The Article 29 Working Party has released opinions on Privacy Shield and “essential guarantees” under EU law relating to surveillance, here and here.

Please join us in our webinar at 1 pm EDT today to learn more about the Article 29 Working Party’s opinion on Privacy Shield (register here).  We will look at the opinion’s likely impact on Privacy Shield’s rocky progress through the EU bureaucracy, as well as on the legal attacks that we expect Privacy Shield will face if and when it is ultimately adopted by the Commission.

 

UPDATE: The Article 29 Working Party has released surprisingly brief comments on Privacy Shield, available here.  Consistent with the press briefing held earlier today (see below), WP29 has concluded that Privacy Shield falls short without providing specific guidance as to what, exactly, an acceptable version of Privacy Shield would look like.

Earlier today, the Article 29 Working Party (“WP29”) held a press conference to give a preview of its assessment of the proposed EU-US Privacy Shield arrangements that were slated to replace the struck-down Safe Harbor program and bring much-needed certainty to companies that transfer personal data from the EU to the US.

While full comments will be available later today, we know now that WP29 has declined to give Privacy Shield its support.  It appears that WP29 has serious concerns about the limitations of US national security agencies to conduct mass surveillance.  WP29 is also skeptical about the rights of redress for EU residents and would prefer that EU residents be able to bring complaints immediately via their local EU data protection authorities.    We will cover the WP29 assessment more fully during our webinar on Thursday, April 14.  Register here.  In the meantime, for those who would like to listen to the press briefing, an audio recording is available here:  https://scic.ec.europa.eu/streaming/article-29-working-party

The European Union Commission has issued a fact sheet on the new General Data Protection Regulation (final post-trilogue text available via Statewatch).  The Commission claims that the Regulation is good for individuals and good for business.  We’ll leave that to readers . . . and history . . . .to decide.

As regulations go, the GDPR is a page-turner, but if you don’t have time to read all 204 pages before the holidays, consider joining our webinar at 1 pm ET today. Registration is here.

 

 

Don’t forget to join us tomorrow afternoon – Tuesday – at 1 PM ET for a webinar discussion on the New EU General Data Protection Regulation. What’s next? What are the key changes? What do you need to do to prepare?

Registration is here.

Continue Reading REMINDER: Webinar TOMORROW — Getting to Grips with the New EU General Data Protection Regulation: Key Changes and What You Need to Do to Prepare

For the first Monday in November, we have 10 easy steps to make sure that your data breach incident response planning is viewed from that pesky point of view of a litigator.

  1. Fail to plan = plan to fail.
  2. Big problems first, small problems later (don’t let the perfect be the enemy of the good).Privacy & Security Matters Monday Blog Series Image
  3. The criticality of the tone at the top cannot be overstated.
  4. You cannot prevent idiocy, but you can train (and retrain, and retrain).
  5. Make good email practices your fight song (in both times of calm, and times of crisis).
  6. Say what you mean and mean what you say (avoid good policies with poor follow-through; don’t set standards that you can’t meet).
  7. Avoid inconsistencies wherever possible.
  8. Know what your peers are doing (and if you aren’t doing the same thing, document why not).
  9. If you have a close call, document your decision and carefully consider whether you want privilege to apply or not (and why not).
  10. Think about your “story” in slow motion being played on a movie screen (or in excruciating detail on the front page of the Wall Street Journal).

H/T to Mintz’s Meredith Leary for these.   For more on these 10 easy steps and a replay of our Halloween-themed October Privacy Webinar, “Tricks, But No Treats:  A Halloween Visit to the Frightening World of Data Security Litigation,”  check out this link to the recording.

To take a step back from our continuing analysis of the situation and developments in Europe,  there are other things going on in the privacy and data security world!   Our October Wednesday Webinar is coming up and we will take a walk on the wild side:  data security litigation.    Registration is open now! Read more – Continue Reading Wednesday Webinar: Tricks, But No Treats – A Halloween Visit to the Frightening World of Data Security Litigation

Don’t forget to join us this afternoon – Wednesday – at 3 PM ET for a webinar discussion of the European Court of Justice’s game changing decision invalidating the US-EU Safe Harbor framework.   What’s next?  What should be your Plan B?

Registration is here. Continue Reading REMINDER: Webinar TODAY — EU-US Safe Harbor Program and the Court of Justice of the EU’s Decision — Protect Your Business!

Welcome to the first Monday in October!

The big issue for this week is tomorrow’s impending decision from the European Court of Justice in the Schrems v. Facebook Safe Harbor matter.

What will be the implications of this decision? How can you, as a company, navigate these waters?

Last week in this space, we advised companies who rely on Safe Harbor for their EEA-to-US data transfers to get a contingency plan in place without delay. On Wednesday, we will present an emergency PrivacyMonday_Image1webinar to discuss the ECJ’s opinion and planning for moving forward.

REGISTRATION IS NOW OPEN

Since the Snowden revelations, trouble has been brewing for the EU-US Safe Harbor program and companies which utilize this program to make transfers of personal information from the EU to the US legal under EU privacy laws. On October 6, the uncertainty generated last week by Advocate General Yves Bot’s opinion invalidating Safe Harbor will come to an end as the European Court of Justice (ECJ) will release its decision in the Schrems Safe Harbor case. It is highly unusual for the ECJ to issue a decision so quickly after publication of the Advocate General’s opinion on a case. However, the ECJ seems to be expediting its decision process. (See the Wall Street Journal’s summary of the usual process here.)

What will be the implications of this decision? How can you, as a company, navigate these waters?

Last week in this space, we advised companies who rely on Safe Harbor for their EEA-to-US data transfers to get a contingency plan in place without delay. This week, we are urging the same and providing this Emergency Webinar to better assist.

REGISTRATION IS NOW OPEN

The SEC has announced a new round of cybersecurity inspections at broker-dealer and registered investment advisory firms.  If that’s not enough to catch your attention, just days after issuing the Risk Alert, the SEC censured and fined a St. Louis-based investment advisor for a failure to adopt written policies and procedures to ensure the confidentiality of personal information as required by law.   According to the SEC, that failure led to a breach of the personal information of 100,000 investors held by R.T. Jones Capital Equities Management and led to a $75,000 fine.

Register now for our upcoming webinar — Wednesday, September 30 at 1 pm ET where the latest Risk Alert and enforcement action, along with other important developments, will be discussed by Mintz Levin’s Steve Ganis and Peter Day.

Another Cop on the Cybersecurity Beat: What to Do Before and After the SEC and FINRA Come Knocking

This webinar, the eighth in our Privacy series, will address regulatory compliance and risk management aspects of cyber attacks and data breaches at financial institutions and their service providers. Cybersecurity is one of the most significant issues facing the financial services industry — and vendors to financial services customers. Consequences of cyber attacks and data breaches are more costly than ever, and now the SEC and FINRA are conducting cybersecurity examinations. Enforcement actions are likely to follow. Meanwhile, the “fintech” revolution is radically and dramatically transforming how securities, banking, and money services firms collect, retain, protect, and monetize financial consumer data. Join us for guidance on crafting effective cybersecurity programs and insights into areas of likely cybersecurity focus uniquely critical for broker-dealers, investment advisers, and investment companies — intermediary and vendor due diligence, risk assessment, identity theft prevention, Gramm-Leach-Bliley safeguarding of customer information, referral and aggregator arrangements, suspicious activity monitoring, material nonpublic information protection, and front running prevention.

 

As always, the webinar is eligible for New York and California CLE credit.