The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Safe Harbor

  • From Vol. 2 No.25 (Dec. 14, 2016)

    Navigating Data Privacy Laws in Cross-Border Investigations

    Conducting a cross-border investigation or performing global due diligence each has its own set of unique challenges, which only become more formidable when coupled with a government inquiry. In the E.U. in particular, issues range from confusing and often conflicting privacy laws, to language and cultural barriers, to custodian access and local coordination. According to more than half of those who responded to a recent BDO survey, disparate data privacy laws are the biggest challenge to managing cross-border e-discovery. In a guest article, Deena Coffman and Nina Gross, managing directors at BDO, provide insight on the data privacy landscape in the E.U. and how to comply with competing demands during a cross-border investigation. See also “Foreign Attorneys Share Insight on Data Privacy and Privilege in Multinational Investigations” (May 25, 2016).

    Read Full Article …
  • From Vol. 2 No.22 (Nov. 2, 2016)

    Navigating the Early Months of Privacy Shield Certification Amidst Uncertainty

    Over two hundred companies have become Privacy Shield-certified and hundreds more have begun the process. Others are taking their time and weighing their options, particularly because a challenge to the Privacy Shield has already been filed in Europe. “This is a serious privacy program . . . that we intend to have implemented and administered in a way that maintains the confidence of data protection authorities and stakeholders in Europe,” Ted Dean, Assistant Secretary for Services at the Department of Commerce said. During a recent webinar hosted by Data Guidance, Dean and attorneys at Sidley Austin discussed how to approach the self-certification process and whether this mechanism for transatlantic data transfer is the right choice for all companies. For more on the Privacy Shield’s specific requirements, see “Key Requirements of the Newly Approved Privacy Shield” (Jul. 20, 2016).

    Read Full Article …
  • From Vol. 2 No.8 (Apr. 13, 2016)

    Ten Steps to Minimize Data Privacy and Security Risk and Maximize Compliance

    Increasingly, general counsel, privacy officers and even CEOs are taking on more and more data privacy and security compliance burdens because of the significant legal implications of not just breaches, but failure to comply with a range of privacy and cybersecurity regulations. That applies to international transfers of data as well. In a guest article, Aaron Charfoos, Jonathan Feld and Stephen Tupper, members of Dykema, discuss recent global developments and ten ways companies can ensure compliance with new regulations to increase data security and minimize the risk of enforcement actions. See also “Liability Lessons From Data Breach Enforcement Actions” (Nov. 11, 2015).

    Read Full Article …
  • From Vol. 2 No.4 (Feb. 17, 2016)

    Deal Struck to Maintain the Transatlantic Data Flow 

    Two days after the expiration of a deadline set by Europe’s data protection authorities, and after months of negotiations, the European Commission and U.S. Department of Commerce reached an understanding that intends to allow transatlantic transfer of digital data by thousands of companies to continue. With data flows impacting billions of dollars in bilateral trade at stake, the so-called “privacy shield” agreement “makes existing cooperation between the FTC and E.U. DPAs [data protection authorities] more robust, with better enforcement mechanisms and means of redress for E.U. citizens whose privacy rights may have been infringed by E.U.-U.S. cross border transfers,” Davina Garrod, a London-based Akin Gump partner told The Cybersecurity Law Report. However, she added that “the shield is by no means a panacea, and does not fix all of the problems identified by the [E.U. Court of Justice] in the Schrems judgment” that invalidated the previous safe harbor data transfer pact. We discuss the agreement, the important steps that remain before the privacy shield can be finalized, and the immediate impact on companies. See also “Dangerous Harbor: Analyzing the European Court of Justice Ruling” (Oct. 14, 2015).

    Read Full Article …
  • From Vol. 2 No.3 (Feb. 3, 2016)

    Safe Harbor 2.0 Agreement Reached

    The European Commission has announced a new agreement with the U.S. for the transfer of data to replace the invalidated Safe Harbor pact. “For the first time ever, the United States has given the E.U. binding assurances that the access of public authorities for national security purposes will be subject to clear limitations, safeguards, and oversight mechanisms,” E.U. Commissioner for Justice Věra Jourová said in a press release. We share an article from our sister publication, Policy and Regulatory Report (PaRR).

