AUTHOR ARCHIVES: Justin Hemmings


Justin Hemmings

Justin Hemmings is an associate in Alston & Bird’s Technology practice and Cybersecurity Preparedness & Response Team. He focuses his practice on cybersecurity, data security and information privacy. Read more→

European Parliament Calls to Suspend Privacy Shield

Posted on: 06 Jul 2018

On the heels of the Committee on Civil Liberties, Justice and Home Affairs’ (LIBE) recent resolution, the full European Parliament on July 5 adopted a resolution calling for the suspension of the EU-U.S. Privacy Shield agreement if the U.S. fails to comply in full by September 1, 2018.  With a vote of 303 in favor and 223 opposed with 29 abstentions, the Parliament passed the resolution and stated concerns about the enforcement of the Privacy Shield framework and about U.S. surveillance and privacy law generally.  Regarding the resolution, LIBE Chair and rapporteur Claude Moraes said “[t]his […] Read more

Supreme Court Recognizes Reasonable Expectation of Privacy in Historical Cell-Site Location Information

Posted on: 27 Jun 2018

The Supreme Court recently held in Carpenter v. United States that an individual has a reasonable expectation of privacy in historical cell-site location information (CSLI) that provides a comprehensive view of the individual’s movement. A 5-4 decision, Carpenter marks a significant development for both the third-party doctrine and in the privacy space more generally. Carpenter signals a change in the Court’s traditional view of the third-party doctrine and highlights the ubiquity and all-encompassing nature of CSLI in the process. The petitioner, Timothy Carpenter, was convicted for his […] Read more

FBI Publishes its 2017 Internet Crime Report

Posted on: 20 Jun 2018

The FBI recently published its 2017 Internet Crime Report highlighting trends and statistics compiled by the FBI’s Internet Crime Complaint Center (“IC3”) during 2017. The report compiles data from a total of 301,580 complaints which reported losses of over $1.4 billion. In addition to an explanation of the IC3’s history and operations, the report includes five “hot topics” from 2017: business email compromise (“BEC”), ransomware, tech support fraud, extortion, and the Justice Department’s Elder Justice Initiative. Business Email Compromise: This category of attack targets […] Read more

Vermont Data Broker Law Now in Effect

Posted on: 14 Jun 2018

Under a Vermont law that recently came into effect, data brokers that process information regarding Vermont residents are now subject to registration and security requirements. Included in the new law are three notable components: (1) a broad statutory definition of a “data broker,” (2) an annual registration requirement for data brokers, and (3) reporting on data broker security breaches. Definition of a “Data Broker” The law takes a technology-neutral approach to its definition of a “data broker,” instead defining the term based on the normal functions of the business. The statute […] Read more

European Parliament’s Civil Liberties Committee Targets EU-U.S. Privacy Shield, Cloud Act

Posted on: 14 Jun 2018

On June 12, 2018, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) passed a resolution calling on the European Commission to suspend the EU-U.S. Privacy Shield unless the U.S. fully complies with the framework’s requirements by September 1, 2018.  With a vote of 29 votes in favor, 25 opposed, and 3 abstentions the LIBE passed the draft resolution calling on the European Commission to (1) ensure that the Privacy Shield fully complies with the GDPR and the EU charter so as to not create loopholes or competitive advantage for US companies; and (2) restart […] Read more

Alston & Bird Issues Data Protection Paper on Accurate Retrieval of Personal Data under the GDPR

Posted on: 16 May 2018

Today Alston & Bird’s Jan Dhont, Peter Swire, and DeBrae Kennedy-Mayo, with support from Senzing, Inc., are publishing a White Paper titled The Importance of Accurate Retrieval of Data Subjects’ Personal Data in Complying with GDPR Individual Rights Requirements. The General Data Protection Regulation, which enters into effect on May 25, 2018, goes considerably beyond existing law in setting forth individual rights that allow data subjects to control how their personal data is used. This Paper addresses an important issue for implementing individual rights – how can those companies […] Read more

Irish High Court Refers Schrems 2.0 to the ECJ

Posted on: 13 Apr 2018

On April 11, Justice Caroline Costello of the Irish High Court referred the Schrems 2.0 case to the Court of Justice of the European Union (ECJ) with 11 questions for the ECJ to answer. Per Justice Costello, the sole issue in the case is whether the European Commission’s Decisions regarding standard contractual clauses (SCCs) are valid, which is reflected in the 11 questions posed. The reference asks the ECJ to determine: Whether provisions of EU law related to national security, public security, defense, and state security apply to transfers of data outside the EU under SCCs; Whether […] Read more

The CLOUD Act and its Impact on Cross-Border Access to the Contents of Communications

Posted on: 25 Mar 2018

On Friday morning, March 23, President Trump signed the $1.3 trillion omnibus spending bill into law, including the Clarifying Lawful Overseas Use of Data (CLOUD) Act, and in doing so established a sea change in the rules for cross-border government access to the contents of electronic communications. The CLOUD Act consists of three core components: (1) resolving the main issue in the Microsoft Ireland case pending before the U.S. Supreme Court, (2) providing a process for entities to request a comity analysis for potential conflicts with non-U.S. legal obligations, and (3) removing legal barriers […] Read more

Supreme Court Hears Oral Argument in the Microsoft Ireland Case

Posted on: 06 Mar 2018

On Tuesday, February 27th, the U.S. Supreme Court heard oral argument in United States v. Microsoft Corp. on whether a warrant issued under the Stored Communications Act (SCA) can compel the production of data stored outside the United States. Where Microsoft argues that the emails stored outside the United States also lie outside the reach of the SCA, the government contends that the SCA focuses on “classically domestic content,” and that Microsoft can be compelled within the U.S. to turn over records it controls regardless of where the data sought is stored. This case began in December […] Read more

NIST Releases Updated Cyber Framework V1.1

Posted on: 06 Dec 2017

On December 5, 2017, the National Institute of Standards and Technology (NIST) released a revised draft of its proposed updates to its Framework for Improving Critical Infrastructure Cybersecurity. The revised draft includes a new section on communicating with stakeholders about cybersescurity requirements, addresses stakeholder concerns regarding cybersecurity supply chain risk management and measuring cybersecurity risks and benefits, and addresses six new topics, including the Cyber-Attack Lifecycle. NIST has updated both the Framework and its accompanying Roadmap. The revised Framework includes […] Read more