Emerging Markets Law

Showing 22 posts in In-House Counsel.

Unauthorized Computer Access, Without Service Interruption, May Be Cause for Action

In a case of first impression, the Eleventh Circuit has held that an employer need not show an interruption of service to prove actionable harm under the Computer Fraud and Abuse Act (CFAA) and other federal laws. This is good news for employers and potentially for others who suffer computer intrusions.

Continue reading Unauthorized Computer Access, Without Service Interruption, May Be Cause for Action ›

Lessons From Yahoo Breach Continue

Yahoo has (not surprisingly) been hit with multiple consumer class action claims relating to its massive data breach. It is unclear exactly when Yahoo uncovered the 2014 breach; news reports characterize the find as "recent." Yahoo also has said that it is cooperating with law enforcement, which could help offset any issues tied to a delay of announcement.

Continue reading Lessons From Yahoo Breach Continue ›

State Enforcement of COPPA, Federal Online Advertising Law

Posted In Compliance, Data Privacy, In-House Counsel, Media, Privacy, Social Media

On September 13, 2016, the New York Attorney General announced settlements with four major US toy and media companies regarding their use of online tracking of children who use their websites. Viacom, Inc. (Nickelodeon), Hasbro, Inc. (My Little Pony), and Mattel, Inc. (Barbie, Hot Wheels, American Girl) are among the companies fined a collective $835,000 for violating the Children's Online Privacy Protection Act (COPPA).

Continue reading State Enforcement of COPPA, Federal Online Advertising Law ›

Clock Running for EU Privacy Shield Self-Certification with Grace Period

Posted In Compliance, Data Privacy, Data Security, In-House Counsel, Risk Management

The EU/US Privacy Shield, which governs transfers of personal information from the EU to the US, is now effective and available to US companies for self-certification. Any US company that wants to self-certify its compliance with Privacy Shield protections may do so now; and any company that does so before September 30 will have nine months to get its downstream data processing contracts in order. 

Compliance and self-certification involve publishing a new privacy statement and a statement to the Department of Commerce, both of which must set forth information about a company's compliance with several fundamental principles:

  • Notice and Choice about how an EU individual's personal information is shared with third parties,
  • Access to that information for correction or deletion,
  • Security undertakings regarding that information,
  • Data Integrity and Limited Purpose use regarding such information,
  • Recourse to independent dispute mechanisms by aggrieved EU data subjects, and
  • Accountability for "onward transfer" of EU data to third parties.

The process of self-certification is fairly straightforward and may be a good idea for companies formerly covered by the Safe Harbor. Any company that collects, processes or uses data from the EU may want to consider Privacy Shield self-certification.

For companies that do wish to certify, there is a grace period of nine months to become compliant with the "onward transfer" principle if certification is made before the end of this month. That would allow a certifying company time to put in place a compliant contract procedure for vendors who may process data (procurement, purchasing, customer relations, for example) via downstream contracts. 

There is no deadline for self-certification, which can be elected at any time; but the grace period is one-time-only as the Privacy Shield is taking effect. 

Safe Harbor's Replacement - Handshake Deal in Place

Posted In In-House Counsel, Industry, Privacy, Public Policy

The officials working to replace the recently-invalidated data transfer Safe Harbor have in place a handshake deal.

The full details are not yet public, but presumably will be disclosed before the deadline of January 2016 for US businesses to comply with EU data protection laws.

Continue reading Safe Harbor's Replacement - Handshake Deal in Place ›

Savannah Film Incentive Makes State Even More Competitive

Posted In Copyright, In-House Counsel, Industry, Intellectual Property, Media, Tax

The Savannah Economic Development Authority (SEDA) is making Georgia an even more attractive place to shoot films, starting in 2016. This is a boost to an industry that didn't exist in Georgia in a big way until about 10 years ago, but that has grown rapidly: filmed entertainment brought about $6 billion to Georgia in 2014.

Continue reading Savannah Film Incentive Makes State Even More Competitive ›

Cyber Hygiene: Upgrade Your Software, Too

Data security is a multi-part process for most organizations. Today's installment of cyber hygiene habits for 2015 reminds us that updating software is a critical step in securing our networks. 

Continue reading Cyber Hygiene: Upgrade Your Software, Too ›

Cyber Hygiene: Upgrade Your Hardware

This fourth installment in our cyber hygiene series will discuss the importance of hardware upgrades in maintaining corporate data security. As with all the best practices we recommend in this series, the idea behind protection is to avoid incidents where possible, mitigate damage if they occur, and have a defensible position or "storyline" if you suffer a dispute or investigation. 

Continue reading Cyber Hygiene: Upgrade Your Hardware ›

Cyber Hygiene Habits: Have a Plan For Your Employees

For 2015, we are addressing data security and privacy by discussion of topics relating to information security and hygiene. Parts one and two covered knowledge of what laws cover your business and of what data you have in your networks. This installment covers the human side of data handling: which employees have access to your data, and why.

Continue reading Cyber Hygiene Habits: Have a Plan For Your Employees ›

DOJ Issues Guidance on Cybersecurity

Posted In Government, In-House Counsel, Privacy

Showing an increased level of concern for coordination between industry and the public, the U.S. Department of Justice ("DOJ") has issued guidance on cybersecurity risks and the steps that industry and consumers should take to prepare for cybersecurity threats.

The DOJ guidance on cybersecurity is very basic.  The guidance is roughly 15 pages long and suggests that businesses familiarize themselves with their information networks and develop a plan for how to respond in the event of a breach in security.  (Nothing novel here.)

Continue reading DOJ Issues Guidance on Cybersecurity ›


Stay Connected

Subscribe to blog updates via email