RSS Print Email


Data Protection Commissioners Adopt Resolution on International Cooperation

On October 14, the International Data Protection and Privacy Commissioners’ (“IDPPC”) conference adopted a resolution calling for increased enforcement cooperation among international data protection authorities. Data protection authorities from around the world participated in the IDPCC conference, including representatives from Europe, Asia, the United States (including the Federal Trade Commission), and South America.

Read More

WP29 Announces a Common “Tool-Box” Approach to Handling of Complaints under the Right to be Forgotten

September 18, 2014 | Posted by Maki DePalo | Topic(s): European Union (EU), International, Privacy, Data Protection

On September 18, 2014, the Article 29 Working Party (the “WP29”) issued a press release, announcing that the European data protection authorities agreed on a common “tool-box” approach to handling complaints lodged due to search engines’ refusal to remove complainant’s entries from their search results.

Read More

CDD Urges FTC to Investigate 30 Companies for Alleged Safe Harbor Violations

The Center for Digital Democracy (“CDD”), a private consumer privacy advocate, recently filed a complaint and “request for investigation” before the Federal Trade Commission (“FTC”) accusing 30 U.S. companies of violating provisions of the Safe Harbor framework. The 118-page complaint, filed August 14th, urges the FTC to take legal action against the companies, including Adobe Systems, AOL, and Salesforce.

Read More

International Collaboration Disrupts GameOver Zeus and CryptoLocker

On June 2, 2014, in collaboration with the European Cybercrime Centre at Europolthe Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) announced a multi-national effort to disrupt the GameOver Zeus botnet, an extremely sophisticated type of malware designed to steal banking and other credentials from infected computers. The DOJ and the FBI also announced that command and control servers central to CryptoLocker, a form of “ransomware” that encrypts and locks the files on victims’ computers and demands a fee in return for unlocking those files, had been seized.

Read More

David Keating Quoted by The Associated Press

May 27, 2014 | Posted by Privacy & Data Security Team | Topic(s): Online Privacy, International, Data Protection, Regulatory Enforcement , Tracking

David Keatingpartner in the firm’s Technology and Privacy Group and co-leader of the firm’s Privacy & Data Security practice, was quoted in an article by The Associated Press titled “Europe’s Move to Rein in Google Would Stall in U.S.”

The article discusses a recent European Court of Justice ruling that some read to establish a “right to be forgotten” on the Internet. “There will be serious technological challenges,” Keating said. "It seems aspirational, not a reality, to comply with such a standard," he said. "The reengineering necessary to implement the right to be forgotten is significant."

To read the complete article, please click here.

Written by the Privacy & Data Security Team | Alston & Bird LLP

Kim Peretti Interviewed in FierceGovernmentIT Q&A Session

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team and former senior litigator for DOJ’s Computer Crime and Intellectual Property Section, was interviewed in a Q&A session with FierceGovernmentIT titled “China Cyber Espionage Charges Provide 'Missing Part of the Puzzle.'"


Peretti discussed the significance of the indictment against the individuals in China's People's Liberation Army for stealing trade secrets from American companies, and touched on the fact that the United States has shown its ability to form a case against state-sponsored acts of cybercrime through this indictment.


“From my experience in the Justice Department in bringing sort of benchmark investigations or prosecutions, the first time is often the hardest—working through any number of hurdles and gathering the evidence,” Peretti said. “I would hope that we might see more indictments modeled after this one if the evidence develops, since now we have a first of its kind that's been brought.”

To read the complete Q&A session, please click here.


Written by Security Incident Management & Response Team | Alston & Bird LLP

WATCH: Kim Peretti Interviewed by WSJ Live, “Five Chinese Military Accused of Hacking U.S. Firms”

May 19, 2014 | Posted by Security Incident Management & Response Team | Topic(s): International, Data Breach, Cybercrime, Cross-border, Department of Justice (DOJ)

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was interviewed by Wall Street Journal Live on the impact of the U.S. Department of Justice announcing charges against five Chinese military workers, accusing them of hacking several U.S. companies for trade secrets. Attorney General Eric Holder announced Monday, May 19 this first-of-its-kind criminal case alleging economic espionage against a foreign government official.

Peretti, a former senior litigator for the Justice Department's Computer Crime and Intellectual Property Section, believes this is a significant event and sends the message that the government is willing to pursue nation-state actors and indict them criminally for their cyber espionage activities.

Visit WSJ Live to watch Peretti’s interview.


Written by Security Incident Management & Response Team | Alston & Bird LLP

American Apparel Settles FTC Charge on Falsely Claiming Compliance with Safe Harbor Privacy Framework

On May 9, 2014, the Federal Trade Commission (the “FTC”) announced that American Apparel, Inc. (“American Apparel”) agreed to settle FTC charges that American Apparel falsely claimed it was compliant with the U.S.-European Union Safe Harbor (the “US-EU Safe Harbor Framework”).

The FTC’s complaint alleged that American Apparel, a clothing manufacturer and retailer with more than 200 stores worldwide, falsely represented that it was a “current” participant in the US-EU Safe Harbor Framework on its website when it was not a “current” participant from June 2013 until December 2013 as it had allowed its certification to lapse during that time.

