Clicky

Header graphic for print
InfoLawGroup privacy. security. technology. media. advertising. intellectual property.

Tag Archives: Safe Harbor

FTC Takes a Big Step in Privacy Enforcement with Google Buzz Settlement

Posted in Enforcement, Information Security

The Google Buzz settlement that the Federal Trade Commission announced on March 30, 2011 is the latest in the line of the Commission’s numerous Section 5 actions related to privacy and data security violations. The Google Buzz settlement, however, is unique in several important ways. The settlement represents (i) the first FTC settlement order has requires a company to implement a comprehensive privacy program to protect the privacy of consumers’ information, and (ii) the Commission’s first substantive U.S.-EU Safe Harbor framework enforcement action. Let’s dive in (make sure to read the “Action Item” at the conclusion of the post!).

EU Confirms Adequacy of Data Protection in Israel, Simplifies Personal Data Transfers

Posted in EU

Dan Or-Hof, a privacy and technology partner at the Israeli law firm Pearl Cohen Zedek Latzer is reporting that the EU Commission published the much-anticipated announcement on the adequacy of data protection law in Israel. Published on January 31, 2011, the decision adopted by the Commission determines that Israel provides an adequate level of protection for personal data transferred from the EU, however only in relation to automated international data transfers and to automated processing of data in Israel.

European Reservations?

Posted in Cloud Computing, Cloud Computing Series, Data Privacy Law or Regulation, EU, Information Security, Information security contracts, International, Privacy Law, Social Networking, Workplace Privacy

German state data protection authorities have recently criticized both cloud computing and the EU-US Safe Harbor Framework. From some of the reactions, you would think that both are in imminent danger of a European crackdown. That’s not likely, but the comments reflect some concerns with recent trends in outsourcing and transborder data flows that multinationals would be well advised to address in their planning and operations.

The Other Shoe in Adams v. Dell Drops Gently

Posted in Digital Evidence and E-Discovery

In one of the most watched and controversial electronic discovery cases of 2009, the federal court in Utah held that the defendant Asus Computer International had, and violated, a duty to keep certain electronic and paper documents relevant to the federal Utah action for alleged patent infringement. United States Magistrate Judge David Nuffer found the… Continue Reading

Do the New EU Processing Clauses Apply to You?

Posted in Cloud Computing, Data Privacy Law or Regulation, EU, Information security contracts, International, PII, Privacy Law, Regulations, Service Provider Breach, Third Party Beneficiary, Workplace Privacy

A new set of EU standard contract clauses (“SCCs” or “model contracts”) for processing European personal data abroad came into effect on May 15, 2010. Taken together with a recent opinion by the official EU “Article 29″ working group on the concepts of “controller” and “processor” under the EU Data Protection Directive, this development suggests that it is time to review arrangements for business process outsourcing, software as a service (SaaS), cloud computing, and even interaffiliate support services, when they involve storing or processing personal data from Europe in the United States, India, and other common outsourcing locations.

A Closer Look at the PCI Compliance and Encryption Requirements of Nevada’s Security of Personal Information Law

Posted in Encryption, Nevada Security of Personal Information Law

Since approximately 2005, the state of Nevada has had a fairly comprehensive data privacy law on its books: the Nevada Security of Personal Information Law (the “Law”). Prior to 2009, the Law imposed various requirements concerning the protection of personal information of Nevada residents, including requirements concerning security breach notice, the implementation of reasonable security… Continue Reading

More Than Two Years Later, Federal Agencies Issue GLBA Final Model Privacy Form

Posted in Financial Services

On Tuesday, the Office of the Comptroller of the Currency (OCC), the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), the Office of Thrift Supervision (OTS), the National Credit Union Administration (NCUA), the Federal Trade Commission (FTC), the Commodity Futures Trading Commission (CFTC), and the Securities and Exchange Commission (SEC) (the “Joint Agencies”) issued the Final Model Privacy Form under the Gramm-Leach-Bliley Act (GLBA).

Legal Implications of Cloud Computing — Part Two (Privacy and the Cloud)

Posted in Breach Notice, Breach Notification, Cloud Computing, Cloud Computing Series, Special Series

Last month we posted some basics on cloud computing designed to provide some context and identify the legal issues. What is the cloud? Why is everyone in the tech community talking about it? Why do we as lawyers even care? Dave provided a few things for our readers to think about — privacy, security, e-discovery. Now let’s dig a little deeper. I am going to start with privacy and cross-border data transfers. Is there privacy in the cloud? What are the privacy laws to keep in mind? What are an organization’s compliance obligations? As with so many issues in the privacy space, the answer begins with one key principle — location, location, location.