Jun. 16, 2021

Companies May Need to Revisit Access Policies and Agreements Post-Van Buren

The U.S. Supreme Court has narrowed the applicability of the Computer Fraud and Abuse Act, determining that a police officer with permission to access a law enforcement database did not violate the statute when he obtained information from that database for an improper purpose. This article analyzes the June 3, 2021, decision and offers insight from ZwillGen, Proskauer and Jenner & Block attorneys on the ruling’s implications for companies, including the possible need to revisit access policies and agreements, and find alternative solutions for deterring or penalizing unwanted conduct. See “Evolution and Mitigation of Insider Cyber Threats During COVID-19” (Jul. 29, 2020).

The Impact of Recent Legislative and Litigation Trends on Commercial Use of De-Identified Data

When data is properly de-identified from the individual data subject, that data generally can be shared not only with others who would normally have access to it, but also with unrelated parties for potential commercialization of the data if there is no risk of re-identification. Creating and compiling de-identified data to be monetized, however, poses significant challenges and the process of compiling any database for use in commercialization, such as use in AI, needs to comply with a host of regulations on privacy and data use rights. In a guest article, Sharon Klein, Alex Nisenbaum and Karen Shin, attorneys at Blank Rome, explore the regulatory, commercial and best practice elements necessary to balance the benefits of commercializing data against the risk of harm to the individual supplying that data. See our AI Compliance Playbook series: “Traditional Risk Controls for Cutting-Edge Algorithms” (Apr. 14, 2021); “Seven Questions to Ask Before Regulators or Reporters Do” (Apr. 21, 2021); and “Understanding Algorithm Audits” (Apr. 28, 2021).

Leveraging Policies and Culture: A Recipe for Success

In many compliance programs, there is a tension between focusing on fostering a compliance culture on the one hand and setting forth – and enforcing – rules to guide employee behavior. In a guest article, Anna Romberg, executive vice president of legal, compliance and governance at Getinge, a Swedish life sciences company, and Ann Sultan, a member at Miller & Chevalier, explore the differences between rules-based and culture-based approaches towards ethics and compliance, drawing on their experiences working with U.S. and European companies, and also note differences in the application of ethics and compliance programs depending on geographic orientation. See “How the World’s Most Ethical Companies Are Aligning Corporate Culture and Strategy” (May 15, 2019).

Linklaters Welcomes U.S. Co-Chair of Data Solutions, Cyber and Privacy

Linklaters has added Ieuan Jolly as a partner in New York. He will serve as the co-chair of the U.S. data solutions, cyber and privacy practice, with a focus on technology, media and telecom. For insight from Linklaters, see “AI Compliance Playbook: Adapting the Three Lines Framework for AI Innovations” (Jun. 2, 2021); and “Present and Former SEC Attorneys and Defense Counsel Discuss Cyber Disclosure and Cyber Enforcement” (Nov. 20, 2019).

Baker McKenzie Expands North America Intellectual Property and Technology Practice

Stephen Reynolds has joined Baker McKenzie’s North America intellectual property and technology practice as a partner in the Chicago office, where he will advise businesses on complex cybersecurity and privacy matters. For insight from Baker McKenzie, see our two-part series on the U.S. and U.K.’s first joint e-evidence pact under the CLOUD Act: “Fewer Hurdles, More Clarity and New Questions” (Nov. 20, 2019); and “A Look at the Privacy Protections” (Dec. 4, 2019).