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 6, 2016)

    FTC Director Analyzes Its Most Significant 2015 Cyber Cases and Provides a Sneak Peek Into 2016

    The FTC’s Bureau of Consumer Protection was hard at work in 2015, reaching settlements with a wide range of companies on a variety of privacy and data security issues.  During the recent IAPP Practical Privacy Series 2015, Jessica Rich, Director of the Bureau of Consumer Protection and an architect of the FTC’s privacy program, reflected on the agency’s major enforcement actions, reports and relationships in 2015 and what businesses should expect in the coming year.  See also “The FTC Asserts Its Jurisdiction and Provides Ten Steps to Enhance Cybersecurity” (Jul. 15, 2015).

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 6, 2016)

    Keeping Up with Technology and Regulatory Changes in Online Advertising to Mitigate Risks

    The advertising and marketing industries are continually transforming the ways they reach and track consumers.  These changes bring with them a moving target of privacy challenges as companies try to ensure security of the data they collect as well as legal and regulatory compliance.  At a recent PLI program, Joseph J. Lewczak, a Davis & Gilbert partner, and Matthew Haies, general counsel at global digital media platform Xaxis, analyzed the current state of consumer data collection and privacy issues in a discussion of technological, regulatory and legal developments.  See also “The Tension Between Interest-Based Advertising and Data Privacy” (Sep. 16, 2015).

    Read Full Article …
  • From Vol. 1 No.14 (Oct. 14, 2015)

    Dangerous Harbor: Analyzing the European Court of Justice Ruling

    An Austrian graduate student’s lawsuit against Facebook has resulted in the invalidation of a 15-year old data privacy treaty relied upon by thousands of multi-national companies.  On October 6, 2015, the Court of Justice of the European Union (ECJ), the highest court in the E.U., held that the Safe Harbor framework that allowed companies to transfer personal data from the E.U. to the U.S., including data for cross-border investigations and discovery, is invalid.  The ECJ found that the U.S. does not ensure adequate protection for personal data, primarily because of the access rights that the ECJ said U.S. agencies have.  Although the ruling is immediate, the “sky is not falling,” said Harriet Pearson, a partner at Hogan Lovells.  On October 16, 2015, a group of E.U. member state privacy regulators, the Article 29 Working Party, called for renewed negotiations on a treaty and recommended interim actions for companies.  There will need to be a “transition to a more complex and perhaps a more work-intensive compliance strategy than Safe Harbor had previously afforded companies,” Pearson said.  See also “ECJ Hearing on Safe Harbor Challenges How U.S. Companies Handle European Data,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 1 No.11 (Aug. 26, 2015)

    Seeking Solutions to Cross-Border Data Realities

    Transnational companies face complex challenges arising from their operations across jurisdictions, ranging from payroll logistics to responding to foreign governments’ evidentiary requests for digital data stored throughout the world.  In this interview with The Cybersecurity Law Report, Bryan Cunningham, a partner at Cunningham Levy, and Paul Rosenzweig, a partner at Red Branch Consulting, both senior advisors to The Chertoff Group, discuss myriad issues in transferring digital data across nations that have different privacy regimes, potential solutions, and their take on pending cases that could change how companies handle data.  See also “ECJ Hearing on Safe Harbor Challenges How U.S. Companies Handle European Data,” The Cybersecurity Law Report, Vol. 1, No. 1 (Apr. 8, 2015).

    Read Full Article …
  • From Vol. 1 No.1 (Apr. 8, 2015)

    ECJ Hearing on Safe Harbor Challenges How U.S. Companies Handle European Data

    Can U.S. companies continue to rely on the Safe Harbor program that permits them to transmit and store data originating in the EU despite the EU’s stricter privacy laws?  The European Court of Justice is now considering how and where U.S. companies are permitted to handle EU data.  The court heard arguments in Luxembourg on March 24, 2015 related to Austrian Facebook user Maximilian Schrems’ challenge to the 15 year-old Safe Harbor structure.  Clara Rosales Rosado of Policy and Regulatory Report (PaRR), a sister publication of The Cybersecurity Law Report, talked to Schrems about the case and his strategy and reported on the hearing.

    Read Full Article …