Catagory:Privacy, Data Protection & Information Management

1
Higher Regional Court of Hamm (Germany): Claims for Moral Damages Under Art. 82 GDPR are Assignable – German Class Actions Coming?
2
Decision by German Higher Regional Court Koblenz: Consent for Publication of Interview not Revocable
3
Illinois Reigns in Excesses of Biometric Information Privacy Act: Form of Consent Expanded and Claims Limited
4
Ransomware attacks – is there harm even when nothing is stolen?
5
Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming
6
Artificial Intelligence and the Data Conundrum
7
Modern Adtech Regulated Under Antiquated Law: How Video Killed the Internet Star
8
Security of Critical Infrastructure – Adoption of Cyber Security Framework and Mandatory Reporting Deadline Approaches While the Regulator Moves From “Education” to “Enforcement” Mode
9
9,948,575,739 Reasons to Change Your Passwords now
10
AI’s Next Frontier: The New Voice of Scam Calls?

Higher Regional Court of Hamm (Germany): Claims for Moral Damages Under Art. 82 GDPR are Assignable – German Class Actions Coming?

By Dr. Thomas Nietsch and Andreas Müller

On July 24, 2024, the OLG Hamm ruled that claims for moral damages under Art. 82 GDPR are generally assignable (case number: 11 U 69/23).

Read More

Decision by German Higher Regional Court Koblenz: Consent for Publication of Interview not Revocable

By: Dr. Thomas Nietsch and Andreas Müller

On 31 July 2024 the Higher Regional Court of Koblenz (Oberlandesgericht Koblenz) has rejected an appeal to a verdict of the Regional Court of Koblenz (Landgericht Koblenz) for deletion of an interview published on YouTube, due to lacking a prospect of success (case number 4 U 238/23).

Read More

Illinois Reigns in Excesses of Biometric Information Privacy Act: Form of Consent Expanded and Claims Limited

By: Cameron Abbott and Rob Pulham

In their recent article available here, Joseph Wylie, Kenn Brotman, and J. Morgan Dixon from our Chicago office discuss what changes to privacy law in Illinois will mean for company’s collecting or sharing individual’s biometric data.

Ransomware attacks – is there harm even when nothing is stolen?

In November 2020, accounting and consulting firm Nexia Australia (Nexia) was alerted to a “REvil” ransomware attack taking place within its system. The attackers threatened to post personal information of Nexia’s clients, customers and staff online unless it paid a $1m ransom within 72 hours.

It was reported that the hackers appeared to have posted Nexia’s confidential files onto the dark web; however, further investigation revealed that the hackers had merely posted screenshots of Nexia’s files. Realising this, Nexia dismissed the threat and refused to pay the ransom.

But it didn’t end there.

Shortly after the attack, a news service found the Nexia file screenshots on the dark web and publicised that the company’s confidential information had been stolen and shared. Not only did Nexia have to reassure panicking clients that their confidential information remained uncompromised, it had to convince the Australian Securities and Investments Commission, the Australian Federal Police and the Privacy Commissioner that nothing of concern had been taken.

It doesn’t help that ransomware-as-a-service is becoming an increasingly lucrative business for cybercriminals to launch this type of attack. All that is needed is off-the-shelf malware, a wallet of cryptocurrency and it’s ready to deploy against an unsuspecting organisation.

The attack on Nexia demonstrates that even if there is no evidence that confidential information has been leaked, organisations can still suffer significant damage. The cost of reassuring stakeholders and mitigating reputational harm can almost match the consequences of a full blown attack.

As Warren Buffet famously quoted, “It takes 20 years to build a reputation and 5 minutes to ruin it”.  While Nexia recovered valiantly, this serves as a lesson that even when unsuccessful, the public ramifications of a ransomware attack are not to be underestimated.

Disclosure Obligations for Cyber Ransom Payments: A New Cyber Security Act is Coming

By Cameron Abbott, Rob Pulham, Stephanie Mayhew, Dadar Ahmadi-Pirshahid and Lauren Hrysomallis

A new Cyber Security Act is set to be unveiled in Parliament’s next sitting from 12 August, as reported by the ABC. The proposed Act would require Australian businesses and government bodies to disclose when they make a ransom payment to cybercriminals in the event of a hack, or face penalties of up to AU$15,000 for failing to notify.

Read More

Artificial Intelligence and the Data Conundrum

By Paul R. Haswell and Cameron Abbott

As much as artificial intelligence (AI) remains a hot topic to companies and individuals alike, there remains limited detailed regulation in place. The European Union published its Artificial Intelligence Act on 12 July 2024, but other jurisdictions have been slow or piecemeal in its regulation of AI.

Read More

Modern Adtech Regulated Under Antiquated Law: How Video Killed the Internet Star

By Cameron Abbott and Rob Pulham

In their recent article available here, Katie Staba and Corey Bieber from our Chicago office discuss emerging advertising technology issues, including new applications of the California Invasion of Privacy Act and the Video Privacy Protection Act.

Security of Critical Infrastructure – Adoption of Cyber Security Framework and Mandatory Reporting Deadline Approaches While the Regulator Moves From “Education” to “Enforcement” Mode

By Cameron Abbott, Rob Pulham, Damien Timms, Dadar Ahmadi-Pirshahid and Adam Asadurian

Some key compliance dates approach for responsible entities of critical infrastructure assets under the Security of Critical Infrastructure Act (SOCI Act).

Read More

9,948,575,739 Reasons to Change Your Passwords now

By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Jordan Booth

Cybernews has reported on its researchers’ discovery of what could be the largest leaked password compilation of all time, with a record 9,948,575,739 plaintext passwords in a file called “rockyou2024.txt” (see article).

Read More

AI’s Next Frontier: The New Voice of Scam Calls?

By: Cameron Abbott, Rob Pulham, Dadar Ahmadi-Pirshahid, and Adam Asadurian

Astonishingly (…or perhaps not, for anyone who’s answered a phone call recently), “imposter calls” are the number one offender of spam calls in the United States, amounting to 33% of all phone calls according to a recent study by QR Code Generator.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.