On April 17th, the U.S. Supreme Court dismissed the highly anticipated U.S. v. Microsoft, ruling that recently enacted legislation rendered the case moot. Microsoft Corp. had been in litigation with the U.S. Department of Justice (DOJ) for several years over the issue of whether Microsoft must comply with a U.S. search warrant for access to … Continue Reading
The deadline to comply with the GDPR’s complex and far ranging requirements is rapidly approaching. As your organization races to implement its compliance program before the May 25, 2018 effective date, questions and concerns are likely to arise. While there is no shortage of online guidance on the GDPR, finding answers to your specific questions … Continue Reading
The implementation of the European Union’s General Data Protection Regulation (GDPR), with an effective date of May 25, 2018, is just around the corner, and with it will come pressure on the human resources (HR) department to update its approach to handling employee data. The GDPR significantly enhances employee rights in respect to control over … Continue Reading
The European Union’s General Data Protection Regulation (GDPR) is fast approaching and U.S. organizations that control or process personal data of EU residents are likely subject to these new data protection requirements. Now is the time for U.S. employers to determine whether they are covered by the GDPR (see our blog post, Does the GDPR Apply to … Continue Reading
U.S. Customs searches have become increasingly invasive over the years. Pursuant to Department of Homeland Security (DHS) policy, U.S. Customs and Border Protection (CBP) operates under the “broad search exception”, which allows searches and seizures at international borders or an equivalent (e.g. international airports) without probable cause or a warrant. CBP’s searches are deemed “reasonable” … Continue Reading
The United Kingdom High Court recently issued a landmark liability judgment against the supermarket, Morrisons, following a data breach caused by a rogue employee (Various Claimants v. WM Morrisons Supermarket [2017] EWHC3113 (QB]). Similar results have been reached in the U.S., but this is the first time the UK Court has addressed the issue of whether … Continue Reading
With the continuing parade of high profile data security breaches, the concern U.S. organizations have about the security of their systems and data has been steadily growing. And rightly so. Almost every organization processes (collects, uses, stores, or transmits) individually identifiable data. Much of this data is personal data, including employee data, which brings heightened … Continue Reading
If you’ve been following the headlines, you know that a day doesn’t pass without a reference to the “GDPR”. On May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) will take effect, marking the most significant change to European data privacy and security in over 20 years. Most multinational companies, and of … Continue Reading
The European Commission recently issued an overall positive review in its first annual report on the E.U. – U.S. Privacy Shield (“Privacy Shield”), after evaluating the Privacy Shield in its joint review with the US last month. The Privacy Shield took effect in August 2016 replacing the EU – US Safeharbor that was invalidated by … Continue Reading
We are proud to once again announce that the Workplace Privacy Report has been nominated for The Expert Institute’s Best Legal Blog Competition. From a field of thousands of nominees, the Workplace Privacy Report has received enough nominations to join one of the largest competitions for legal blog writing online today. If you enjoy the Workplace … Continue Reading
As you likely know by now, international cybercriminals launched a worldwide ransomware attack last Friday with the European law enforcement agency Europol reporting over 100,000 affected organizations in 150 countries, including the U.S. Reports indicate that health care providers, universities, and other large companies were all targeted. The Department of Health and Human Services also … Continue Reading
In honor of Data Privacy Day, we provide the following “Top 10 for 2017.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2017. 1. Phishing Attacks and Ransomware – Phishing, as the name implies, is the attempt, usually via email, to obtain sensitive or personal … Continue Reading
In a decision that could have significant impact for online companies that have European operations, the European Union’s (EU) top court ruled that Internet Protocol addresses (IP addresses) could, under certain circumstances, constitute protected data under EU data protection law (Breyer v. Bundesrepublik Deutschland, E.C.J., No. C-582/14, 10/19/16). As most of us know, the IP … Continue Reading
Last month, the European Union and U.S. officials announced final approval of the EU-U.S. Privacy Shield (Privacy Shield), replacing the Safe Harbor which was invalidated by the Court of Justice of the European Union in October 2015. Like it predecessor, the Privacy Shield will allow organizations based in the United States to self-certify compliance with the Privacy … Continue Reading
Earlier today the European Union and U.S. officials announced the final approval of the EU-U.S. Privacy Shield data transfer agreement (“the Privacy Shield”). Beginning August 1, 2016, organizations based in the U.S. will be able to self-certify their compliance with the Privacy Shield. The Privacy Shield is meant to replace the EU-U.S. Safe Harbour agreement … Continue Reading
According to reports, the European Union and the United States have agreed on changes to the EU-U.S. Privacy Shield (Privacy Shield) which will be sent to the EU member states and the college of the 28 EU commissioners ultimately paving the way for final approval early next month. “We have agreed on the changes and will … Continue Reading
Earlier today, the European Parliament passed a non-legislative resolution saying the EU Commission should go back to negotiating with the United States to remedy “deficiencies” in the proposed EU-U.S. Privacy Shield for EU citizens’ data which is transferred to the US for commercial purposes. The resolution, which passed by a vote of 501-119, with 31 … Continue Reading
Earlier today, the European Commission (the Commission) issued a draft “adequacy decision” as well as the texts that will constitute the EU-U.S. Privacy Shield (the Privacy Shield). This includes the Privacy Shield Principles companies have to abide by, as well as written commitments by the U.S. Government on the enforcement of the arrangement, including assurance … Continue Reading
As we previously reported, the EU and U.S. reached agreement last week on the EU-U.S. Privacy Shield to replace the invalidated EU-U.S. Safe Harbor Program for transatlantic data transfers. While the announcement of the Privacy Shield is a relief to the thousands of companies who relied on the Safe Harbor Program, details remain unclear. What … Continue Reading
Compliance and privacy officials all over the U.S. just let out a breath they had been holding since last October when the European Court of Justice invalidated the US/EU Safe Harbor Program. BNA is reporting that negotiators just reached an agreement on a new data transfer framework between the U.S. and the European Union. Details … Continue Reading
UPDATE: Although we previously reported that a possible Safe Harbor resolution may be imminent, Bloomberg BNA is now reporting that a European Commission official has told them there may be no deal today to replace the U.S.-EU Safe Harbor Program. According to BNA, when European Commissioner for Justice, Consumers and Gender Equality Justice Vera Jourova goes … Continue Reading
On December 17, 2015, following four years of sometimes acrimonious debate, the EU Parliament and Council of the European Union informally agreed on the final draft of the General Data Protection Regulation (“GDPR”). The GDPR will replace what privacy experts refer to simply as “95/48” –or the 1995 law known as EU Data Protection Directive— … Continue Reading
As most readers are aware, the Court of Justice of the European Union (CJEU) rule in Schrems v. Data Protection Commissioner (Case C-362/14) on October 6, 2015, the voluntary Safe Harbor Program did not provide adequate protection to the personal data of EU citizens. Post Schrems U.S. companies have been unclear what to do to … Continue Reading
Data is rarely still. It is captured, processed and moved around the world at speeds we wouldn’t have dreamed possible 20 years ago. Data often disrespects borders. By way of example, companies often mistakenly store personal data in the cloud to be accessed by multiple international locations, without considering the legal rights of the data … Continue Reading
