All posts by Ross McKean

As Datonomy readers will be aware, political agreement was reached on the new General Data Protection Regulation last month.  While we await formal ratification and a final text, Datonomy invites its readers to join a  webinar next week to take a first look at the key practical implications of the new rules. The webinar is being hosted by Datonomy's friends at US law firm Fenwick & West.  Robert Brownstone, Privacy co-chair and Electronic Information Management Chair of Fenwick & West LLP and Ross McKean, Head of Data Protection at Olswang LLP, will lead a discussion considering:
  • The timeline for implementation
  • When and where will GDPR apply, and which regulator(s) will be able to enforce it?
  • New rules for service providers
  • An overview of enhanced data subject rights
  • Data breach notification – the new rules and lessons learned from US experience
The registration link is here.  The 60 minute webinar will start at 5pm GMT, - … Continue Reading ››
Late on Friday 16 October, Europe’s data protection regulators issued an opinion enabling ongoing transfers of personal information from the EU to the US, at least for the time being. This followed on from the CJEU’s 6 October decision in the Schrems case that the so-called “safe harbor” regime used by more than 4000 US companies to legitimize the import of EU personal information was invalid. Following that decision a number of German data protection authorities ruled that “model clauses”, another mechanism used by thousands of other organisations to legitimize EU to US transfers, were also invalid. There was growing concern that the Article 29 Working Party, an influential body representing Europe’s data protection authorities, would follow the German approach creating more uncertainty and removing one of the few remaining limbs to support transfer. Businesses on both sides of the Atlantic can breathe a sigh of relief.  The opinion, although far from categorically … Continue Reading ››
One of Europe’s most senior lawyers, Advocate General Bot, today declared the EU-US Safe Harbour regime invalid.  His opinion has profound implications for organisations transferring personal data to the US or importing personal data from Europe.   Olswang explains the practical implications for companies transferring personal data from Europe to the US. What is safe harbour? The Data Protection Directive (95/46/EC) requires companies which collect personal data relating to EU citizens to retain such data within the European Economic Area unless it is being transferred to a jurisdiction which ensures ‘adequate’ protection for such personal data. Adequacy can be established in a number of ways, one of which is a declaration of approval of a particular jurisdiction’s regime for protecting personal data by the European Commission. In a decision of 26 July 2000, the European Commission declared that the safe harbour scheme established with the US provided adequate protection of personal data and … Continue Reading ››
Welcome to the latest edition of Olswang's Cyber Alert (PDF available here), a regular round up of regulation, best practice and news from our international cyber breach and crisis management team. Q2 has seen the publication of several major reports into the current threat landscape.  In this edition we review:
  • the Ponemon Institute’s tenth annual study into the cost of data breaches which gives insight into the measures that can reduce the cost of breaches – and those responses which can actually be counter-productive in terms of cost;
  • PwC’s 2015 breaches survey which reveals that one third of businesses are still failing to assess cyber risk; and
  • The first annual report of the UK Computer Emergency Response Team with its analysis of the key threats of the past year and its predictions for the year ahead.
In our regulatory radar section, we track the progress of various legislative initiatives including:
The Computer Emergency Response Team (CERT-UK) was launched in March 2014 to collaborate with industry, government and academia as part of the government’s holistic plan to enhance cyber resilience.  After just one year in operation, the organisation has become a central hub for the sharing of threat information (enabled by the Cyber Security Information Sharing Partnership (CiSP)) and their first annual report, published in May (covering April 2014 – March 2015), highlights the panoply of cyber intelligence that is now gathered and distributed in order to protect the UK economy and grow the cybersecurity industry. CERT’s weekly alerts, regularly detailed as part of Datonomy’s weekly cyber updates, have become an excellent source of bite-size information about the most recent and dangerous cyber threats and the availability of the industry’s most up to date software patches.  However, the annual report affords the opportunity for the organisation to really … Continue Reading ››
Olswang has just published the latest edition of the Cyber Alert, a regular round up of regulation, best practice and news from our international cyber breach and crisis management team.  There is a great deal to report since our last update in October 2014.  In February, the Olswang team visited our friends in the US, co-hosting a cyber workshop in Silicon Valley and presenting to the Los Angeles chapter of the IAPP on the latest status of the General Data Protection Regulation.  You can read our December 2014 status update on the draft Regulation, which includes an analysis of data breach notification here. In this edition:
Olswang supporting new technology and innovation: I presented on drone law to the Security and Defence Interest Group of Cambridge Wireless yesterday, hosted jointly by Olswang and the Knowledge Transfer Network. Despite being half term week we had a full house thanks to the great programme put together by Nicholas Hill of Cambridge Wireless’s Security & Defence SIG. Speakers included Nicholas Hill of Plextek Consulting; Professor Jim Scanlan of the University of Southampton’s Aerospace Division; Alan Brooke, Unmanned Aircraft Systems lead for the Centre for Applied Science & Technology of the Home Office, and myself. Is 2015 the year of the commercial drone? Drones – also known as small unmanned aircraft; remotely piloted aircraft systems, and a growing number of similar acronyms, continue to make news. They have come a long way from their military origins and took centre stage at the annual Consumer Electronics Show in Las Vegas in January. Some commentators … Continue Reading ››