The cybersecurity authorities of the United States (including CISA, FBI, NSA and DOE), Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) on April 20, 2022, “to warn organizations that Russia’s invasion of Ukraine could expose organizations both within and beyond the region to increased malicious cyber activity.”

According to

National Veterinary Associates (NVA), a large network of veterinary hospitals and clinics, has reportedly been the victim of a ransomware attack. According to the reports, NVA employs more than 2,600 veterinarians, with over 700 veterinary hospitals and clinics in the U.S., Canada, Australia, and New Zealand.

NVA was reportedly hit with the Ryuk ransomware virus,

This week (May 8-12, 2017) is Privacy Awareness Week—an annual initiative of the Asia Pacific Privacy Authorities Forum (APPA) that concentrates on sharing information about privacy practices and rules.

The APPA is an interesting group made up of privacy regulators from Australia, British Columbia, Canada, Colombia, Hong Kong, Japan, Korea, Macao, Mexico, New South Wales,

Privacy laws in Asia-Pacific countries such as Japan, Australia, New Zealand and Singapore restrict the export of personal information except when the exporter meets certain qualifying conditions. One qualifying condition is if the exporter is in compliance with the Asia-Pacific Economic Cooperation’s Cross-Border Privacy Rules System (CBPR). Under the CBPR, the exporting company would have its data privacy policy and practices reviewed and certified by a third party to confirm the policy and practices are consistent with the applicable domestic law. For example, if an exporting company desired to export personal information of Japanese citizens, its privacy policy and practices would need to be consistent with Japanese law in order for the third party to certify the exporter was CBPR compliant. A company promoting compliance with CBPR on its website would be representing, directly or indirectly, expressly or by implication, that it was certified by a third party to participate in APEC’s CBPR system.

The U.S.’s data protection scheme does not require a third party to review a company’s privacy practices and policy prior to its export of personal information from the U.S. However, the U.S. scheme does prohibit a company from making false statements about its privacy practices and policy. Acting Federal Trade Commission (FTC) Chairman Maureen K. Ohlhausen recently reinforced the importance of this U.S. requirement, stating that companies “must live up to the promises they make to protect consumer data.”
Continue Reading FTC Resolves Allegations Against Three U.S. Based Companies Involving Misrepresentations of International Privacy Program Certifications