AUTHOR ARCHIVES: Privacy & Data Security Team

Privacy & Data Security Team

Read more→

Alston & Bird Hosts John Frank of Microsoft to Kick Off IAPP Europe Data Protection Congress 2018

Posted on: 18 Dec 2018

Alston & Bird’s annual event to kick off the IAPP Europe Data Protection Congress 2018 featured a fireside chat with John Frank, Vice-President, EU Government Affairs at Microsoft. Moderated by Peter Swire, Senior Counsel at Alston & Bird, the discussion provided practical insights into areas that are expected to shape privacy and data protection around the world. Mr. Frank also discussed Microsoft’s approach to global compliance amidst a wide array of privacy and data protection laws and regulations. John Frank John Frank leads Microsoft’s government affairs teams in Brussels […] Read more

Alston & Bird Hosts Webinar on Binding Corporate Rules – The Benefits Go Far Beyond Data Transfers

Posted on: 19 Oct 2018

Binding corporate rules (BCRs) are a legally recognized mechanism that facilitate intra-group transfers of personal data from the European Economic Area (EEA) to the rest of the world. Adopting BCRs not only allows for the free flow of information across an organization but also builds a strong digital culture which is crucial in this data intensive world. On Nov. 7th at 1-2 pm ET, join partners Jan Dhont and Jim Harvey, and senior counsel Peter Swire in an engaging discussion on the evolution of BCRs, the path to BCRs (including the application process), and the realities of embedding the elements […] Read more

Alston & Bird Issues Advisory on Applying GDPR Experience to CCPA Implementation

Posted on: 03 Oct 2018

Alston & Bird recently issued an advisory entitled, “Applying GDPR Process Lessons to the CCPA,” authored by Jim Harvey and Karen Sanzaro. The recently and hastily adopted California Consumer Privacy Act of 2018 (CCPA) has already been compared to the General Data Protection Act (GDPR), though the two greatly differ in scope and content.  However, there are valuable insights to glean from the GDPR adoption process that can give companies a heads start on implementing the CCPA. The advisory examines these five lessons from which companies can learn: Leadership and multidisciplinary […] Read more

DOJ Releases “Best Practices for Victim Response and Reporting of Cyber Incidents,” Version 2.0

Posted on: 02 Oct 2018

On September 27, 2018, the Department of Justice Computer Crime and Intellectual Property (CCIPS) Cybersecurity Unit released Version 2.0 of its “Best Practices for Victim Response and Reporting of Cyber Incidents.” Originally issued in 2015, the updated guidance seeks to help organizations better equip themselves to be able to respond effectively and lawfully to cyber incidents. The updated version distills insights from private and public sector experts, incorporating new incident response considerations in light of technical and legal developments in the past three years. While the guidance […] Read more

Ohio Enacts Cybersecurity Safe Harbor Law

Posted on: 20 Sep 2018

Ohio recently enacted the Ohio Data Protection Act (2018 SB 220), a law that offers a breach litigation safe harbor to businesses meeting specific cybersecurity standards. While the law does not prevent a plaintiff from filing a lawsuit following a data breach, it does provide an affirmative defense to companies defending themselves against such claims. If an entity’s data security policies conform to one of several listed cybersecurity frameworks, the entity can invoke the safe harbor as a defense, and possibly defeat a tort claim alleging that the company’s failure to comply with reasonable […] Read more

GDPR Fragmentation May Appear More Significant than Intended

Posted on: 26 Jun 2018

With the entry into application of the GDPR on May 25, 2018, the EU Member States were expected to have adopted national legislation implementing the regulation. To date, however, only 30% of Member States have effectively passed legislation, which still leaves the legal landscape to be precarious. The GDPR allows for deviations and specifications in several areas, for instance to introduce specific conditions or limitations for the processing of biometric, genetic, or health data; to create specific protection regimes for employee data; or to restrict the rights the GDPR grants to individuals. […] Read more

EU Supervisory Authorities Disclose DPO Notification Tools

Posted on: 17 Jun 2018

Shortly after the GDPR’s entry into application on May 25, 2018, several EU Supervisory Authorities have activated online Data Protection Officer (“DPO”) notification tools, allowing organizations to communicate the contact details of their DPO to the Supervisory Authorities, which is a requirement under Article 37 GDPR. While the DPO Guidelines of the Article 29 Working Party (“WP29”; replaced by the European Data Protection Board, “EDPB”) do not emphasize the requirement to notify DPOs, Supervisory Authorities (“SAs”) view these notifications as important, and have made available […] Read more

Alston & Bird Named to ATL Top Law Firm Privacy Practice Index

Posted on: 04 May 2018

Alston & Bird’s Privacy & Data Security Team has been named to the first-annual Above The Law (ATL) Top Law Firm Privacy Practice Index. Firms named to the Index were rated by nearly 300 in-house counsel on the “strength and quality” of their data privacy and/or cybersecurity practices. ATL also assessed firms on thought leadership in the area of privacy through their publication of white papers, blogging, media contributions, and speaking engagements. To read more about the Index, click here. […] Read more

Belgian Privacy Commission Issues DPIA “Black” and “White List” Recommendation

Posted on: 03 May 2018

On February 28, 2018, the Belgian Privacy Commission issued a recommendation on the position it takes with regard to data protection impact assessments (or “DPIAs”) as foreseen in the GDPR. A DPIA under the GDPR is similar in scope and impact to its predecessor, the PIA (or “privacy impact assessment”) and requires businesses to assess processing operations that are likely to present a high risk to individuals’ rights. Such “high risk” is, for instance, likely to present itself in processing operations involving sensitive data, systematic monitoring, or vulnerable individuals such […] Read more

Belgian Court Uses Novel Argument to Assume International Jurisdiction over Non-EU Facebook Entities

Posted on: 21 Mar 2018

On February 16, 2018, the Brussels Court of First Instance rendered a judgment in proceedings brought by the Belgian Privacy Commission’s against Facebook. The case forms one part of two-tiered litigation brought by the Commission in regards to alleged monitoring practices vis-à-vis Belgian internet users. In parallel to the proceedings that resulted in the judgment cited above, the Belgian Privacy Commission had also initiated a procedure referred to as “summary proceedings” against Facebook – and Facebook defeated the Privacy Commission’s claim before the Brussels Court of Appeal in […] Read more