Author Archives: Michael Young

Michael Young
Michael Young’s practice focuses primarily on data privacy and security as a member of the firm’s Technology, Privacy & IP Transactions Group.  Read More

FTC Announces First Privacy Shield Enforcement Actions

Written by
The Federal Trade Commission recently announced that it had settled charges against three companies alleged to have falsely claimed participation in Privacy Shield. Privacy Shield supports EU – U.S. transfers of personal data by helping U.S. companies demonstrate compliance with European Union data transfer rules. Companies participating in the program commit to meet specific program requirements designed to protect and limit use of personal data. These requirements include notice, choice, controls on onward transfers of data, independent recourse, and data security. Privacy Shield also requires [...] Read more

FTC Updates Data Security Guidance for Businesses

Written by
In June, the Federal Trade Commission released a new guide for businesses on implementing sound data security protections and procedures. In “Protecting Personal Information: A Guide For Business,” the FTC offers “10 practical lessons” based on the numerous enforcement actions brought by the FTC. The guide offers insight into the thinking of this key federal regulator. Key points from the guide: “Start with Security.” Build information security considerations into business processes so that they are part of “the decisionmaking in every department of your business.” The FTC [...] Read more

AG Empowers EU Privacy Suits with Redress Act Designations

Written by
Earlier this week, the U.S. Attorney General designated 26 countries and the European Union as “covered countr[ies]” under the Judicial Redress Act. The Attorney General has simultaneously designated 13 “Federal agenc[ies] or component[s]” under the Act. These designations enable citizens of the “covered countr[ies]” to sue and seek remedies in U.S. court if one of the designated “Federal agenc[ies] or component[s]” violates the Privacy Act of 1974. The Privacy Act protects against intentional or willful unlawful disclosure of covered records containing personal information and [...] Read more

Swiss-U.S. Privacy Shield Finalized

Written by
On January 11, U.S. and Swiss authorities announced final agreement on the Swiss-U.S. Privacy Shield Framework. The Framework defines standards for handling personal data exported from Switzerland to the U.S. and enables U.S. companies to meet Swiss legal requirements to protect personal data transferred from Switzerland. The Framework is a successor to the former Swiss-U.S. Safe Harbor framework, which was declared invalid by the Swiss data protection commissioner following the invalidation of Safe Harbor by the European Court of Justice.   U.S. companies may participate in the Framework [...] Read more

Alston & Bird Issues Advisory on Six Myths of Breach Response

Written by
Alston & Bird recently issued an Advisory entitled “Six Myths of Breach Response,” authored by Jim Harvey. As data breaches are on the rise, so are the challenges that businesses face in handling these security incidents. This Advisory identifies six strategic pitfalls to avoid when responding to breaches. The Advisory addresses the true significance of public notification, common mistakes in preserving attorney-client privilege, and tough choices regarding the selection of public relation, investigative, and legal counsel. Jim Harvey co-chairs Alston & Bird’s Cybersecurity Preparedness [...] Read more

Turkey’s New Data Protection Law

Written by and
Turkey’s new “Law on the Protection of Personal Data” has entered into effect following passage by the Turkish Parliament in late March and official publication last week.  The Data Protection Law adopts a broadly European model for data protection and helps clarify key aspects of the regulation of personal data under Turkish law. This blog post examines the law and highlights certain important provisions. Scope The Data Protection Law applies to the “personal data” of natural persons where that personal data is processed “wholly or partly by automatic means,” and to non-automatic [...] Read more

CFPB Brings First Enforcement Action on Data Security

Written by
On March 2, the federal Consumer Financial Protection Bureau (CFPB) for the first time brought an enforcement action related to data security. The CFPB consent order imposes a $100,000 fine and five years of regulatory oversight for online payments provider Dwolla. The action sends a clear message that the CFPB intends to actively regulate the data security representations of consumer finance service providers. The CFP Act, passed in 2010 as part of the Dodd-Frank Act, grants the CFPB authority to take action to prevent “a covered person or service provider from committing or engaging in an [...] Read more

Judicial Redress Act Enacted

Written by
Yesterday evening, President Obama signed the Judicial Redress Act (“the Act”) into law. The Act extends the 1974 “Privacy Act” and provides qualifying non-U.S. individuals with limited rights to review, copy, and request amendments to records about themselves maintained by federal government agencies. We previously examined a draft of the bill on this blog here. As previously explained, the Act only extends Privacy Act protections to citizens of “covered countries” which have “effectively shared” information with the U.S. for law enforcement purposes. The Act signed by President [...] Read more

Managing the E.U. Data Transfer Landscape

Written by
On January 28, Alston & Bird presented “Practical and Strategic Considerations in Today’s EU Data Transfer Landscape.” The panel addressed new laws and breaking events in European Union data privacy. The panel reviewed the status of talks around a revised “Safe Harbor 2.0” following the invalidation of Safe Harbor last October. The panel offered strategic next steps for dealing with data transfers whether or not U.S. and E.U. officials agree to a revised Safe Harbor framework. (At the time of this post, it appears that a revised Safe Harbor 2.0 framework has been agreed.) Other [...] Read more

Revised Safe Harbor Agreed: Introducing the New “EU-U.S. Privacy Shield”

Written by
European Commission and U.S. officials today announced reaching a “political agreement” on a new Safe Harbor framework. The new framework will be called the “EU-U.S. Privacy Shield.” In a press conference and a press release today, European officials highlighted the following points about the new framework: Limitations on surveillance: Commission officials report that the U.S. has provided “written assurances” that “the access of public authorities for law enforcement and national security will be subject to clear limitations, safeguards and oversight mechanisms.” Annual [...] Read more