the human component is still the biggest threat. Employees inadvertently click links, unknowingly download files, plug in potentially infected USB drives, and thoughtlessly put personal information […]

Cybersecurity Enforcement Is Coming & NY Has Set The Stage With Its First NY DFS Case

By Antonia Dumas, Associate at XPAN Law Group, LLC  With California’s Attorney General’s first steps towards enforcement of the CCPA, data privacy enforcement is a hot topic. However, we should not forget the other side of the coin, cybersecurity enforcement. Just as there has been a rise in data privacy regulatory activity and discussions, there […]

Massachusetts & the Written Information Security Policy (WISP) Requirements: Updating Your WISP to Reflect the New “Normal” of Work

By Michael Simon Are your employees coming back to the office?  Then it’s time to update your written information security policy (WISP).  Since 2010, Massachusetts Mass. Gen. L. 93H has required organizations that collect “Personal Information” to implement a comprehensive written information security policy (WISP).  Massachusetts amended chapter 93H effective April 11, 2019 to reaffirm […]

The CJEU disrupts International Data Transfers, Again

The Court of Justice of the European Union (“ECJ”) released its much anticipated decision on July 16, 2020 regarding the transfer of personal data from the European Union (“EU”) to the United States (“US”). The full decision can be found here; and the ECJ press release can be located here.  The two main holdings of […]

Global privacy in a crisis: The challenge of addressing regional privacy laws & COVID-19

This article was originally published on Thomson Reuters Westlaw on June 27, 2020, citation 2020 WL 3486582. Republished with permission. A full copy of the original post can be found here and a copy of the PDF is available here. By Jordan L. Fischer, Esq. In the last two decades, the evolution of technology, the […]