Privacy & Cybersecurity

This week, the Federal government took the first steps toward implementation of the The Cybersecurity Information Sharing Act (CISA), enacted into law last December. 

The amended Judicial Redress Act has passed the House and is on its way to the president to be signed into law.  

The US Senate passed the amended version of the Judicial Redress Act on February 9. The amendments, which tie the Umbrella Agreement to Safe Harbor 2.0 (now dubbed the US-EU "Privacy Shield"), now go back to the House for approval.

As we’ve discussed previously, the GDPR significantly limits user consent as a basis for processing personal data. One interesting question is whether the new rules on consent will kill free apps in Europe. 

Recent enforcement actions by the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) have highlighted that, not surprisingly, covered Entities should not leave medical records in a physician’s driveway and should not dispose of protected health information (“PHI”) in a dumpster from an action against a home health care provider announced yesterday, we can now add to that list the fact that PHI should not be stored under an employee’s bed or in a kitchen drawer.

The European Commission has issued a press release that gives an outline of some key changes to the EU-US safe harbor, now dubbed the "Privacy Shield."

No news is not good news this time. The January 31 deadline for getting a new Safe Harbor Agreement in place came and went last weekend.  

According to press reports, European Union and U.S. negotiators in Brussels finalized what is being called a "political agreement" on a new Safe Harbor transatlantic data transfer agreement. European Union justice commissioner Vera Jourová will present the agreement to the European Commission's 28 commissioners today.

If you would like to learn more about the politics and law behind the current Safe Harbor 2.0 negotiations, download the podcast of Running Aground in the Surveillance Safe Harbor, a teleforum hosted by the Federalist Society.  

One of the fascinating aspects of the privacy-related negotiations between the EU and the US over the past couple of years has been the EU’s efforts to decouple trade (e.g, TTIP) and security-related negotiations from the Safe Harbor 2.0 negotiations.

There’s no doubt businesses in the EU and US would breathe a sigh of relief if a new Safe Harbor agreement is put in place between before European data protection authorities start prosecuting companies for potentially illegal personal data transfers to the US. 

We may only be three weeks into 2016, but the Telephone Consumer Protection Act (“TCPA”) has already received a considerable amount of attention this year.

The European Court of Human Rights recently ruled in Bărbulescu v. Romania (Application no. 61496/08) that a Romanian employer did not violate its employee’s fundamental right of privacy when the employer accessed personal messages in the employee’s Yahoo! Messenger account.

“Wetware” – coder slang for biological life forms (i.e., people) – is the weak link in most companies’ data security protections, according to a new data security report issued by the Association of Corporate Counsel (ACC). 

The 2016 lists are starting to be released by regulatory agencies in the United States, giving a heads' up to covered entities as to what compliance issues will take front and center this year.  Once again, the Office of Compliance Inspection (OCIE) of the US Securities & Exchange Commission (SEC) has put cybersecurity on the top of its examination priorities.

A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach.

Just at the end of 2015, the Cybersecurity Information Sharing Act (CISA) was enacted into law as part of the omnibus spending measure passed by Congress and signed by President Obama at right before Christmas. 

The European Union Commission has issued a fact sheet on the new General Data Protection Regulation (final post-trilogue text available via Statewatch).  The Commission claims that the Regulation is good for individuals and good for business.

Don’t forget to join us tomorrow afternoon – Tuesday – at 1 PM ET for a webinar discussion on the New EU General Data Protection Regulation. What's next? What are the key changes? What do you need to do to prepare?

As expected, the EU Parliament's Committee on Civil Liberties, Justice and Home Affairs (also known as LIBE) voted today to adopt the new General Data Protection Regulation.