Welcome to the July edition of our Data And Cyber Bulletin, with fascinating content covering the Irish DPC’s draft decision proposing to prevent Meta from transferring personal data from the EU to the US, the Lloyds report on physical cyber risks, and the link between Dunkin Donuts and credential stuffing. We provide insight into the third attack on Marriott Group and welcome guest content from our Legalign Global partner firm, Wilson Elser, in respect of data breach class actions in the US. We also consider the European Commission’s recent warning against strict interpretation of the GDPR by Data Protection Authorities, the ICO and NCSC joint letter to the Law Society and Bar Council in respect of ransom payments, and the proposed amendment to the PSTI Bill in respect of ethical hacking.
Draft DPC Decision Proposes Banning Meta Data Transfers from EU to US
We consider the implications of the DPC’s draft decision, banning Meta from transferring personal data from the EU to the US.
Physical risk in cyber-attacks: Lloyds outlines potential impact to businesses in a new report
We highlight the key points arising out of the Lloyds report on the importance of effective risk management and the role of insurers in helping customers build resilience to cyber-attacks that could cause damage to physical environments.
Stuffing Dunkin Donuts and Uber Attacks - New Guidance Released on “Credential Stuffing” Incidents
We discuss the recently issued guidance by the Global Privacy Assembly’s International Enforcement Cooperation Working Group on the increasing threat of credential stuffing and highlight recent examples of the same with the Dunkin Donuts and Uber attacks.
Marriott Group Struck by Third Data Breach
We explain the latest attack on Marriott Group and consider the resulting exposure for the beset hotel chain.
Plaintiffs’ Attorneys Racing to Courthouses in the United States to File Data Breach Class Actions
We welcome guest contribution from David Ross at Wilson Elser, looking at the uptick in data breach class actions in the US.
European Commission issues a warning against “strict” interpretation of the GDPR by Data Protection Authorities
We provide insight into the Commission’s recent confirmation that commercial considerations can satisfy the “legitimate interests” lawful basis, and explain the concern raised by the Commission in respect of the Dutch DPA.
Ransoms - to pay or not to pay, that is the question …
We set out the key takeaways from the ICO and NCSC’s recently published joint letter to the Law Society and Bar Council in respect of paying ransom demands.
Proposed Amendment to the PSTI Bill Set To Provide Defence to Ethical Hacking Under the CMA
We share insight into the UK proposal to provide a defence to ethical hacking, providing a welcome update to UK cyber laws, specifically the Computer Misuse Act 1990.
Failed Delivery Attempt
We summarise key takeaways from the recent up-tick in cyber-incidents impacting delivery companies, with a focus on the recent attack on Yodel.
We hope you enjoy this month’s edition and invite you to contact the authors of the articles should you wish to discuss them further.
