Tennessee has joined a handful of other states to provide certain safe harbors in the cybersecurity realm. Unlike others, the law sites beside -but does not modify- the states’ data breach notification law. Also unlike others, the safe harbor is very narrowly tailored, and is not triggered by having a data security program.Continue Reading Impact of Tennessee’s Cybersecurity Class Action Safe Harbor
safe harbor
Utah Creates Data Breach Safe Harbor
Utah recently amended its breach notice law to provide certain defenses to companies who suffer a data breach. It is now the second state, after Ohio, to include such provisions. Specifically, entities that create and reasonably comply with a written cybersecurity program may have an affirmative defense to litigation resulting after a data breach. For the safe harbor to apply, the written cybersecurity program must:
Continue Reading Utah Creates Data Breach Safe Harbor
EU-US Privacy Shield: Brace Yourself . . . or Maybe Not
On February 29, 2016, the European Commission and United States released the terms of the much-anticipated renewed framework for the transfer, sharing, and processing of European individuals’ data to the United States. The framework replaces the “Safe Harbour” mechanism, which enabled U.S. companies to transfer data from the EU to the United States by self-certifying that their practices ensured an adequate level of protection for personal data under the EU Data Protection Directive. In October, the “Safe Harbour” framework was declared invalid by the European Court of Justice in the Schrems decision covered earlier in this blog.
Continue Reading EU-US Privacy Shield: Brace Yourself . . . or Maybe Not