The EU’s General Data Protective Regulation (“GDPR”) goes into effect on May 25, 2018. It is a mammoth regulation and perhaps the most significant European data protection legislation in more than 20 years. In fact, the European Commission just released a new website to help stakeholders, including businesses, with implementation. With its global reach, applying to any organization that processes the personal data of individuals within the EU regardless of where the data lands, GDPR compliance is top-of-mind for executives of multinationals. Despite U.S.-based multinationals spending millions of dollars and thousands of hours preparing for GDPR since it was announced two years ago, a recent survey by MediaPro reveals that more than half of U.S. employees have never heard of the regulation.
Developing an information security program is good business, and for auto dealers that are considered “financial institutions” under the Gramm-Leach-Bliley Act (GLB) it is the law. As part of the GLB, the Federal Trade Commission (FTC) issued the Safeguards Rule, which requires “financial institutions” to develop a written security plan to protect customer information. Dealers are considered “financial institutions” if they extend credit, facilitate financing through another bank or manufacturer, or provide financial advice or counseling to individuals. Although the Safeguards Rule has been in place since 2003, consumers’ heightened awareness regarding data security makes the Rule even more relevant today.
With the EU General Data Protection Regulation (GDPR) looming near for organizations that process the data of European citizens, compliance is top-of-mind for multinationals doing business in Europe. The enforcement date for GDPR compliance is May 25, 2018. And according to a PwC survey of C-suite executives of certain large U.S. multinationals, more than half of the companies surveyed said GDPR is their top data-protection priority and 77% plan to spend $1 million or more on GDPR compliance.
This is the first post in a three-part series.
May 25, 2018. If you are a company that comes into contact with European data, whether you are operating in Europe or elsewhere, and you have not taken note of this date yet, you should. That is when Europe’s new data protection framework – the General Data Protection Regulation (GDPR) – will enter into force, replacing Data Protection Directive 95/46/EC (the “Directive”).
A few weeks ago Los Angeles-based hospital Hollywood Presbyterian Medical Center fell victim to cyber criminals who infiltrated and disabled the hospital’s computer network through the use of ransomware. The malware reportedly locked access to certain computer systems and prevented hospital staff from sharing communications electronically.
The hospital opted to pay the ransom in the form of 40 Bitcoins, equivalent to approximately $17,000 ...
Investment firm R.T. Jones Capital Equities Management (R.T. Jones) has agreed to settle with the Securities and Exchange Commission (SEC) and pay a $75,000 penalty over charges that it failed to adopt written policies and procedures to protect customer information before a breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals.
According to the SEC’s order, R.T. Jones stored PII of clients ...