Latest Posts
Search for:
Author

Cristina Messerschmidt

Browsing
Cristina focuses her practice on regulatory and transactional issues in global privacy and data protection, including data security, data breach notification, global privacy, website privacy policies, behavioral advertising, cross-border data transfers, and comprehensive compliance programs.
In Data & Technology Disputes

EDPB Publishes Guidelines on Examples Regarding Data Breach Notification

by , , , , , , , and 4 Mins Read

The European Data Protection Board (EDPB) recently published the draft Guidelines on Examples Regarding Data Breach Notification, a document that encompasses eighteen examples of data security incidents, on a spectrum of risk and necessary mitigating measures. Each example concludes with recommended actions based on the identified risks, mainly: recording the incident in the organization’s internal register, notifying the organization’s supervisory authority, and notifying affected individuals. The Guidelines are currently open for public consultation. The Guidelines include…

In Data & Technology Disputes

Protecting Privilege over Forensic Incident Reports in Data Breach Cases

by , , , and 6 Mins Read

Adding to an emerging trend of federal cases addressing privilege in the context of forensic reports, the DC District Court ruled last month that forensic reports created in response to a cybersecurity incident were not subject to attorney-client privilege nor attorney work product protection because the reports were created in the ordinary course of business. This decision has significant implications for organizations preparing to respond to cybersecurity incidents and continues a pattern of increased scrutiny…