Germany | Information Security Breaches & The Law

Categories
Categories
Pages
Andreas Leupold Annie C. Bai Armando Becerra Brazil Canada Canadian Law Central America Central American Law Colombia Comments Conferences Countries Cédric Laurant English Español EU Law Europe European Union Farid Bouguettaya France Français Germany Héctor Guzmán Infographics Interviews Joseph Santangelo Latin America Law Marie-Andrée Weiss Mexico News Non-EU North America Notes Online Backup Geeks Opinions Outlines Português Posts (Practical guides) Renato Leite Monteiro Reports & Surveys South America South American Law United Kingdom United States
Security Breach Library (latest items)
- Fortinet 2013 Cybercrime Report (December 2012) This paper explores the world of the cybercriminal, describes how they build and deploy attacks to harvest valuable data, and what you can do to fight back.
- Online Trust Alliance Data Protection & Breach Readiness Guide (February 2013) The goal of the 2013 Data Protection & Breach Readiness Guide is to provide prescribed guidelines that help businesses proactively develop a plan to minimize data collection, enhance data protection and to create a customer-centric incident response p
- Security & Defense Agenda, Cyber-security: "The vexed question of global rules – An independent report on cyber-preparedness around the world" (Feb. 2012) This report is made up of a survey of some 250 leading authorities worldwide and of interviews carried out in late 2011 and early 2012 with over 80 cyber-security experts in government, companies, international organisations and academia. It offers a glob
- Verizon, 2013 Data Breach Investigations report (April 2013) This report makes you discover stats that might surprise you: from the percentage of espionage-related attacks to the astonishing length of time it often takes to spot a security breach.
April 2020

M T W T F S S

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30

« Sep
Blogroll (recommended reference websites)

April 2020
M	T	W	T	F	S	S
	1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Full Speed Ahead: Business-Minded I.T. Security Risk Management

Posted by anniecbai on September 22, 2013 · Leave a Comment

"Wincup V8 Vodafone Holden Smashed.. Taken on December 4, 2010. (c) 2010 All rights reserved. Courtesy of Dhatt Creative.

Recent massive data breaches lead us to discuss the movement for new thinking, new strategies and new leadership amongst IT security. In the new paradigm, flat-out prevention is no longer the goal. Companies need to pursue nuanced risk-management decisions that protect yet allow them to do business.

Rate this:

Category Annie C. Bai, English, Europe, European Union, Germany, Opinions · Tagged with Anonymous, BYOD, cybersecurity, cyberthreat, data breach, data security, Federal Office for Information Security (Germany), hackers, insider data breach, IT security, OVH, risk management, security breach, spearphishing, Ubuntu, Vodafone, Vodafone Deutschland

Are ‘clouds’ located outside the European Union unlawful?

Posted by "Security Breaches" Administrator on July 16, 2010 · 3 Comments

A central aspect of every cloud service contract is the security of data processing. It is therefore important, if only for liability reasons, that responsibility for specific security measures be clearly assigned. This can be done by using security service level agreements between the cloud service provider and its client that clearly assign who is responsible for which particular security measure.
Storing data in a cloud located outside the EU raises specific legal compliance issues. According to some experts, such clouds are even unlawful. There are, however, some ways to make sure that, even if a data controller stores data into a cloud located in a third country, he is still in compliance with German data protection law. A data exporter must use, in order to satisfy the adequate level of data protection requirement, specific standard contractual clauses for all contracts with a cloud service company located outside the EU. Binding corporate rules are the alternative solution, though only for private clouds.

