The next few weeks will likely be very busy for companies on the GDPR international data transfer front as there have been a number of key European developments over the last few days including: (more…)
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2021-05-26 11:06:002023-12-11 17:22:48SCCs, Adequacy, and Guidance: Latest Updates on International Data Transfers
The Colonial Pipeline ransomware attack shone a spotlight on the importance and potential vulnerabilities of U.S. critical energy infrastructure. Join our panel of energy industry and cybersecurity thought leaders for a discussion of the threats targeting the industry today, the state of the law when it comes to safeguarding against cyberattacks, and what to expect from Congress and the Administration as calls for increased regulation intensify.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngData Matters Contributors2021-05-24 12:05:132023-09-07 14:36:29Cybersecurity Regulations for the Energy Industry
This article was first published by Law360 on May 17, 2021.
In light of new standard contractual clauses, or SCCs, to be issued shortly by the European Commission, as well as imminent new guidance from the European Data Protection Board, companies transferring personal data to the U.S. should consider taking steps to help ensure their data transfers are recognized as U.S. person communications.
This article sets forth possible text that companies could adopt as a supplemental measure to inform U.S. intelligence agencies that data transfers under SCCs are prohibited from being targeted.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Alan Charles Raulhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngAlan Charles Raul2021-05-18 12:29:072023-09-07 14:38:27Transferring EU Data To US After New Contractual Safeguards – A Proposal to Notify Intelligence Agencies of “US Person” Prohibition on Targeting SCC Transfers
The Biden administration issued a lengthy Executive Order, “Improving the Nation’s Cybersecurity,” on May 12, which it described as the “first of many ambitious steps” toward modernizing U.S. cybersecurity defenses. The White House simultaneously issued an explanatory fact sheetand background press call.
Pursuant to the Order, government agencies will be required to deploy multifactor authentication, encryption, endpoint detection response, and logging and operate under the principle of a “zero-trust” environment. A clear purpose of the Order is to improve the security of commercial software, including by establishing baseline security requirements based on industry best practices. As the White House press briefer stated, the Order will impose “the power of federal procurement to say, ‘If you’re doing business with us, we need you to practice really good — really good cybersecurity. And, most importantly, we really need you to focus on secure software development.’”
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Colleen Theresa Brownhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngColleen Theresa Brown2021-05-14 15:11:292023-09-07 14:39:42Major Executive Order on Cybersecurity Aims to Fortify Defenses and Coordinate U.S. Response to Growing Epidemic of Cyberattacks
Sidley is pleased to announce that Thomas Ward, who previously served as Enforcement Director at the Consumer Financial Protection Bureau (CFPB), has joined the firm as a partner in the Banking and Financial Services Group in Washington, D.C. As the CFPB’s chief law enforcement officer, Tom was responsible for enforcing more than 20 enumerated consumer financial statutes and the Consumer Financial Protection Act. He established and supervised the strategy in hundreds of active investigations and cases prosecuted by the CFPB’s Office of Enforcement and managed the agency’s 165 enforcement trial lawyers, investigators, and staff. Under his leadership, in 2020, the CFPB brought the second highest number of enforcement actions since its inception, secured its fourth highest amount of redress, prosecuted its largest and most complex litigation docket, and recommitted to enforcing the Fair Lending laws, including filing the first contested Fair Lending action in the CFPB’s history.
In March 2021, the European Commission released a proposal for the creation of a “Digital Green Certificate,” which will allow EU citizens to travel easier throughout the EU during the COVID-19 pandemic. Last week, the EU Member States agreed on some proposed changes to the proposal, including strengthening of the data privacy provisions. According to the proposal, in order to obtain a Digital Green Certificate, individuals must prove that they have been vaccinated, present a negative test result, or have recently recovered from COVID-19. The proposal allows the issuance of a certificate for all COVID-19 vaccines, which have received an EU-wide marketing authorisation, however only the results of certain in vitro diagnostic tests will be considered valid.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2021-05-03 14:10:432024-05-02 17:02:33Part II – Digital Health Passports in Europe: Amended Proposal for a Digital Green Certificate and Eligible Testing Methods
On December 10, 2020, the California Attorney General (“AG”) proposed additional edits to the CCPA Regulations. These changes both build upon the updates that were proposed on October 12, 2020, and add some new content. All of the newly proposed changes relate to the right to opt-out of the sale of personal information.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Alan Charles Raulhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngAlan Charles Raul2020-12-14 11:36:592023-12-11 17:23:37All Buttoned Up: The California AG Proposes Additional CCPA Regulations
Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (“Schrems II”), the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) concluded in a position paper published on 8 September that the Swiss-US Privacy Shield no longer provides a valid mechanism for the transfer of personal data from Switzerland to the US.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
SCCs, Adequacy, and Guidance: Latest Updates on International Data Transfers
The next few weeks will likely be very busy for companies on the GDPR international data transfer front as there have been a number of key European developments over the last few days including: (more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Cybersecurity Regulations for the Energy Industry
The Colonial Pipeline ransomware attack shone a spotlight on the importance and potential vulnerabilities of U.S. critical energy infrastructure. Join our panel of energy industry and cybersecurity thought leaders for a discussion of the threats targeting the industry today, the state of the law when it comes to safeguarding against cyberattacks, and what to expect from Congress and the Administration as calls for increased regulation intensify.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
Transferring EU Data To US After New Contractual Safeguards – A Proposal to Notify Intelligence Agencies of “US Person” Prohibition on Targeting SCC Transfers
This article was first published by Law360 on May 17, 2021.
