Home Page | Data Matters Privacy Blog

Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy

May 26, 2021

The next few weeks will likely be very busy for companies on the GDPR international data transfer front as there have been a number of key European developments over the last few days including: (more…)

William RM Long

London

wlong@sidley.com

Francesca Blythe

London

fblythe@sidley.com

May 242021

Cybersecurity Regulations for the Energy Industry

Cybercrime, Cybersecurity, Energy, Events

Data Matters Contributors

May 24, 2021

The Colonial Pipeline ransomware attack shone a spotlight on the importance and potential vulnerabilities of U.S. critical energy infrastructure. Join our panel of energy industry and cybersecurity thought leaders for a discussion of the threats targeting the industry today, the state of the law when it comes to safeguarding against cyberattacks, and what to expect from Congress and the Administration as calls for increased regulation intensify.

(more…)

Data Matters Contributors

sidleyprivacyblog@sidley.com

May 182021

Transferring EU Data To US After New Contractual Safeguards – A Proposal to Notify Intelligence Agencies of “US Person” Prohibition on Targeting SCC Transfers

Enforcement, EU, GDPR, International, Policy, Regulation, Schrems II

Alan Charles Raul

May 18, 2021

This article was first published by Law360 on May 17, 2021.

In light of new standard contractual clauses, or SCCs, to be issued shortly by the European Commission, as well as imminent new guidance from the European Data Protection Board, companies transferring personal data to the U.S. should consider taking steps to help ensure their data transfers are recognized as U.S. person communications.

This article sets forth possible text that companies could adopt as a supplemental measure to inform U.S. intelligence agencies that data transfers under SCCs are prohibited from being targeted.

View Article

Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

May 142021

Major Executive Order on Cybersecurity Aims to Fortify Defenses and Coordinate U.S. Response to Growing Epidemic of Cyberattacks

Cybersecurity, National Security, Policy

Colleen Theresa Brown, Alan Charles Raul, Sujit Raman and Sheri Porath Rockwell

May 14, 2021

The Biden administration issued a lengthy Executive Order, “Improving the Nation’s Cybersecurity,” on May 12, which it described as the “first of many ambitious steps” toward modernizing U.S. cybersecurity defenses. The White House simultaneously issued an explanatory fact sheet and background press call.

Pursuant to the Order, government agencies will be required to deploy multifactor authentication, encryption, endpoint detection response, and logging and operate under the principle of a “zero-trust” environment. A clear purpose of the Order is to improve the security of commercial software, including by establishing baseline security requirements based on industry best practices. As the White House press briefer stated, the Order will impose “the power of federal procurement to say, ‘If you’re doing business with us, we need you to practice really good — really good cybersecurity. And, most importantly, we really need you to focus on secure software development.’”

(more…)

Colleen Theresa Brown

Washington, D.C.

cbrown@sidley.com

Alan Charles Raul

Washington, D.C., New York

araul@sidley.com

Sujit Raman

Sheri Porath Rockwell

Century City

sheri.rockwell@sidley.com

May 122021

Sidley Welcomes Former-CFPB Enforcement Director Tom Ward

Enforcement, Financial Privacy, FINRA, General

Data Matters Contributors

May 12, 2021

Sidley is pleased to announce that Thomas Ward, who previously served as Enforcement Director at the Consumer Financial Protection Bureau (CFPB), has joined the firm as a partner in the Banking and Financial Services Group in Washington, D.C. As the CFPB’s chief law enforcement officer, Tom was responsible for enforcing more than 20 enumerated consumer financial statutes and the Consumer Financial Protection Act. He established and supervised the strategy in hundreds of active investigations and cases prosecuted by the CFPB’s Office of Enforcement and managed the agency’s 165 enforcement trial lawyers, investigators, and staff. Under his leadership, in 2020, the CFPB brought the second highest number of enforcement actions since its inception, secured its fourth highest amount of redress, prosecuted its largest and most complex litigation docket, and recommitted to enforcing the Fair Lending laws, including filing the first contested Fair Lending action in the CFPB’s history.

(more…)

Data Matters Contributors

sidleyprivacyblog@sidley.com

May 32021

Part II – Digital Health Passports in Europe: Amended Proposal for a Digital Green Certificate and Eligible Testing Methods

COVID-19, EU, GDPR, Health Privacy, International

William RM Long, Josefine Sommer, Francesca Blythe and Yuliya Gevrenova

May 3, 2021

In March 2021, the European Commission released a proposal for the creation of a “Digital Green Certificate,” which will allow EU citizens to travel easier throughout the EU during the COVID-19 pandemic. Last week, the EU Member States agreed on some proposed changes to the proposal, including strengthening of the data privacy provisions. According to the proposal, in order to obtain a Digital Green Certificate, individuals must prove that they have been vaccinated, present a negative test result, or have recently recovered from COVID-19. The proposal allows the issuance of a certificate for all COVID-19 vaccines, which have received an EU-wide marketing authorisation, however only the results of certain in vitro diagnostic tests will be considered valid.

(more…)