Rate this:

Category Cédric Laurant, Comments, English, EU Law, Europe, European Union, Germany, Marie-Andrée Weiss, Outlines · Tagged with adequate level of data protection, anonymization, Argentina, Article 26 (EU DP Dir.), Article 29 Working Party, BDSG, Binding corporate rules, Bundesdatenschutzgesetz, cloud computing, cloud service contract, cloud service provider, confidentiality, data controller, data processing security, Data Protection Authority, data protection law, data security, data security breaches, Datenschutzzentrum, Düsseldorfer Kreis, Dr. Thilo Weichert, encryption, EU Directive 95/46/EC, European Commission, European Privacy Seal, EuroPriSe, external audit, German Federal Data Protection Act, Germany, Google, IaaS, integrity, liability, PaaS, personal data, private cloud, pseudonym, public cloud, SaaS, Safe Harbor Framework, Safe Harbor self-certification, SAS 70, Security Service Level Agreement, standard contractual clauses, State of Schleswig-Holstein, Switzerland, third country, third party, United States, Yahoo

The Safe Harbor Framework: not a “safe harbor” anymore for US companies? German expert body insists on stronger compliance stance

Posted by "Security Breaches" Administrator on July 9, 2010 · 2 Comments

On April 29, 2010, the Düsseldorfer Kreis, an informal group of German data protection authorities, published a decision that could have significant repercussions on U.S. companies importing personal data from organizations operating in the European Union. One of these repercussions is that German organizations exporting personal data to the United States should check if the U.S. data importer does indeed comply with the Safe Harbor Framework. Security plan recommendations will provide for a useful guideline to E.U. data exporters to help them comply with the Safe Harbor’s Security Principle.

Rate this:

Category Cédric Laurant, Comments, English, EU Law, Europe, European Union, Germany, Marie-Andrée Weiss, North America, United States · Tagged with adequacy requirement, adequate level of data protection, Article 25 (EU DP Dir.), Article 26(2) (EU DP Dir.), Article 29 Data Protection Working Party, Best Buy, Binding corporate rules, Bundesdatenschutzgesetz, co-regulation, contractual clauses, data exporter, data importer, data security breaches, data security plan, Düsseldorfer Kreis, DSW, due diligence, encryption, EU Directive 95/46/EC, European Commission, European data protection authorities, German Federal Data Protection Act, Germany, independent auditing firm, information security, ISO, ISO 27000, loss, misuse, personal data, personally identifying information, privacy policy, RealNetworks, reasonable security measures, Safe Harbor Framework, Safe Harbor Security Principle, Safe Harbor self-certification, Safe Harbor self-certified organizations, self-regulation, sensitive personal information, third countries, transborder data flows, unfair and deceptive practice, US Department of Commerce, US Department of Transportation, US False Statements Act, US Federal Trade Commission, US Food and Drug Administration

Read this website in your language!

