Blog Posts Tagged With Privacy

Subscribe to Privacy RSS Feed

FTC Reaches Proposed Settlement With Mobile Phone Manufacturer BLU, Highlighting the Importance of Effective Oversight of Third-Party Vendor Data Security and Privacy Practices

On April 30, 2018, BLU Products, Inc. (“BLU”) reached a settlement with the Federal Trade Commission (“FTC”) over allegations that BLU allowed ADUPS Technology Co. LTD (“ADUPS”) to collect detailed personal information about BLU’s consumers without their knowledge or consent, despite BLU’s assurances that it would keep the information secure and private, and that BLU generally failed to implement appropriate security procedures to oversee the security practice of its … Continue Reading

Blockchain for Data Protection: A Double-edged Sword or a Techno-regulatory Oxymoron?

In January 2018, at the Eleventh Annual International Conference on Computers, Privacy and Data Protection (the “Conference”) in Brussels, one panel that made some headlines centered around blockchain technology in the context of data protection. The core inquiry of the panel was two-fold: (1) whether blockchain technology can facilitate data protection regulatory objectives and (2) whether the same technology makes it more difficult to enforce data protection laws. Unsurprisingly, neither inquiry produces a … Continue Reading

Cybersecurity and Vulnerability Assessments: Evolving Law on Hacking and Extortion in the Age of Bug Bounties

Companies and law enforcement are increasingly turning to white hat hackers for help.  The FBI apparently paid consultants over $1,000,000 to unlock an iPhone used by one of the shooters in the San Bernardino attacks, and companies such as Microsoft, Uber, Facebook, and Google are paying hackers tens of thousands of dollars to find vulnerabilities in their systems.  Davis Polk’s recent cybersecurity webcast discusses why companies are using pools of white hat hackers for certain … Continue Reading

Announcing our Cybersecurity Blog; One Month Until the NYDFS Cybersecurity Rules Take Effect

With about a month to go until the first set of NYDFS’s cybersecurity rules go into effect (on August 28, 2017), we are proud to announce the formal launch of the Davis Polk Cyber Breach Center.  The blog will help you keep pace with industry best practices and be aware of your company’s cybersecurity obligations, including those relating to the NYDFS rules.  Aside from posts about developments in cybersecurity, the blog includes information about … Continue Reading

The PetyaWrap Attack, Anthem Data Breach Settlement, and NYDFS Cyber Regulations All Highlight that Companies Should Review Their Access Controls

Three recent cybersecurity events highlight the need for companies to review their access controls to limit who has administrator privileges and how long those elevated privileges last.

First, this week, computer malware that has variously been called PetyaWrap, WannaCry2, GoldenEye and NotPetya began spreading in dozens of countries, encrypting computers and informing users that they could unlock their machines by paying a $300 ransom.  Although the malware first appeared to function as ransomware, it now … Continue Reading

LexBlog