EU-US Data Protection “Umbrella Agreement” Finalised

A new EU-US data protection “Umbrella Agreement” has been finalized which once in force will implement a high-level data protection framework to cover the transfer of personal data from the EU to US authorities for the purposes of law enforcement.  Although this new agreement relates only to the transfer of information for law enforcement purposes, those issues have been particularly sensitive post-Snowden.  Accordingly, the finalization of this agreement may alleviate a particular point of contention and suggest that the overall discussions on the EU-US Safe Harbor are more likely to result in the continuation of that broader agreement.

Read More

EmailShare

SEC’s OCIE Cybersecurity Risk Alert Announces Cybersecurity Examination Initiative

On September 15, 2015, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert announcing a new Cybersecurity Examination Initiative. The Alert provides the agency’s areas of focus for its next round of cybersecurity examinations of broker-dealers and investment advisers.

Read More

EmailShare

PLI Issues Cybersecurity Treatise

The Practising Legal Institute has published “Cybersecurity: A Practical Guide to the Law of Cyber Risk,”  a treatise edited by Ed McNicholas and Vivek Mohan of Sidley Austin LLP.   This “Sidley on Cybersecurity” treatise sets out in a clear and readable manner the complex legal framework for cybersecurity in the United States.  We hope that it will be a practical legal guide for in-house attorneys, IT leaders, senior executives, and corporate directors concerned about cybersecurity risk.

Read More

EmailShare

Financial Regulators Continue Focus on Cybersecurity; CFTC joins the Chorus

Cybersecurity attacks have increasingly garnered significant attention this summer—and financial regulators are taking notice and taking action. Earlier in August, the Securities and Exchange Commission (“SEC”) announced the indictment of nine players in a major hacking ring. The ring was designed to obtain corporate announcements prior to their public release, to give purchasers of the illegally obtained information an edge in securities trading. The attack combined old-school securities fraud with new-school cybercrime, and served as a reminder of financial markets’ potential vulnerabilities from the ingenuity of cybercriminals.

Read More

EmailShare

Update on Impending Russian Data Localization Law

Despite having previously stated it would not issue further clarifications, in August 2015, the Russian Ministry of Communications and Mass Media (Minkomsvyaz) issued a further statement regarding the data localization law.  The Ministry of Communications is empowered to supervise the data protection authority (Roskomnadzor) and to provide interpretations of laws that fall within their purview (including the data localization law).  The Minkomsvyaz statement reiterated that the law does not have retroactive effect – personal data of Russians collected prior to September 1, 2015 may reside in foreign jurisdiction so long as they are not updated or changed, at which point they would be subject to the localization requirement.  The clarification further noted that data localization requirement would not apply to entities that are not resident in Russia.  This statement is notable for being issued in writing, and providing companies with a statement of standards and expectations that may be cited by companies should issues arise.

See previous coverage in Data Matters July 21, 2015 Post: Impending Russian Data Localization Law

Sidley does not practice law in Russia, so the information here is based on our understandings from public sources and discussions with local counsel. This article should not be construed as advice about Russian law.

EmailShare

Third Circuit Affirms FTC Authority to Regulate Cybersecurity

On Monday, the U.S. Court of Appeals for the Third Circuit issued its much-anticipated decision in Federal Trade Commission v. Wyndham Worldwide Corp., No. 14-3514 (3d Cir. Aug. 24, 2015), holding that the Federal Trade Commission has the authority to bring an action under Section 5 of the FTC Act for allegedly “unfair” cybersecurity practices.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator