Effective as of July 12, 2016, the European Union has implemented the new US-EU Privacy Shield (the “Privacy Shield”). The Privacy Shield permits US organizations to self-certify that they meet the requirements for protecting Europeans’ personal data (“EU Data”), allowing them to receive such data from EU organizations. The Privacy Shield is designed to replace the former US-EU Safe Harbor (the “Safe Harbor”), which was invalidated in a case decided by the Court of Justice of the European Union (the “CJEU”) in October of last year.
Dealing with Federal Trade Commission (“FTC”) cyber security standards can be a daunting task, as the FTC enforces cyber security issues under Section 5 of the Federal Trade Commission Act, which prohibits “deceptive” and “unfair” business practices generally. Beyond that general mandate, however, there are no hard-and-fast guidelines as to what the FTC considers to be “reasonable” by way of cyber security efforts a company may have taken before a breach. Indeed, the FTC has pointed to at least seven different sources of information as to what a company should do to keep customer and employee data safe:
HSE Partner and Chair of HSE's Privacy and Data Security Practice F. Paul Greene featured as part of the "Ask the Expert" Panel at the upcoming Upstate New York Regional Cybersecurity Forum.
Are You at Risk? Attend our upcoming Cyber Security Webinar
These days, news of the latest data breach - whether involving a local “mom and pop” store or a national retailer - is constantly breaking. If it seems like breaches are becoming more and more common, it’s because they are. Much more, as it turns out.