Cisco Releases Security Updates for Multiple Products

Original release date: August 6, 2020

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

NSA Releases Guidance on Limiting Location Data Exposure

Original release date: August 6, 2020

The National Security Agency (NSA) has released an information sheet with guidance on how to limit location data exposure for National Security System (NSS) / Department of Defense (DoD) system users, as well as the general public. NSA outlines mobile device geolocation services and provides recommendations on how to prevent the exposure of sensitive location information and reduce the amount of location data shared.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSA's guidance on Limiting Location Data Exposure and CISA’s Security Tip on Privacy and Mobile Device Apps for information on protecting mobile location data.  

This product is provided subject to this Notification and this Privacy & Use policy.

FBI Reports Increase in Online Shopping Scams

Original release date: August 5, 2020

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (I3C) has released an alert on a recent increase in online shopping scams. The scams direct victims to fraudulent websites via ads on social media platforms and popular online search engines’ shopping pages.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and consumers to review the IC3 Alert for indicators of fraud and tips to avoid being victimized, as well as CISA’s tip on Shopping Safely Online.

This product is provided subject to this Notification and this Privacy & Use policy.

More on Schrems II: No grace period for cross-border data flows – So moving on to next steps

When the Court of Justice of the European Union (CJEU) invalidated the EU-US Privacy Shield as a vehicle to transfer personal data from the EU to the US, last July 16, 2020, the obvious question was: “What is the transition period?” The answer is now coming from EU Data Protection Authorities in Europe: there is none. This is what companies who used to rely on the EU-US Privacy Shield should do now to bring their cross-border personal data transfers in line with European law:

  • Reassess all transfers currently occurring under the EU-US Privacy Shield to determine the appropriate legal basis for further transfer performing “data export impact assessments”, meaning, in accordance with the decision of the CJEU, assessing the specific risks of transfer to a specific country of destination and/or through a specific data importer. The test is stated at Article 44 of the GDPR that “the level of protection of natural persons guaranteed by the Regulation is not undermined.”
  • Negotiate Standard Contractual Clauses (SCCs) to govern the transfer of personal data between organizations or develop Binding Corporate Rules (BCRs) for the transfer of data among affiliates of one organization, or use individual consent where it is applicable. For example, in e-commerce, while it is not ideal, some companies may want to consider the practicality of subjecting a transaction to express consent to cross-border data transfer.
  • Obtain warranties from the organizations receiving EU data (the data importers) under SCCs or verify, in relation to their own BCRs, that they are not precluded by local law to comply with SCCs and BCRs, such as through State interference with personal data, allowed by law, in the country of destination.
  • Adopt
    • internal guidelines for their contract staff to limit cross border data transfers to countries where the SCCs or BCRs are not undermined by local law on State access to personal data;
    • apply technological safeguards, as well as guidelines for their implementation, to allow only legitimate State access to personal data for public safety reasons.   

The European Data Protection Board (EDPB), the body created by the GDPR to “ensure the consistent application of the Regulation”  is currently examining what supplementary measures – whether legal, technical or organizational measures – could be applied to transfer data to third countries where SCCs or BCRs would not provide the sufficient level of guarantees, on their own, in view of the law of the country of destination.

While guidance is being developed, organizations are still expected to address the legal basis for transfer of personal data formerly under the EU-US Privacy Shield, immediately.

Dentons is preparing material to assist its clients in this regard. We encourage you to seek advice from your privacy counsel to ensure compliance in cross border personal data flows.

Subscribe and stay updated
Receive our latest blog posts by email.