On December 15, 2015, following four years of close, sometimes contentious, review, the EU institutions agreed upon the text of the General Data Protection Regulation (the “GDPR”). One of the most important EU legislative initiatives in recent years, the GDPR is also a landmark in privacy regulation worldwide. As from the time the GDPR takes […]
Advisories
Alston & Bird Issues an International Trade & Regulatory/Cybersecurity Advisory on Proposed New Export Requirements for Cybersecurity Products and Technologies
Alston & Bird recently issued an Advisory on a new regulation proposed by the Department of Commerce’s Bureau of Industry Security (BIS), which would require certain developers, manufacturers, and users of cybersecurity intrusion and surveillance items to obtain export licenses before conducting business and performing their work—even when working with their affiliated companies or with […]
Alston & Bird issues a Privacy and Security ADVISORY on Russia’s new Data Localization Law
Today, Alston & Bird issued a Privacy and Security ADVISORY on Russia’s new Data Localization Law will take effect in September, 2015. Penalties for non-compliance can be severe, including suspension of offending websites. Our Privacy & Data Security Group gives details on the law, the compliance challenges facing U.S. companies, and the solutions available to them. […]
EU’s Article 29 Working Party Releases Opinion on Internet of Things Protections
The European Union’s Article 29 Data Protection Working Party (WP29) adopted an opinion (the Opinion) on September 16, 2014 regarding data protection within the Internet of Things (IoT). Recognizing the rapid growth of the IoT, the Opinion responds to emerging data privacy concerns within the IoT, and provides recommendations for stakeholder compliance with EU data […]
HIPAA/HITECH Act Accounting of Disclosures NPRM: Redux?
In May 2011, the Office for Civil Rights (OCR) of the U.S. Department of Health & Human Services (HHS) issued a proposed rule to modify the HIPAA Privacy Rule’s standard for accounting of disclosures of protected health information (PHI). The proposed rule would have implemented the HITECH Act’s requirement for covered entities and business associates […]