Read More

U.S. Court Requires Microsoft to Produce Data Stored in Ireland Pursuant to SCA Search Warrant

On April 25, a federal magistrate judge ruled that Microsoft must disclose to U.S. federal investigators the contents of a customer’s email account stored outside of the United States. Microsoft had previously complied with portions of a search warrant seeking certain other information related to the targeted email account, but the company moved to quash the warrant with respect to the production of customer emails stored in Dublin, Ireland. In a 26-page memorandum and order, Judge James C. Francis IV (Southern District of New York) rejected Microsoft’s arguments and held that the enforcement of the warrant with respect to the Irish emails was not an improper application of U.S. law outside of American territory.

Read More

Mobile Apps in the Spotlight during Upcoming GPEN International Privacy Sweep

On May 6, the Office of the Privacy Commissioner of Canada (the “Commissioner”) announced mobile apps as the Global Privacy Enforcement Network’s (“GPEN’s”) focus area during the upcoming International Privacy Sweep (the “Sweep”). The Sweep will be held from May 12 to 18, 2014, involving 27 privacy enforcement authorities from around the world. The news release describes that this year’s Sweep will aim at “shedding light on the collection and use of personal information on mobile apps.”

Read More

Kim Peretti to Speak at Georgetown Law’s Cybersecurity Law Institute

April 7, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Events, Legislation, International, Security Breach, Data Security, Cybersecurity, Regulation

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, will be a featured speaker during the second annual Cybersecurity Law Institute sponsored by the Georgetown University Law Center. Cybersecurity continues to stay in the news in 2014 as the White House calls for a "Consumer Privacy Bill of Rights" for the digital age. What does this mean for your company or organization? The following topics will be covered during the May 21-22 program in Washington, D.C: 

--Learn how an effective Enterprise Security Program drastically reduces cyber risks within your organization. 
--Debate the value of insurance in the cyber context; learn about coverages and what risk mitigation strategies may lower premium costs. 
--Participate in simulations that animate the complexity and speed of data breach response, including from a global perspective. 
--Hear from top general counsel regarding the evolving role of legal counsel and their relationship with the board of directors. 
--Discover how the brand-new NIST Framework may potentially impact you even if you are not in a critical infrastructure sector.

For more information and to register, please click here.

Posted by Security Incident Management & Response Team | Alston & Bird LLP

Alston & Bird and Kroll Hosting Webinar: Global Breach Investigations in a Post Snowden World – New Standards, New Challenges

March 25, 2014 | Posted by Privacy & Data Security team | Topic(s): Events, International, Data Security, Cybersecurity, Privacy, Data Breach, Cybercrime

Jim Harvey, partner and co-chair of the firm’s Privacy & Data Security team and the Security Incident Management and Response Team, will moderate a panel discussion during this April 2 webinar. The featured speakers are Kim Peretti, Partner and co-chair of the firm’s Security Incident Management & Response Team, E.J. Hilbert, Managing Director and Head of Cyber Investigations with Kroll, and Andrew Tannenbaum, Cybersecurity Counsel with IBM.

Cybersecurity incidents increasingly affect servers, employees, customers and business operations throughout the world, impacting both the investigatory process and the legal and regulatory landscape. The evolving global breach notification standards require constant monitoring and skillful navigation through a variety of regulatory schemes. Global investigations also present logistical, technical, and forensic challenges as sophisticated malware compromises systems without regards to geographical boundaries. This webinar brings together a panel of experts to provide an overview of the global legal landscape for data breach notification, highlight legal and technical considerations in conducting a global investigation, and offer practical tips for addressing the logistical complexities inherent in such investigations.

Wednesday, April 2
10:00 a.m. to 11:30 a.m. (ET)

For more information and to register, please click here.

Posted by Privacy and Data Security team | Alston & Bird LLP

Jim Harvey Speaking at the 2014 IAPP Global Privacy Summit

Jim Harvey, co-chair of the firm’s Privacy & Data Security practice and the Security Incident Management and Response Team, will participate as a presenter at the 2014 IAPP Global Privacy Summit, March 5-7. The IAPP Summit, one of the largest in the world, hosts privacy and security professionals to focus on a range of privacy-related topics.

Read More

Investigating International Data Breaches In a Post-Snowden World – Addressing Legal Considerations and Logistical Challenges

February 28, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Advisories, International, Data Security, Cybersecurity, Data Breach, Cybercrime

Partner Kim Peretti and Senior Associate Kelley Barnaby of Alston and Bird’s Privacy and Data Security Team and Litigation and Trial Practice group have authored a Cyber Alert, “International Data Breach Investigations in a Post-Snowden World – Evolving Legal Obligations and Investigatory Challenges,” with E.J. Hilbert of Kroll. In this article Peretti and Barnaby discuss the evolving international obligations regarding notification of data breaches, including what types of information may trigger notification and who must be notified. The article also discusses notable future notification obligations. The article provides practical tips for preparing for and conducting an international data breach investigation. 

The full Cyber Alert is available here. 

Posted by Security Incident Management & Response Team  | Alston & Bird LLP

FTC Settles With Children’s Entertainment Company Over Safe Harbor Lapse

February 11, 2014 – The FTC today announced a proposed settlement with Inc., a children’s online entertainment company that allegedly misrepresented its adherence to the U.S.-European Union Safe Harbor Framework (the “Framework”).

Read More