Alston & Bird Named to ATL Top Law Firm Privacy Practice Index
Posted on: 04 May 2018
Alston & Bird’s Privacy & Data Security Team has been named to the first-annual Above The Law (ATL) Top Law Firm Privacy Practice Index. Firms named to the Index were rated by nearly 300 in-house counsel on the “strength and quality” of their data privacy and/or cybersecurity practices. ATL also assessed firms on thought leadership in the area of privacy through their publication of white papers, blogging, media contributions, and speaking engagements. To read more about the Index, click here. […] Read more
Bill Proposes Jail Time for Executives Who Conceal Data Breaches
Posted on: 04 Dec 2017
On November 30, 2017, a group of U.S. senators re-introduced a bill, known as the Data Security and Breach Notification Act, which seeks to impose criminal liability of up to five years of jail time on any corporate executive convicted of “intentionally and willfully” concealing a data breach. The bill also proposes that the Federal Trade Commission (FTC) establish standard, nationwide security protocols for businesses to follow. The bill would also require companies to report data breaches to consumers or users within 30 days unless a U.S. federal law enforcement or intelligence agency […] Read more
David Keating, Jan Dhont and Karen Sanzaro to Speak at the 2017 Privacy + Security Forum
Posted on: 26 Sep 2017
David Keating, partner and co-leader of the firm’s Privacy & Data Security practice, Jan Dhont, Brussels partner and head of the firm’s European Privacy and Data Protection practice, and Karen Sanzaro, counsel in the Technology & Privacy Group, will be speakers at the 2017 Privacy + Security Forum in Washington, DC, taking place on October 4-6, 2017. David Keating will be speaking during the session on “Emerging Consumer Tracking and Analytics Technologies.” This session will explore recent regulatory and enforcement developments in this area and discuss practical approaches […] Read more
A Look Into Europe’s New Cybersecurity Regimes
Posted on: 24 Apr 2017
Europe is facing two important reforms addressing cybersecurity, which will apply in 2018. Jan Dhont and Delphine Charlot outlined the details of these regimes in an article for the Society of Corporate Compliance and Ethics, which you can read here.
French CNIL Releases GDPR Compliance Toolkit
Posted on: 19 Apr 2017
On March 15, 2017, the French data protection authority (CNIL) released its six step- GDPR compliance program together with GDPR-tailored templates for use by companies, the “GDPR Toolkit.” The GDPR Toolkit is helpful for companies because it provides guidance that companies may directly include in their privacy programs. Companies with sophisticated privacy programs may also use the GDPR Toolkit as a reality check against CNIL and, more generally, European data protection authorities’ standards and expectations for GDPR compliance. Click here to access the Toolkit. […] Read more
ICO Seeks Extra Resources for GDPR Enforcement
Posted on: 15 Mar 2017
On March 13, 2017, Elizabeth Denham, head of the UK data protection authority (“ICO”) publicly expressed her intention to massively recruit new personnel in an effort to be ready for the European (“EU”) general data protection regulation (“GDPR”). In a statement released on its website, the ICO announced its plan to recruit new personnel by May 2018, in light of the new responsibilities and enforcement powers granted to the ICO under the GDPR. Ms. Denham later told the press the ICO would hire approximately 200 persons. Interestingly, the ICO statement comes on the same day the […] Read more
CNIL Launches Second Round of Public Consultation on GDPR
Posted on: 07 Mar 2017
Last week, the French Data Protection Authority (“CNIL”) launched the second round of a public consultation on the General Data Protection Regulation (“GDPR”). The first public consultation was launched in June 2016 and addressed the requirements in the GDPR relating to data protection officers, data portability and privacy seals and certifications. The outcome of the June 2016 consultation was integrated by the Consortium of the European data protection authorities (“WP29”) into WP29’s recent guidance. Similarly, the new public consultation launched by the CNIL is aligned with […] Read more
Spanish Ministry of Justice Launches Public Consultation on GDPR
Posted on: 22 Feb 2017
On February 7, 2017, the Spanish Ministry of Justice launched a public consultation as a preliminary step before the drafting of a new bill implementing the General Data Protection Regulation (“GDPR”). The press release clarifies that although the GDPR has direct effect in the European Member States, its implementation into Spanish law is not a straightforward exercise because (i) the obligations in existing data protection legislation need to be maintained or amended (as the case may be), and (ii) other sector specific laws containing provisions on data protection need to be updated. A […] Read more
Spanish DPA Issues GDPR Guidelines
Posted on: 30 Jan 2017
On January 26, 2017, the Spanish data protection authority (“AEPD”) published three guidance papers on the implementation of the general data protection regulation (“GDPR”). Although the guidance is primarily directed at small and medium-sized companies, it gives a snapshot on how the AEPD reads the GDPR and is thus relevant for all companies having operations in Spain. GDPR Guide for Controllers: the guide summarizes the requirements of the GDPR while providing practical recommendations on how to implement them. The guide also contains a questionnaire to help controllers make a […] Read more
New York Financial Services Regulator Issues Revisions to Proposed Cybersecurity Regulation
Posted on: 28 Dec 2016
Today, the New York Department of Financial Services (DFS) released a revised version of the proposed cybersecurity regulations that it first issued in September. According to a press release issued by DFS Superintendent Vullo, the new version of the proposed rules will be finalized following a 30-day notice and public comment period. Among the most notable changes are an extension of the effective date to March 1, 2017, an array of longer transition periods for various sections of the regulation, increased emphasis on risk assessment, and a slight reduction in the extremely broad scope of […] Read more