appropriate, EU, EU Data Protection Directive, international, reasonable, security measures

Code or Clear? Encryption Requirements (Part 3)

By W. Scott Blackmer on October 01, 2009

In other posts, I addressed the trend in the United States to require encryption for certain categories of personal data that are sought by ID thieves and fraudsters - especially Social Security Numbers, driver's license numbers, and bank account or payment card details - as well as for medical information, which individuals tend to consider especially sensitive. These concerns are not, of course, limited to the United States. Comprehensive data protection laws in Europe, Canada, Japan, Australia, New Zealand and elsewhere include general obligations to maintain "reasonable" or "appropriate" or "proportional" security measures, usually without further elaboration. Some nations have gone further, however, to specify security measures.

Read more

appropriate, civil litigation, compliance, FTC, legal requirements, negligence, portable devices, public networks, reasonable, security measures, unfair practices, wireless

Code or Clear? Encryption Requirements under Information Privacy and Security Laws (Part 1)

By W. Scott Blackmer on October 01, 2009

"Exactly what data do we have to encrypt, and how?" That's a common question posed by IT and legal departments, HR and customer service managers, CIOs and information security professionals. In the past, they made their own choices about encryption, balancing the risks of compromised data against the costs of encryption. Those costs are measured not merely by expense but also by increased processing load, user-unfriendliness, and the remote but real possibility of lost or corrupted decryption keys resulting in inaccessible data. After weighing the costs and benefits, most enterprises decided against encryption for all but the most sensitive applications and data categories.

Read more

Binding Corporate Rules, breach notification, EU Data Protection Directive, Gramm-Leach-Bliley, HIPAA, model contracts, privacy, Safe Harbor

Legal Implications of Cloud Computing -- Part Two (Privacy and the Cloud)

By InfoLawGroup LLP on September 30, 2009

Last month we posted some basics on cloud computing designed to provide some context and identify the legal issues. What is the cloud? Why is everyone in the tech community talking about it? Why do we as lawyers even care? Dave provided a few things for our readers to think about -- privacy, security, e-discovery. Now let's dig a little deeper. I am going to start with privacy and cross-border data transfers. Is there privacy in the cloud? What are the privacy laws to keep in mind? What are an organization's compliance obligations? As with so many issues in the privacy space, the answer begins with one key principle -- location, location, location.

Read more

Breach, contracting, e-Discovery, Electronic evidence, EU Directive, IaaS, outsourcing, PaaS, privacy, SaaS, Security, service provider

Legal Implications of Cloud Computing -- Part One (the Basics and Framing the Issues)

By InfoLawGroup LLP on August 16, 2009

I had the pleasure of hearing an excellent presentation by Tanya Forsheit on the legal issues arising out of cloud computing during the ABA Information Security Committee's recent meeting (at the end of July) in Chicago. The presentation resulted in a spirited debate between several attorneys in the crowd. The conversation spilled over into happy hour and became even more interesting. The end result: my previous misunderstanding of cloud computing as "just outsourcing" was corrected, and now I have a better appreciation of what "the cloud" is and the legal issues cloud computing raises.

Read more
Newer Older