In the past two months, the federal government has issued several cybersecurity-related regulations that are or will be directly or indirectly applicable to a wide variety of federal contractors and subcontractors.  Additional rules (including a blanket FAR provision) are expected, but the three rules below present an interrelated set of requirements and standards that federal

Yesterday, the European Commission (EC) adopted its long-awaited decision endorsing the EU-US privacy shield. This is the latest milestone in restoring a stable legal basis for transatlantic flows of personal data, since the Court of Justice of the EU annulled the EU-US Safe Harbor program in its judgment in the Schrems case in October 2015.
Continue Reading European Commission Endorses EU-US “Privacy Shield”

Last month, Turkey’s new “Law on the Protection of Personal Data” entered into force.  It provides a framework similar to the European Union’s data protection regime.  The law applies to personal data processed “wholly or partly by automatic means” and to non-automatic processing of personal data “which form part of a filing system.”  The law also requires the establishment of a Data Protection Authority and a Data Protection Board by October 7, 2016 to oversee its provisions, including establishing and maintaining a registry of active data controllers, which must register with the Board.

The law defines “personal data” as any information relating to an identified or identifiable living individual.  It defines “sensitive data” (on which additional processing obligations are imposed) as information that reveals racial or ethnic origin; political opinions; religious or philosophical beliefs; appearance; memberships in unions, associations or foundations; as well as information about health, sexual life, criminal records, punitive measures, and biometric and genetic data.
Continue Reading Turkey Enacts Data Protection Law

On the October 2 episode of the Steptoe Cyberlaw Podcast, Maury Shenk and Stewart Baker discussed the implications of a highly influential advisor to the European Court of Justice (ECJ) criticizing the “Safe Harbor” agreement between the European Union and the United States that allows companies to transfer data between both regions,