Hello. The European Union's proposed rules to tighten how businesses manage Europeans' data in the U.S. and other countries outside the bloc could force adoption of strict encryption practices, WSJ Pro's Catherine Stupp reports from Brussels. The guidelines are an attempt to respond to significant uncertainty since a July ruling from the EU’s top court, which said the EU-U.S. Privacy Shield was illegal.

Also today: Cyber talent shortage shrinks; maker of Animal Jam children's game confirms hack; judge approves settlement in 2018 Facebook user-account breach; and executives from Ellie Mae and VLP Law Group discuss privacy in the new work environment.

EU restrictions could force companies to change data transfer practices. Some businesses will likely have to significantly change how they secure data to continue doing business with European firms, under draft guidelines issued last week by the European Union. The regulators want to require increased privacy safeguards for information transferred to countries outside the bloc.

The guidelines could also boost the use of emerging methods of data protection, privacy experts say, including homomorphic encryption and multiparty computing.

Separately, the European Commission, the EU’s executive body, last week published a draft revision of its standard contractual clauses, which are preapproved contracts specifying how companies can transfer data to countries outside the bloc. The new clauses tighten requirements for companies moving data to business partners or subsidiaries abroad.

The regulators’ draft guidelines mean that “transfers of data to third-party countries is severely curbed,” said Lukasz Olejnik, a Brussels-based independent cybersecurity researcher and consultant.

Read the full article. 

Maker of Animal Jam children's game confirms hack. WildWorks Inc., which makes the game popular among kids aged 9 to 11, learned last week of an attack in October on a server at a vendor it uses for employee communication systems, TechCrunch reports. The attack compromised data from about 46 million Animal Jam accounts, 32 million of which included the player's user name. Passwords, email addresses and dates of birth were exposed in some cases. WildWorks reset all players' passwords and said no real names of users were stolen. The company didn't name the communications vendor. 

Dark web: WildWorks said it learned of the attack on Nov. 11 when a security researcher notified the company that its data was posted on raidforums.com, a hacker forum. 

Judge approves Facebook settlement over 2018 breach. Facebook must put in a place a list of cybersecurity improvements meant to guard against hackers trying to compromise user accounts, a federal judge in U.S. District Court for the Northern District of California ruled Sunday. The settlement stems from a 2018 case in which hackers exploited weaknesses in account tokens to get names, phone numbers and other data for 29 million users world-wide, in two incidents. Facebook's compliance with measures such as increasing the frequency of account integrity checks will be assessed annually by a third-party chosen by the company, the settlement says. Facebook said it has already implemented the measures. A final approval hearing is set for April 8, 2021. 

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle, Catherine Stupp and David Uberti.

Follow us on Twitter: @knash99, @catstupp and @DavidUberti. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.