14 November 2011 saw First Data Corporation become the 11th entity to have binding corporate rules (BCRs) approved by the UK’s Information Commissioner’s Office (ICO). First Data Corporation is a global electronic commerce and payment processing company. As a payment processor, secure handling of data is at the heart of…
The holiday shopping season in the U.S. started in earnest on Black Friday (or even Thursday for some stores) and online shopping celebrates today with “Cyber Monday.” Contrary to popular belief that Black Friday is the day that retailers go from being in the “red” to being in the “black”…
Do you transfer personal data from Europe to the US? Do you use cookies on a website aimed at European customers? Do you send marketing emails to Europe? Do you otherwise “process” data in Europe? Do you really have consent to process personal data? If any of these questions strike…
In Part One of this article, we looked at the Securities and Exchange Commission (SEC) Division of Corporation Finance’s recent release – CF Disclosure Guidance: Topic No. 2 – Cybersecurity (the “Guidance”), which is intended to provide guidance to companies on whether and how to disclose the impact of the…
On October 13 the Securities and Exchange Commission (SEC) Division of Corporation Finance released CF Disclosure Guidance: Topic No. 2 – Cybersecurity (the “Guidance”), which is intended to provide guidance to companies on whether and how to disclose the impact of the risk and cost of cybersecurity incidents (both malicious…
On 7 September 2011, the UK privacy watchdog, the Information Commissioner’s Office (“ICO”), published a comprehensive guide (the “Guide”) to new European laws relating to, amongst other things, the measures a public electronic communications provider (“Service Provider”) should take to protect the security of its services, including the notification to…
On June 22, Pillsbury hosted the first annual Federal Cloud Security Summit, organized by the Washington, DC, chapter of the Cloud Security Alliance (CSA-DC). The keynote address was presented by Sonny Bhagowalia, former Deputy Associate Administrator with the GSA’s Office of Citizen Services and Innovative Technologies and current CIO of…
On April 13, 2011, the Indian Central Government issued final regulations implementing parts of the Information Technology (Amendment) Act, 2008, dealing with protection of personal information. Pillsbury does not provide legal advice on Indian law, but we have been in contact with the Indian legal community and service providers. Here…
When clients raise the question of the security of an outsourced service, it’s frequently a proxy for the feeling that they can trust/have control over their own people, but don’t really trust the service provider’s personnel. This type of concern showed up in a recent survey of CFOs conducted on…
Two recent events serve to highlight the importance of proper due diligence and appropriate contractual protections when dealing with cloud-based and other hosted service providers: A recent white paper from Context Information Security details the results of a study they performed on several cloud service providers that identified numerous vulnerabilities…