In light of new standard contractual clauses, or SCCs, to be issued shortly by the European Commission, as well as imminent new guidance from the European Data Protection Board, companies transferring personal data to the U.S. should consider taking steps to help ensure their data transfers are recognized as U.S. person communications.
This article sets forth possible text that companies could adopt as a supplemental measure to inform U.S. intelligence agencies that data transfers under SCCs are prohibited from being targeted.
View Article
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Major Executive Order on Cybersecurity Aims to Fortify Defenses and Coordinate U.S. Response to Growing Epidemic of Cyberattacks
The Biden administration issued a lengthy Executive Order, “Improving the Nation’s Cybersecurity,” on May 12, which it described as the “first of many ambitious steps” toward modernizing U.S. cybersecurity defenses. The White House simultaneously issued an explanatory fact sheet and background press call.
Pursuant to the Order, government agencies will be required to deploy multifactor authentication, encryption, endpoint detection response, and logging and operate under the principle of a “zero-trust” environment. A clear purpose of the Order is to improve the security of commercial software, including by establishing baseline security requirements based on industry best practices. As the White House press briefer stated, the Order will impose “the power of federal procurement to say, ‘If you’re doing business with us, we need you to practice really good — really good cybersecurity. And, most importantly, we really need you to focus on secure software development.’”
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Sujit Raman
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Sidley Welcomes Former-CFPB Enforcement Director Tom Ward
Sidley is pleased to announce that Thomas Ward, who previously served as Enforcement Director at the Consumer Financial Protection Bureau (CFPB), has joined the firm as a partner in the Banking and Financial Services Group in Washington, D.C. As the CFPB’s chief law enforcement officer, Tom was responsible for enforcing more than 20 enumerated consumer financial statutes and the Consumer Financial Protection Act. He established and supervised the strategy in hundreds of active investigations and cases prosecuted by the CFPB’s Office of Enforcement and managed the agency’s 165 enforcement trial lawyers, investigators, and staff. Under his leadership, in 2020, the CFPB brought the second highest number of enforcement actions since its inception, secured its fourth highest amount of redress, prosecuted its largest and most complex litigation docket, and recommitted to enforcing the Fair Lending laws, including filing the first contested Fair Lending action in the CFPB’s history.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
Part II – Digital Health Passports in Europe: Amended Proposal for a Digital Green Certificate and Eligible Testing Methods
In March 2021, the European Commission released a proposal for the creation of a “Digital Green Certificate,” which will allow EU citizens to travel easier throughout the EU during the COVID-19 pandemic. Last week, the EU Member States agreed on some proposed changes to the proposal, including strengthening of the data privacy provisions. According to the proposal, in order to obtain a Digital Green Certificate, individuals must prove that they have been vaccinated, present a negative test result, or have recently recovered from COVID-19. The proposal allows the issuance of a certificate for all COVID-19 vaccines, which have received an EU-wide marketing authorisation, however only the results of certain in vitro diagnostic tests will be considered valid.
(more…)
William RM Long
London
wlong@sidley.com
Josefine Sommer
Brussels
jsommer@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Yuliya Gevrenova
All Buttoned Up: The California AG Proposes Additional CCPA Regulations
On December 10, 2020, the California Attorney General (“AG”) proposed additional edits to the CCPA Regulations. These changes both build upon the updates that were proposed on October 12, 2020, and add some new content. All of the newly proposed changes relate to the right to opt-out of the sale of personal information.
(more…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Lauren Kitces
Washington, D.C.
lkitces@sidley.com
Swiss Data Protection Authority Concludes Swiss-US Privacy Shield No Longer Valid for Swiss-US Transfers
Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (“Schrems II”), the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) concluded in a position paper published on 8 September that the Swiss-US Privacy Shield no longer provides a valid mechanism for the transfer of personal data from Switzerland to the US.
(more…)
William RM Long
London
wlong@sidley.com
Sabrine Schnyder
Francesca Blythe
London
fblythe@sidley.com
Upcoming Events
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Robert D. Keeling
rkeeling@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Glenn G. Nash
gnash@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com