Last November, Taft’s Scot Ganow and Bill Wagner wrote on Ohio first-of-its kind state legislation which would provide companies a safe harbor from some litigation resulting from a data breach. This month, Governor John Kasich signed the Ohio Senate Bill 220, also known as the Ohio Data Protection Act, into law. The law goes into effect in November, and is aimed at providing entities conducting business in Ohio with special protection from litigation in the event of a security incident or breach under certain circumstances. Specifically, the law creates a safe harbor affirmative defense when an entity adopts cybersecurity measures designed to: (1) protect the security and confidentiality of personal information; (2) protect against any anticipated threats or hazards to the security or integrity of the personal information; and (3) protect against unauthorized access to and acquisition of information that is likely to result in a material risk of identity theft or other fraud.

Continue Reading

The Article 29 Working Party recently issued a statement regarding the CJEU Max Schrems Safe Harbor case. It announced that the European Union and the United States will have until the end of January 2016 to find a political, technical, or legal solution to the now invalidated Safe Harbor agreement for transfer of data from the E.U. to the U.S.

The Working Party noted, however, that such transfers that are still taking place under the Safe Harbor after the CJEU
Continue Reading

global techThe agreement that allowed the transfer of personal data between businesses in the United States and the European Union was invalidated by the European Court of Justice on October 6, 2015. This “safe harbor” agreement had been in place since 2000. The Court’s decision throws into doubt the data collection and transfer practices of countless US businesses.

The safe harbor agreement was necessary because, under the European Data Protection Directive, the US is not considered to be a country with
Continue Reading