Monthly Archives: February 2016

As part of implementing the EU-US Privacy Shield, on February 24, 2016, President Obama signed the Judicial Redress Act (H.R.1428/S.1600). This law is designed to give EU citizens the right to sue the U.S. government for privacy violations.  In particular:

• It authorizes the U.S. Department of Justice to designate specific foreign countries or regional economic integration organizations (i.e., the EU) whose natural citizens may bring civil actions under the U.S.…

More

As noted in our earlier Foley Adviser, March 1, 2016 is the effective date for NFA member firms (including futures commissions merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, swap dealers, and major swap participants) to adopt and enforce written policies and procedures to secure customer data and access to their electronic systems.

If you have any questions regarding implementation of these policies and procedures,… More

The COPPA Rule requires website and online service operators to give notice to parents and obtain verifiable parental consent before collecting children’s “personal information” online.  16 CFR §§ 312.4, 312.5.  The definition of “personal information” encompasses some obvious pieces of data – name and address, for example – and some less-obvious ones, such as screen names, geolocation data, and “persistent identifiers.”  A “persistent identifier” is a piece of information “that can be used to recognize a user over time and across different web sites or online services,” such as “a cookie,… More

This article was originally published in Law360 with permission to reprint.

How much does the question of harm matter in cybersecurity law? The answer is: It depends on who is bringing the claim.

Businesses confronting data breaches can face litigation from private consumers as well as from governmental entities. Managing litigation risk varies in these contexts because of the limitations of bringing private rights of action.… More

In response to the announcement of the EU-U.S. Privacy Shield, the Article 29 Working Party issued its own statement, the key elements of which are as follows:

• The Working Party will not blindly accept the EU-US Privacy Shield.
  It welcomes the conclusion of the negotiations, but also is asking to see all documents pertaining to the new EU-US Privacy Shield by the end of February.…

More

What follows below is the EU’s press release regarding the agreement on a replacement for the EU-US Safe Harbor.  We are working to get details and will schedule a webinar on the new framework shortly.

***

The European Commission and the United States have agreed on a new framework for transatlantic data flows: the EU-US Privacy Shield.

Today, the College of Commissioners approved the political agreement reached and has mandated Vice-President Ansip and Commissioner Jourová to prepare the necessary steps to put in place the new arrangement.… More

On December 18, 2015, President Obama signed the Cybersecurity Act of 2015 (The “Act”), legislation designed to combat online threats to the federal government, state and local governments, and private entities. Within the Act are four titles, the most significant of which is Title I, the Cybersecurity Information Sharing Act (“CISA”) (which begins at p. 694).

CISA addresses the manner in which the federal government and non-federal entities may share information about cyber threats and the defensive measures they may take to combat those threats.… More