Legislation

Tennessee Updates Data Breach Statute

March 28, 2016 By Privacy, Cyber & Data Strategy Team

On March 24, 2016, Tennessee Governor Bill Haslam signed SB 2005 into law. The bill makes three principal updates to Tennessee’s data breach statute. First, the statute will now require organizations that have experienced a data breach to notify individuals within 45 days from the discovery or notification of the breach, unless a longer period of time […]

EU Privacy Leaders Discuss US-EU Privacy Shield at Event Co-Hosted by A&B Partner

March 24, 2016 By Daniel Felz

On March 22, 2016, the International Association of Privacy Professional (IAPP) hosted a podium discussion in Brussels on the new EU-US Privacy Shield. Alston & Bird co-hosted the event, which featured two top-notch privacy luminaries from EU legislative and oversight bodies: Mr. Giovanni Buttarelli, the present European Data Protection Supervisor (EDPS). Mr. Bruno Gencarelli, Head […]

European Commission Debuts EU-U.S. Privacy Shield

March 1, 2016 By Privacy, Cyber & Data Strategy Team

In a development eagerly anticipated by businesses on both sides of the Atlantic, the European Commission has published the legal instruments needed to put in place the “EU-U.S. Privacy Shield” for transfers of personal data from Europe to the United States. The issued documents include a draft adequacy decision by the Commission finding that the […]

HHS Issues HIPAA Security Rule Crosswalk with NIST Cybersecurity Framework

February 29, 2016 By Privacy, Cyber & Data Strategy Team

Last week, the HHS Office for Civil Rights (OCR) released a crosswalk between the requirements of the HIPAA Security Rule and the NIST Cybersecurity Framework. The crosswalk – which was developed in conjunction with the National Institute of Standards and Technology (NIST) and the HHS Office of the National Coordinator for Health IT – maps each […]