Tag Archives: Data Security Standards

ISO’s Privacy Standard for Cloud Service Providers

In July 2014, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) issued a new security standard – ISO 27018 – which attempts to outline best practices for public cloud service providers on how to better protect personally identifiable information.  Although the standard expressly only applies to public cloud providers, it’s instructive to any cloud provider –public or private. Like all ISO standards, compliance with ISO 27018 is voluntary, and certification under the standard is not required by any law. However, over time, more and more cloud service contracts are requiring compliance with or certification to this standard. Adhering to the ISO …


Has the FTC Met Its Match?

Companies across the Country should be following the Federal Trade Commission’s (“FTC”) civil suit brought against Wyndham Worldwide Corporation and Wyndham Hotels and Resorts, LLC (“Wyndham”) entitled Federal Trade Commission v. Wyndham Worldwide Corporation, et al. as the outcome of this case may significantly impact the FTC’s ability to regulate U.S. companies with regard to cyber security. In June 2012, the FTC filed a complaint in the U.S. District Court for the District of Arizona against Wyndham. The action arises from multiple cyber security breaches of Wyndham’s computer network purportedly occurring from 2008 to 2010 and resulting in an alleged …