RSS Print Email


Kim Peretti to Speak at Georgetown Law’s Cybersecurity Law Institute

April 7, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Events, Legislation, International, Security Breach, Data Security, Cybersecurity, Regulation

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, will be a featured speaker during the second annual Cybersecurity Law Institute sponsored by the Georgetown University Law Center. Cybersecurity continues to stay in the news in 2014 as the White House calls for a "Consumer Privacy Bill of Rights" for the digital age. What does this mean for your company or organization? The following topics will be covered during the May 21-22 program in Washington, D.C: 

--Learn how an effective Enterprise Security Program drastically reduces cyber risks within your organization. 
--Debate the value of insurance in the cyber context; learn about coverages and what risk mitigation strategies may lower premium costs. 
--Participate in simulations that animate the complexity and speed of data breach response, including from a global perspective. 
--Hear from top general counsel regarding the evolving role of legal counsel and their relationship with the board of directors. 
--Discover how the brand-new NIST Framework may potentially impact you even if you are not in a critical infrastructure sector.

For more information and to register, please click here.

Posted by Security Incident Management & Response Team | Alston & Bird LLP

Alston & Bird and Kroll Hosting Webinar: Global Breach Investigations in a Post Snowden World – New Standards, New Challenges

March 25, 2014 | Posted by Privacy & Data Security team | Topic(s): Events, International, Data Security, Cybersecurity, Privacy, Data Breach, Cybercrime

Jim Harvey, partner and co-chair of the firm’s Privacy & Data Security team and the Security Incident Management and Response Team, will moderate a panel discussion during this April 2 webinar. The featured speakers are Kim Peretti, Partner and co-chair of the firm’s Security Incident Management & Response Team, E.J. Hilbert, Managing Director and Head of Cyber Investigations with Kroll, and Andrew Tannenbaum, Cybersecurity Counsel with IBM.

Cybersecurity incidents increasingly affect servers, employees, customers and business operations throughout the world, impacting both the investigatory process and the legal and regulatory landscape. The evolving global breach notification standards require constant monitoring and skillful navigation through a variety of regulatory schemes. Global investigations also present logistical, technical, and forensic challenges as sophisticated malware compromises systems without regards to geographical boundaries. This webinar brings together a panel of experts to provide an overview of the global legal landscape for data breach notification, highlight legal and technical considerations in conducting a global investigation, and offer practical tips for addressing the logistical complexities inherent in such investigations.

Wednesday, April 2
10:00 a.m. to 11:30 a.m. (ET)

For more information and to register, please click here.

Posted by Privacy and Data Security team | Alston & Bird LLP

Jim Harvey Speaking at the 2014 IAPP Global Privacy Summit

Jim Harvey, co-chair of the firm’s Privacy & Data Security practice and the Security Incident Management and Response Team, will participate as a presenter at the 2014 IAPP Global Privacy Summit, March 5-7. The IAPP Summit, one of the largest in the world, hosts privacy and security professionals to focus on a range of privacy-related topics.

Read More

Investigating International Data Breaches In a Post-Snowden World – Addressing Legal Considerations and Logistical Challenges

February 28, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Advisories, International, Data Security, Cybersecurity, Data Breach, Cybercrime

Partner Kim Peretti and Senior Associate Kelley Barnaby of Alston and Bird’s Privacy and Data Security Team and Litigation and Trial Practice group have authored a Cyber Alert, “International Data Breach Investigations in a Post-Snowden World – Evolving Legal Obligations and Investigatory Challenges,” with E.J. Hilbert of Kroll. In this article Peretti and Barnaby discuss the evolving international obligations regarding notification of data breaches, including what types of information may trigger notification and who must be notified. The article also discusses notable future notification obligations. The article provides practical tips for preparing for and conducting an international data breach investigation. 

The full Cyber Alert is available here. 

Posted by Security Incident Management & Response Team  | Alston & Bird LLP

FTC Settles With Children’s Entertainment Company Over Safe Harbor Lapse

February 11, 2014 – The FTC today announced a proposed settlement with Inc., a children’s online entertainment company that allegedly misrepresented its adherence to the U.S.-European Union Safe Harbor Framework (the “Framework”).

Read More

EU Data Protection Regulation May Be Delayed

February 10, 2014 | Posted by Bruce Sarkisian | Topic(s): European Union (EU), International, Data Protection, Regulation

January 27, 2014 – EU justice commissioner Viviane Reding said in a speech this week to a meeting of justice and home affairs ministers in Athens that the draft General Data Protection Regulation will not be agreed during the EU Parliament’s current term. As a result, the Regulation is unlikely to be voted on until after EU Parliament elections in May. Please click here for an update from Ross McKean, partner at Olswang LLP who leads the firm’s data protection practice. Olswang LLP is a member of the Alston & Bird Global Privacy and Security Network.

Written by Bruce Sarkisian, Associate, Privacy & Data Security | Alston & Bird LLP

New European Data Breach Rules for Telcos and ISPs

On August 25, 2013, a new European Regulation came into effect that changed and expanded upon the breach notification procedures set forth in the E-Privacy Directive (2002/58/EC). The Regulation outlines two independent notification obligations: (1) notification to the relevant national authority within 24 hours after detection of a personal breach where feasible; and (2) notification to affected individuals when the personal data breach is likely to adversely affect the personal data or privacy of a subscriber or individual without undue delay. Notification to subscribers or individuals is not required if the provider has encrypted the data or otherwise rendered it unintelligible. While the E-Privacy Directive and the Regulation applies only to “providers of publicly available telecommunication services,” such as telecommunication companies, ISPs, and email providers, these new requirements have generated and will continue to generate broader interest because of similar language incorporated into the draft General Data Protection Regulation 2012, which applies to all businesses that handle personal data.

