By

Alan Charles Raul

15 April 2016

Article 29 Working Party Releases Its Wish List for the EU-U.S. Privacy Shield

On April 13, the Article 29 Working Party announced that it had completed its assessment of the EU-U.S. Privacy Shield documentation. The announcement was followed by the release of a 58-page Opinion on the European Commission’s draft adequacy decision on the Privacy Shield.

(more…)

EmailShare
22 March 2016

IRS Alerts Payroll and HR Professionals to Email Phishing Scheme Soliciting W-2s

On March 1, the IRS issued an alert to payroll and human resources professionals regarding a phishing email scheme that purports to be from company executives and requests personal information on employees.  The IRS said this scheme is part of a “surge” in phishing emails seen this year.

(more…)

EmailShare
17 March 2016

FCC Proposes Privacy and Security Regulations for Internet Service Providers

On March 10, FCC Chairman Tom Wheeler issued a “fact sheet” summarizing a sweeping proposal to regulate the privacy and data-security practices of Internet service providers. The proposal would subject ISPs to new stringent requirements that other participants in the Internet ecosystem do not face because they are subject only to the more elastic oversight of the Federal Trade Commission under that agency’s general “unfair or deceptive” standard.

(more…)

EmailShare
09 March 2016

The EU-U.S. Privacy Shield Is a Victory for Common Sense and Transatlantic Good Will

*This post originally appeared in the Council on Foreign Relations’ Net Politics Blog on March 1, 2016.

When the Court of Justice of the European Union (CJEU) struck down Safe Harbor last year, it did so on the basis that the European Commission had not determined whether European data transferred to the United States enjoyed the same protections as in the European Union. Despite the fact a recent Sidley Austin report found that many U.S. privacy protections are essentially equivalent—if not stronger—than the European Union’s in national security matters and comparable in other areas, the Commission clearly needed to replace Safe Harbor with something else to satisfy the CJEU and domestic privacy activists.

(more…)

EmailShare
29 February 2016

Details of the EU-U.S. Privacy Shield Are Published

The much-anticipated documentation for the EU-U.S. Privacy Shield, a new framework on transatlantic data flows, was published by the European Commission on February 29, 2016. The framework now will undergo a process of review and approval, including by the EU’s Article 29 Working Party, which is due to finish its review by the end of March 2016. If approved, it will take effect after an implementation period, during which all companies that wish to use the Privacy Shield as a basis for data transfers will have to certify in accordance with the new framework.

(more…)

EmailShare
26 February 2016

President Obama Signs Judicial Redress Act

On Wednesday, February 24, President Obama signed the Judicial Redress Act into law.  “What it does in the simplest terms is makes sure that everybody’s data is protected in the strongest possible way with our privacy laws—not only American citizens, but also foreign citizens,” President Obama said at signing.  “We take our privacy seriously.  And along with our commitment to innovation, that’s one of the reasons that global companies and entrepreneurs want to do business here.” According to EU Commissioner Věra Jourová, “The signature of the Judicial Redress Act by President Obama is a historic achievement in our efforts to restore trust in transatlantic data flows . . . . It will strengthen privacy, while ensuring legal certainty for transatlantic data exchanges between police and criminal justice authorities. This is crucial to keep Europeans safe through efficient and robust cooperation between the EU and the U.S. in the fight against crime and terrorism.”

(more…)

EmailShare
10 February 2016

President Takes Action On Cybersecurity

President Obama today unveiled a “Cybersecurity National Action Plan.” The administration’s proposed budget includes $19 billion for cybersecurity spending, $3 billion of which will be devoted to updating agency systems. The plan includes the creation of a Federal Chief Information Security Officer to guide the implementation of increased security across the federal government and reside within the Office of Management and Budget. President Obama also issued two executive orders. The first establishes the Commission on Enhancing National Cybersecurity within the Department of Commerce to be composed of technology, national security, and business leaders. The Commission is charged with developing by December 1, 2016 “detailed recommendations to strengthen cybersecurity in both the public and private sectors.” The second requires the establishment of a Senior Agency Official for Privacy at each agency and creates the Federal Privacy Council as “the principal interagency forum to improve the Government privacy practices of agencies and entities acting on their behalf.” The OMB Director will be chair of the Federal Privacy Council, which will have the focus of coordinating internal agency policies.

(more…)

EmailShare
02 February 2016

New Framework on Transatlantic Data Flows Agreed – the “EU-US Privacy Shield”

The European Commission has announced that a political agreement has been reached on a new framework on transatlantic data flows. The announcement was made in a press conference on  February 2nd by Vice President Ansip and Commissioner Jourová , in which the Commissioner expressed the hope that the new framework, dubbed the “EU-US Privacy Shield,” will be in force within three months. The Commissioner identified three key elements of this new framework: (i) strong obligations on companies handling the personal data of Europeans and robust enforcement; (ii) clear safeguards and transparency obligations on US government access; and (iii) effective protection of the rights of EU citizens, with several redress possibilities.

(more…)

EmailShare
12 January 2016

FTC Issues Report (and Warning Shot) on Big Data Use

Building upon its 2012 Consumer Protection Report, its 2014 report on Data Brokers, and a public workshop held on September 15, 2014, the FTC issued a new report on January 6, 2016, with recommendations to businesses on the growing use of big data:  Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues (“2016 Big Data Report”).  Rather than focusing on prior themes of notice, choice, and security, the 2016 Big Data Report addresses only the commercial use of big data consisting of consumer information, and focuses on impacts of such big data uses on low-income and underserved populations.

(more…)

EmailShare
06 January 2016

OFAC issues Cyber-Related Sanctions Regulations

In the aftermath of the cyber attack on the Office of Personnel Management and the significant loss of corporate intellectual property, the U.S. government has announced new tools to respond to and to deter such harmful attacks.  On December 31, 2015, the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued new U.S. Cyber-Related Sanctions Regulations, set forth in 31 C.F.R. § 578 (“Cyber-Related Sanctions Regulations”).  The Cyber-Related Sanctions Regulations are designed to implement Executive Order 13694, which targets perpetrators of malicious cyber-activities (e.g., hacking and Distributed Denial of Service (DDoS) attacks) as well as those who support such activities and certain recipients and users of stolen trade secrets.  For a more detailed discussion of E.O. 13694, which was issued by President Obama on April 1, 2015, see our previous alert.

(more…)

EmailShare
XSLT Plugin by BMI Calculator