By

Cameron F. Kerry

22 January 2018

Movement on Section 702 of the Foreign Intelligence Surveillance Act (FISA)

Following months of intense debate, an attempted filibuster, and close votes in both the House and Senate, Congress last week finally extended Section 702 of the Foreign Intelligence Surveillance Act (FISA).

(more…)

EmailPrintShare
02 January 2018

Privacy and Cybersecurity Top 10 for 2018

This past year was marked by ever more significant data breaches, growing cybersecurity regulatory requirements at the state and federal levels and continued challenges in harmonizing international privacy and cybersecurity regulations. We expect each of these trends to continue in 2018.

As we begin this New Year, here is list of the top 10 privacy and cybersecurity issues for 2018: (more…)

EmailPrintShare
01 August 2017

CJEU Rules on EU-Canadian Passenger Name Record Agreement; Data Retention Possible; Detailed Court Scrutiny to Ensure Proportionality

On 26 July 2017, the Court of Justice of the EU (“Court”) issued its Opinion on the proposed EU-Canada Agreement on the transfer and processing of Passenger Name Record data (“PNR Data”).  The opinion, issued by the Court’s Grand Chamber, confirms that the Court accepts the necessity of processing large amounts of personal data to protect against terrorism in general.  However, in order to ensure compliance with the EU Charter of Fundamental Rights (“the Charter”), the Court will scrutinize the details of any EU legislative act to ensure that no data are retained or accessed without a clear link to the underlying justification of combating terrorism. (more…)

EmailPrintShare
15 May 2017

President Trump Signs Executive Order on Cybersecurity at Federal Agencies

On Thursday, May 11, President Trump signed an executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure.  The order is expected to prompt a broad examination of cybersecurity vulnerabilities at federal agencies and re-orient federal cybersecurity efforts toward modernization and shared services.  The order also reaffirms the previous administration’s approach to cybersecurity protections for critical infrastructure – with increased emphasis on the power grid – and seeks to promote the growth and sustainment of the nation’s cybersecurity workforce in the public and private sectors.  (more…)

EmailPrintShare
02 March 2017

The Continuing Impact of the Judgment of the Court of Justice of the European Union Declaring Invalid the European Commission’s Decision on U.S.-EU Safe Harbor

The decision by the Court of Justice of the European Union (the CJEU) on Oct. 6, 2015, invalidating the U.S.-EU Safe Harbor Decision (the Judgment) is a landmark judgment. Case C-362/14 Maximillian Schrems v Data Protection Commissioner [2015] ECLI: EU:C:2015:650. By voiding the legal basis for transatlantic data transfers for the 4,400 companies reliant on U.S.-EU Safe Harbor, the Judgment began what has been a seismic year for data protection and crossborder data transfers in the European Union, whose aftershocks will reverberate throughout 2017 and beyond.

Read More

EmailPrintShare
21 February 2017

Transatlantic Data flow – the new Swiss – U.S. Privacy Shield available April 12, 2017

Following the establishment of the E.U. – U.S. Privacy Shield last summer, Switzerland has now agreed to a similar framework facilitating the transfer of personal data from Swiss companies to companies based in the United States (hereinafter “Swiss – U.S. Privacy Shield” or “Privacy Shield”) that will allow companies to certify adherence to the framework as of 12 April 2017.

(more…)

EmailPrintShare
31 January 2017

2016 Year in Review and 2017 Preview: Top Ten for Data Protection and Privacy

2016 was a year of seismic changes in the global data protection and privacy landscape.  Here, we look back at the top ten events and issues that shaped 2016, and are poised to shape the year ahead as well.

Year In Review

1. GDPR Adoption

On April 14, the European Parliament voted to adopt the long-awaited EU General Data Protection Regulation (GDPR), formally completing adoption of the GDPR. The GDPR was published in the Official Journal of the EU on May 25, 2016, giving companies and Member States until the May 25, 2018 effective date to implement the Regulation fully. In the wake of its adoption, businesses should have planning under way for implementation of the significantly expanded Regulation by evaluating whether they are subject to the expanded jurisdiction, and if so, completing an internal gap analysis of current data protection practices as compared with the new requirements and rights under the Regulation. Some of the key aspects to consider include data breach response planning under the new 72-hour notice requirement, reviewing existing data protection notices and consents for the more robust obligations, identifying current profiling activities and existing data protection and retention policies and procedures, ensuring privacy impact assessments are carried out where required, and evaluating whether there is an obligation to appoint a data protection officer.  Despite the time until the effective date, the extensive preparation necessary to comply presents a challenge as companies around the world refocus resources to develop compliance plans.

2. Political Cyber Warfare

There is a new front in geopolitical battles.  (more…)

EmailPrintShare
19 January 2017

The Economic Case for Preserving PPD-28 and Privacy Shield

*This post first appeared in Lawfare on January 17, 2017.

As the new administration takes office this week, we will start to see just how literally to take Donald Trump’s pronouncements and the promised targeting of his predecessor’s executive orders for immediate destruction. Trade policy appointments signal that statements about being aggressive against barriers to trade should be taken very literally.  Wilbur Ross, the prospective Commerce Secretary; Peter Navarro, tapped to lead a new Trade Council on the White House staff; and Robert Lighthizer, designated U.S. Trade Representative, all have been vociferous in calling out China’s mercantilist policies and advocating a more transactional approach to breaking down market barriers in the world’s second largest national economy.

[Read More…]

EmailPrintShare
13 January 2017

NIST Issues Draft Revision to Cybersecurity Framework

The National Institute of Standards & Technology (NIST) has issued a revised draft version of its Cybersecurity Framework. The document is issued as “Version 1.1″ of the existing framework, redlined to show changes from the original framework issued almost three years ago. It is a draft, seeking comment. No period for public comment is specified, except that NIST expects to hold a public workshop on the revised draft “around the fall of 2017.”

(more…)

EmailPrintShare
19 December 2016

The Article 29 Working Party Releases Draft Guidelines on Key Elements of the GDPR Including the Right to Data Portability, Data Protection Officers and the Lead Supervisory Authority

On 15 December 2016 the Article 29 Working Party (“WP29”) released draft guidelines and FAQs on key provisions in the EU’s General Data Protection Regulation (“GDPR”). The guidelines cover the right to data portability, data protection officers and the lead supervisory authority. The WP29 has invited comments from stakeholders on the draft guidelines and FAQs. The deadline for comments is January 31, 2017. Although this invitation for comment is directed at the new guidance, some members of the WP29 have expressed interest in comments on additional issues for the WP29 2017 work plan, for which guidance has not been issued.

(more…)

EmailPrintShare
1 2 3 5
XSLT Plugin by BMI Calculator