Standard Post with Image

Israel adopts Regulations on Data Security and Breach Notification

The Israeli Parliament, the Knesset, has adopted Regulations reforming the existing information security regulations and introduces, for the first time in Israel, an overarching data breach notification requirement.  All Israeli entities will be subject to the Regulations, that impose obligatory data security and breach notification requirements on any individual and entity in Israel that owns, manages, and/or maintains a database containing personal data.  The Regulation will enter into force on 30 March and foresees a period of 12 months for data handlers to implement it.

Standard Post with Image

33.7 mln US accounts, many of which from government departments, leaked from a commercial corporate database

Dun & Bradstreet is one of the many business services firms that sells databases to marketers that send targeted email campaigns.  The leaked data were acquired by Dun & Bradstreet from NetProspex in 2015, in a deal worth $ 125 mln.  The data concerned government departments and large corporate among which: the Department of Defense, with 101,013 employee records, followed closely by the US Postal Service, The US Army, Air Force, and Department of Veterans Affairs, AT&T, Boeing, Dell, FedEx, IBM, Xerox, Wal-Mart, CVS, The Ohio State University, Citigroup, Wells Fargo Bank National Association, and the Kaiser Foundation Hospitals.  The data breach can be dangerous for targeted phishing.  Dun & Bradstreet has minimized the event issuing just a media release stating: “We’ve carefully evaluated the information that was shared with us and it is of a type and in a format that we deliver to customers every day. Based on our analysis, it was not accessed or exposed through a Dun & Bradstreet system […]”.

Standard Post with Image

The US issues the first even cybercrime charges against two Russian Federal Security Service agents and two criminal hackers

On Wednesday 15, March 2017 the US Department of Justice has announced that 4 individuals, among which two Russian Federal Security Service agents, have been indicted with cybercrime charges in relation to the massive hack of Yahoo information.  In a very tense moment for the US-Russia relations, the statement of the US Department of Justice reports that the stolen information was used to “obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers, including accounts of Russian journalists, US and Russian government officials and private-sector employees of financial, transportation and other companies […]”.

The full statement of the US Department of Justice is accessible here
Standard Post with Image

The French Commission Nationale de l’Informatique et des Libertés publishes a 6 points guideline to prepare for the EU GDPR

The French Commission Nationale de l’Informatique et des Libertés has publishes a 6 points guideline to help organizations and businesses be ready for the EU GDPR and avoid complaints for compliance violations.  The 6 points are: appoint a DPO; make a data mapping; establish a prioritization of compliance actions; create a risk management system; organize internal processes; keep documentation and compliance measures.

The guideline can be found at the CNIL website
Standard Post with Image

Mandatory data breach notification regime to commence in 2018

The Federal Parliament recently passed the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), which makes amendments to the Privacy Act 1988 (Cth) (Privacy Act), and makes it mandatory to report privacy breaches.

Macpherson Kelly has assisted many organisations with their compliance with the Australian privacy regime. If you would like further information, please contact Kelly Dickson on (03) 9794 2541.

Read more