Read More

Data Privacy in the Transatlantic Trade Agreement? US-EU Ponder the Way Forward

The United States and the European Union announced in February their intent to launch negotiations this year on a far-reaching trade and investment partnership agreement. Negotiations on the treaty, known as “TTIP”, should commence in June following a Congressional and public consultation period in the United States, and a parallel process in the EU whereby the European Commission will obtain a formal mandate from the 27 EU member states. Differences in data privacy and protection between the US and EU have already arisen as an issue of contention as governments labor to construct a bilateral negotiating agenda.

Senior U.S. officials, including outgoing U.S. Trade Representative Ron Kirk and Deputy National Security Adviser Michael Froman have both commented publicly that rules on cross-border data flows should be up for negotiation in the TTIP, responding to interest from US industry to liberalize data flows not only across the Atlantic Ocean, but also between various EU member state markets.

Read More

Article 29 Working Party Advises App Developers and Others Distributing Mobile Apps On Consent

The European Community’s Article 29 Working Party has just published an opinion on smartphone apps that discusses the obligations of app developers and all other parties involved in the development and distribution of apps under European data protection law. Among the Working Party’s recommendations is that free and informed consent of end users is essential for compliance with such law.

Read More

Singapore Amends Computer Misuse Act to Counter Cybersecurity Threat

On January 14, 2013, Singapore passed an amendment to the Computer Misuse Act (now renamed the Computer Misuse and Cybersecurity Act), which provided the government with additional authorities to prevent, detect and counter cyber attacks on critical infrastructure. Key aspects of this law include the ability of the government to direct a person or organization to take specific steps – including exercising certain powers under the criminal procedure code -- with respect to preventing, detecting, or countering a cyber threat where the threat relates to certain types of critical infrastructure. Such broad authority could encompass directing companies to conduct “pre-emptive” strikes or other measures prior to the onset of an imminent cyber attack. Importantly, the law confers immunity from any civil or criminal liability resulting from fulfilling an obligation under the law, but also provides for criminal penalties for failing to comply.

Read More

Fourth Circuit Keeps Government Investigation Into WikiLeaks Sealed

Last week the United States Court of Appeals for the Fourth Circuit halted an attempt by three individuals involved in the ongoing WikiLeaks investigation to make information about the investigation public. Specifically, the three users sought to unseal the prosecution’s request for a court order requiring Twitter to disclose certain user account information, including the three user’s personal identifying information and account information, as well as all messages they sent and received using the service. The prosecution’s request would have included its reasoning behind why the government suspected the three user’s involvement, and may have included information regarding how the investigation has been operating. The users also moved to unseal any other orders that were issued to other companies demanding similar information be turned over to the government.

Read More

Cyber Alert: Legal Issues with Emerging Active Defense Security Technologies

January 22, 2013 | Posted by Maki DePalo | Topic(s): Advisories, International, Security Breach, Data Security, Cybersecurity

There is an adage that “the best defense is a good offense.” Many companies are taking this to heart as they are becoming increasingly frustrated with the limitations of today’s commonly deployed passive countermeasures and other defensive technologies. Emerging offensive technologies, generally called “active defense technologies” offer considerable promise in being able to identify and take meaningful action against sophisticated assailants. There are, however, considerable issues about the legality of these solutions, that, in certain instances, could render users of these technologies criminally liable. Active defense technologies that employ “hack backs” are of particular concern.

Read More

The Personal Data Act 2012 Comes Into Effect in Singapore

On October 15, 2012, the Singapore Parliament passed the Bill for the Personal Data Protection Act 2012. The enactment of this Act is a fundamental shift in Singapore's approach to data protection, away from the current sectoral approach to a more European-like general data protection approach. The Act aims to establish a framework for personal data protection, by including recognized data protection concepts such as consent, withdrawal, notification of purpose, and access to and correction of personal data.

Read More

Article 29 Working Party Releases Second Round of Input Regarding Proposed EU Data Protection Regulation Revisions

October 5, 2012 | Posted by Bruce Sarkisian | Topic(s): Online Privacy, European Union (EU), International, Privacy

Today the European Commission’s Article 29 Working Party released Opinion 08/2012 providing further input on the EU’s revised Data Protection Regulation. The purpose of the Opinion is to provide “further guidance, notably on certain key data protection concepts and by analysing the need for and the effect of the proposed delegated acts and where necessary suggesting more suitable alternatives.”

Read More

FTC Is First Privacy Enforcement Authority in APEC Cross-Border Privacy Rules System

August 1, 2012 | Posted by Bruce Sarkisian | Topic(s): Federal Trade Commission (FTC), International, Privacy

The Department of Commerce announced the approval of the United States’ participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system (CBPR). The CBPR promotes “a baseline set of data privacy practices for companies doing business in participating APEC economies. The goal of the system is to enhance electronic commerce, facilitate trade and economic growth, and strengthen consumer privacy protections across the Asia Pacific region.” The CBPR is a voluntary but enforceable code of conduct implemented by participating businesses. In the U.S., the Federal Trade Commission (FTC) will be the Privacy Enforcement Authority (PE Authority).

Read More