Data Security

UK National Cyber Security Centre Advisory: Russian Attackers, APT29, Targets Companies Involved in COVID-19 Vaccine Development

July 17, 2020 By Kim Peretti and Privacy, Cyber & Data Strategy Team

Yesterday, the UK National Cyber Security Centre and Canada’s Communications Security Establishment released an advisory linking APT29 (also known as, ‘the Dukes’ or ‘Cozy Bear’) to attacks against COVID-19 vaccine development in Canada, the US and the UK. The Advisory stated that APT29 is “almost certainly part of the Russian intelligence services.” APT29/Cozy Bear was […]

‘Schrems II’ backs the European legal regime into a corner — How can it get out?

July 16, 2020 By Dorian Simmons

On July 16, the Court of Justice of the European Union struck down the EU-U.S. Privacy Shield in the ‘Schrems 2.0’ Case (Facebook Ireland and Schrems (Case C-311/18)). In an article for the International Association of Privacy Professionals, Alston & Bird Senior Counsel Peter Swire analyzes the decision and discusses potential implications, including those relating […]

Schrems 2.0: CJEU invalidates EU-US Privacy Shield and emphasizes exporter obligations when using Standard Contractual Clauses

July 16, 2020 By Paul Greaves and Wim Nauwelaerts

Executive Summary Today, the Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of legitimizing transfers of personal data outside the EEA under the EU General Data Protection Regulation (‘GDPR’)[1]. In somewhat of a […]

SEC’s OCIE Issues Ransomware Risk Alert

July 13, 2020 By Kate Hanniford

On July 10, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert noting the increasing sophistication of ransomware attacks on SEC registrants and service providers to SEC registrants. The Risk Alert is notable for its encouragement of financial services market participants more broadly and not just SEC registrants to monitor CISA […]

Japan’s Personal Information Protection Committee releases guidance on contact tracing mobile apps to combat COVID-19

May 4, 2020 By Maki DePalo

On May 1, the Personal Information Protection Committee in Japan (PPC) released guidance on the use of contact tracing mobile apps (Apps) as one of the mechanisms to combat the spread of COVID-19 and highlighted five essential consideration points. Specifically, the PPC recommends that all “personal information handling business operators” carefully consider, and disclose their […]