--> Click here to translate
Most Visited Posts & Pages (last 24-48 h)
Top Rated
Recent Posts
Tag Cloud
adequate level of data protection América Móvil anonymization Anteprojeto de Lei sobre privacidade e proteção de dados pessoais (Brasil) Argentina Article 29 Data Protection Working Party Assemblée nationale française Binding corporate rules brechas de seguridad Bundesdatenschutzgesetz California Office of Privacy Protection California Security Breach Notification Act Californie CIL cloud computing CNIL Code des postes et des communications électroniques Commission nationale de l’informatique et des libertés confidentiality confidentialité des données contractual clauses correspondant "informatique et libertés" cybersecurity Código de Defesa do Consumidor (Brasil) dados pessoais damage to reputation data breach data breaches data breach notification data controller data loss data protection Data Protection Authority data protection by default data protection law data protection officer data security data security breaches data subject datos personales Directive 95/46/CE Directive 2009/136/CE Directive 2009/140/CE données à caractère personnel Düsseldorfer Kreis encryption ENISA Estados Unidos EU Directive 95/46/EC EU Directive 2002/58/EC EU Directive 2009/136/EC EU e-Privacy Directive European Commission European data protection authorities European Data Protection Supervisor European Network and Information Security Agency European Union external audit externalisation failles de sécurité falhas de segurança fallas de seguridad Farmacias San Pablo fuga de datos fuga de información German Federal Data Protection Act Germany Google hackeo hacking IaaS IFAI Information Commissioner’s Office information security Informatique en Nuage Instituto Federal de Acceso a la Información y Protección de Datos integrity intimidade IT security Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) LFPDPPP LinkedIn loi "Informatique et libertés" loi no. 78-17 du 6 janvier 1978 medidas de seguridad México notificación de brechas de seguridad notificación de vulneraciones de seguridad notification des violations de securité obligations en matière de sécurité PaaS personal data plan de continuidad de negocio Privacidade privacy privacy by design Proteção de Dados Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares (México) responsable du traitement responsables de traitement de données RLFPDPPP SaaS Safe Harbor Framework Safe Harbor self-certification security breach security breaches security breach notification self-regulation sensitive information sensitive personal information sécurité des données technical and organizational measures technological protection measures Telcel TV Azteca Union européenne United Kingdom United States US Federal Trade Commission vie privée violaciones de seguridad violations de sécurité vulnerability vulneración de datos personales vulneración de seguridad
Blog Tweets (last 5)
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @TravisDMills @ExpertsCEO @TiguniaLLC - Tweeted 1 month ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #mazeteam #mdlab - Tweeted 2 months ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… Thanks to @PogoWasRight #biometric #privacy - Tweeted 2 months ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #hipaa #privacy - Tweeted 2 months ago
- The latest The #DataBreach Weekly Digest! paper.li/security_breac… #hipaa - Tweeted 3 months ago
Follow @security_breach
Recent News on Security Breaches
- ENISA releases report on situation of implementation of e-Privacy Directive's data breach notification requirement (ENISA, Jan. 13, 2011) “ENISA reviewed the current situation in order to develop a consistent set of guidelines addressing the technical implementation measures and the procedures, as described by Article 4 of the reviewed Directive 2002/58/EC.”
- "EU Study Frowns over Data Breach Notification Rules. Cyber-security Agency Worries" (The Register, Jan. 14, 2011) New study identifies risk prioritisation, enforcement and resources as key issues. ENISA hopes research will help to develop best practice on breach notification and inform future decisions on whether EU rules, first to apply to telcos and ISPs, ought to
- Citigroup Cites $2.7 Million in Customer Losses From Hack (Wall Street Journal, June 25, 2011) Citigroup Inc. has told government officials that about 3,400 of the customers whose credit-card information was hacked have suffered about $2.7 million in losses
- Citigroup did little to assist victims of privacy breach, critics say (The Globe and Mail, June 24, 2011) After a massive data breach last month, Citigroup did not offer its hacked clients the same degree of identity-theft protection that many other companies provide, drawing criticism from privacy advocates.
- Citigroup says hackers accessed bank card data (The Globe and Mail, June 9 & 14, 2011) About 1% of Citibank’s card customers were affected by the breach, which a report asserts had been discovered in May during routine monitoring.
- Preparation for hacker attacks helps in protecting, insuring firms (Business insurance.com, June 27, 2011) “Preparing in advance for a seemingly inevitable data breach will put a company in a better position to respond when its systems are attacked, as well as improve its position with insurers in seeking cyber risk coverage.”
- "Data Breaches a Symptom of a Bigger Problem" (Infosecurity-us.com, June 14, 2011) “Organizations that lack adequate security funding – especially small and medium-sized businesses – are being targeted by hackers because they are easy prey.”
- "Cybersecurity: SEC outlines requirement that companies report cyber theft and attack" (Washington Post, Oct. 15, 2011) “Cyberspies and criminals steal what is estimated to be tens of billions of dollars worth of data from U.S. companies each year. Yet experts say few companies report these losses to shareholders.”

Information Security Breaches & The Law

Categories

Pages

Security Breach Library (latest items)

Blogroll (recommended reference websites)

Full Speed Ahead: Business-Minded I.T. Security Risk Management

Rate this:

The Safe Harbor Framework: not a “safe harbor” anymore for US companies? German expert body insists on stronger compliance stance

Rate this:

Read this website in your language!

Most Visited Posts & Pages (last 24-48 h)

Top Rated

Recent Posts

Tag Cloud

Blog Tweets (last 5)

Recent News on Security Breaches

Blog authors

Copyright notice

Authors' recent talks on information security & data protection issues

Authors' upcoming talks on information security & data protection issues

Archives by date

Subscribe to this blog by e-mail

The “Global Information Security Breach Professionals” Group on Linkedin

Wordpress Blog Stats