The US has what appears to be a never-ending list of comprehensive privacy laws, but do they all apply to your organization? Not necessarily.Continue Reading The Comprehensive US Privacy Law Deluge: Which US Privacy Laws Apply to Your Company?
The United States government has a powerful new tool to gain access to data stored overseas – the CLOUD Act, which was enacted this spring. If you are a company based overseas, particularly if you use a cloud service provider with a significant U.S. presence, it just got a lot easier for the U.S. government to get your data, and the data you hold for your customers.
Background to the CLOUD Act
Since 1986, U.S. law enforcement’s access to electronic data held by private third parties has been regulated by the Electronic Communications Privacy Act (ECPA,18 U.S.C. § 2510 et seq). That law was enacted, in part, to extend government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer and stored electronic communications. These issues are addressed in Title II of ECPA, known as the Stored Communications Act (SCA). While ECPA and the SCA have been amended several times since 1986, their primary provisions have remained the same, meaning that much of American law relating to government access to electronic data held by third parties was in fact drafted several years before email was commonly used and the World Wide Web was even created.
Continue Reading Foreign Companies: Does the U.S. Government Now Have Access to Your Overseas Data?
On February 29, 2016, the European Commission and United States released the terms of the much-anticipated renewed framework for the transfer, sharing, and processing of European individuals’ data to the United States. The framework replaces the “Safe Harbour” mechanism, which enabled U.S. to transfer data from the EU to the United States by self-certifying that their practices ensured an adequate level of protection for personal data under the EU Data Protection Directive. In October, the “Safe Harbour” framework was declared invalid by the European Court of Justice in the Schrems decision covered earlier in this blog.Continue Reading EU-US Privacy Shield: Brace Yourself . . . or Maybe Not