General Data Protection Regulation (GDPR)

In April, we  blogged about the potential impact of the GDPR — which goes into effect this week (May 25) — on the public availability of WHOIS data. Ballard Intellectual Property attorney Tyler Marandola continues the discussion about WHIOS data in a recent interview with the CyberLaw and Business Report.  Listen to it  here.

One practical takeaway: if you have WHOIS searching to do, you should do it this week and save the results. WHOIS is likely to look very different (essentially just Organization Name and State/Province) as early as mid-next week.

 

 

As part of the Rocky Mountain Information Security Conference hosted in Denver from May 8 to 10, 2018, Ballard Spahr Privacy and Data Security attorney David Stauss sat down with Robb Reck, Chief Information Security Officer for Ping Identity and Alex Wood, Chief Information Security Officer for Pulte Financial Services. The group discussed a wide-range on cybersecurity issues as well as Robb and Alex’s involvement with the RMISC and their weekly podcast Colorado = Security.

Continue Reading Ballard Spahr Interviews Two Leaders of the Colorado Information Security Community

The ACC Foundation will be hosting a second webcast on May 1, 2018 at 12:00 EDT to discuss the results of the Foundation’s State of Cybersecurity Report.  You can sign up for the webcast here.

The Report surveyed 600 in-house counsel from around the world on a range of cybersecurity issues including data breach response, information security standards, GDPR preparation, vendor management and cyberinsurance.  The Report provides valuable cybersecurity benchmarking in a range of industries and identifies hot button issues for in-house counsel with responsibility for managing their company’s cybersecurity programs to consider.

The second webcast will focus on how companies interact with law enforcement in the wake of a data breach, trends in the appointment of a DPO under the GDPR, respondents’ views on proposed breach legislation, and gaps in information security programs.

Ballard Spahr served as a sponsor for the Report (as it did in 2015 for the first Report).  Phil Yannella, co-chair of Ballard’s Privacy & Data Security Group, served on the Advisory Board for the Report and will participate in the webcast.

The ACC Foundation will be hosting a webcast on April 18, 2018 at 12:00 EDT to discuss the preliminary results of the Foundation’s State of Cybersecurity Report.  This is the second Report of its kind that the ACC Foundation has published.  You can sign up for the webcast here.

The Report surveyed 600 in-house counsel from around the world on a range of cybersecurity issues including data breach response, information security standards, GDPR preparation, vendor management and cyberinsurance.  The Report provides valuable cybersecurity benchmarking in a range of industries and identifies hot button issues for in-house counsel with responsibility for managing their company’s cybersecurity programs to consider.

Ballard Spahr served as a sponsor for the Report (as it did in 2015 for the first Report).  Phil Yannella, co-chair of Ballard’s Privacy & Data Security Group, served on the Advisory Board for the Report and will participate in the webcast.

 

With the European Union’s General Data Protection Regulation (GDPR) set to go into effect on May 25, 2018, many questions remain as to what entities that control and process data from EU citizens must do to comply. One such issue is the ongoing effort by the Internet Corporation for Assigned Names and Numbers (ICANN) to ensure that the WHOIS service (an online database of identity and contact information for registrants of web domains) complies with GDPR. Continue Reading GDPR And The Future of WHOIS Data

The GDPR’s impact on the ability of U.S. litigants to conduct discovery of EU personal data is an issue that has received scant legal analysis. In a recent article for The Legal Intelligencer, Philip N. Yannella discusses the challenges, and potential costs, awaiting U.S. litigants as they attempt to conduct EU discovery under the GDPR.

You can check out the article here.

Among the more significant changes under the GDPR are new limitations on the use of consent to permit the processing of personal data. Recent WP29 guidelines on consent expand on previous opinions (for example Opinion 15/2011 regarding the definition of consent or Opinion 06/2014 regarding the legitimate interests of data controllers) and confirm that the use of consent must pass a very high bar to be effective under the GDPR.

Consent is one of six lawful bases to process personal data under the GDPR.  Article 4(11) of the GDPR defines consent as: “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” Continue Reading Analysis: WP29 Guidelines on Consent Under the GDPR

With the May 2018 deadline for compliance with the General Data Protection Regulation (GDPR) inching closer, U.S. multinational companies have been eagerly awaiting guidance from the Article 29 Working Party on key provisions, such as the use of algorithms to make processing decisions, the new 72-hour response period for data breaches, the meaning of consent under the GDPR, and the appointment of a Data Protection Officer. Over the next few weeks, we will be providing our analysis of recent WP29 guidance.

Today, we begin with new guidelines addressing the use of algorithmic processing engines – what the GDPR calls “automated decision-making.” According to the Guidelines, profiling is an automated form of processing, carried out on personal data, the objective of which is to evaluate personal aspects about a natural person. Continue Reading Analysis: Article 29 Working Party Guidelines on Automated Decision Making Under GDPR