Alston & Bird Privacy, Cyber & Data Strategy Blog

Regulation

The Digital Single Market Strategy and EU Data Security Policies

By

The landscape of data security regulation within the European Union will likely change drastically over the next few years.  In just the latest indicator of this regulatory revolution, the European Commission adopted on May 6, 2015 the heavily anticipated Digital Single Market (DSM) strategy, a multifaceted package of initiatives aimed at reducing or eliminating barriers […]

RadioShack Agrees to Significant Limitations in Sale of Customer Data Following Pressure from State Regulators and the FTC

By

In what may become viewed as the de facto standard for selling customer information in bankruptcies, a Delaware bankruptcy court approved, on May 20, 2015, a multi-party agreement that would substantially limit RadioShack’s ability to sell 117 million customer records. The agreement was entered into by RadioShack Corp., General Wireless Inc., and 17 state attorney generals as […]

FTC Looks “More Favorably” Upon Companies That Report Data Breaches to Law Enforcement

By

The Federal Trade Commission recently announced that it views companies that report data breaches to appropriate law enforcers “more favorably” than those companies that are less cooperative.  Mark Eichorn, Assistant Director in the Bureau of Consumer Protection’s Division of Privacy and Identity Protection, included the announcement in a May 20, 2015 blog post, describing a […]

Alston & Bird issues a Privacy and Security ADVISORY on Russia’s new Data Localization Law

By

Today, Alston & Bird issued a Privacy and Security ADVISORY on Russia’s new Data Localization Law will take effect in September, 2015.  Penalties for non-compliance can be severe, including suspension of offending websites. Our Privacy & Data Security Group gives details on the law, the compliance challenges facing U.S. companies, and the solutions available to them. […]

North Dakota Updates Data Breach Law

By

North Dakota recently amended its data breach notification law to clarify that the obligation to notify individuals of a breach applies to any entity that “owns or licenses” personal information of the residents of North Dakota. Previously, the obligation to report a breach only applied to those “that conduct[ ] business in the state.” In […]