Tag Archives: Cloud Computing

Mexico Issues New Privacy Regulations Effective December 22, 2011

Posted on December 21, 2011 by Hunton & Williams LLP

On December 21, 2011, Mexico issued the final version of its Regulations of the Federal Law for the Protection of Personal Data Held by Private Parties (Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares). The regulations, which contain mostly minor changes to the prior draft that was released in October, will take effect on December 22, 2011. Notable updates in this final draft include:

  • clarification of notice and consent requirements;
  • changes to restrictions on cloud computing;
  • updates to requirements regarding data transfers; and
  • clarifications regarding data subjects’ rights.
Tags: , ,

EU Commissioner Reding Promotes Use of BCRs at IAPP Congress in Paris

Posted on November 29, 2011 by Hunton & Williams LLP

On November 29, 2011, at the International Association of Privacy Professionals (“IAPP”) Europe Data Protection Congress in Paris, France, Viviane Reding, Vice President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, provided insight into details of the proposals for the revised EU data protection framework. She focused explicitly on solutions for international data transfers, promoting Binding Corporate Rules (“BCRs”) as a solution that can offer a simplified, yet comprehensive, structure for safeguarding international flows of data. Commissioner Reding referred to BCRs as offering the possibility of consistent enforcement and legal certainty, without stifling innovation.

Continue reading…

Tags: , , ,

Mexico’s Ministry of Economy Releases Updated Data Protection Regulations

Posted on October 21, 2011 by Hunton & Williams LLP

On October 20, 2011, Mexico’s Ministry of Economy made public an update to its proposed Regulations to the Federal Law for the Protection of Personal Data Held by Private Parties. The new draft regulations, which contain changes made in light of public comments on the prior version, will take effect if they receive final executive approval, which may happen later this year. The updates to the draft regulations include:

  • Rules specific to cloud computing
  • Clarification of notice requirements
  • Clarification of consent requirements
  • Exemptions for certain business contact information
  • Revisions to data transfer restrictions
  • Updated security and breach notification provisions
  • Revised requirements for self-regulatory schemes
  • Revisions to provisions governing the exercise of data subjects’ rights
Tags: , , , ,

French Data Protection Authority Launches Public Consultation on Cloud Computing

Posted on October 17, 2011 by Hunton & Williams LLP

On October 17, 2011, the French Data Protection Authority (the “CNIL”) launched a public consultation on cloud computing (the “Consultation”). The Consultation seeks to gather opinions from stakeholders (clients, providers, consultants) regarding cloud computing services for businesses, to identify legal and technical solutions that address data protection concerns while taking into account the economic interests involved.

Continue reading…

Tags: , , , , , ,

German DPAs Issue Resolution and Guidance Paper on Cloud Computing and Compliance with Data Protection Law

Posted on October 5, 2011 by Hunton & Williams LLP

On September 29, 2011, the German federal and state data protection authorities (“DPAs”) issued a resolution on cloud computing and compliance with data protection law. The publication was released in conjunction with the DPAs’ 82nd annual conference.

Continue reading…

Tags: , , ,

Strategies for Evaluating Cloud Computing Agreements

Posted on July 14, 2011 by Hunton & Williams LLP

In April 2011, a technical malfunction suffered by the Amazon Elastic Compute Cloud resulted in a multi-day outage affecting hundreds of businesses.  The incident offered high-profile evidence of both the widespread popularity of cloud computing and the potential consequences of storing company data in the cloud.  It also drew attention to cloud service contracts, raising questions about performance levels and backups in the event of a service disruption.  With more and more businesses seeking to take advantage of the efficiency and cost savings offered by cloud computing, the lessons of the Amazon outage underscore the complexities involved in negotiating cloud computing agreements.  In an article published in Bloomberg Law Reports, Technology Law, Andrew Geyer and Melinda McLellan discuss some of the key commercial issues and privacy and data security concerns to consider when evaluating a cloud services contract.

Download a pdf copy of the article.

Tags: , ,

PCI Data Security Standards Council Provides Cloud Compliance Guidelines

Posted on June 21, 2011 by Hunton & Williams LLP

On June 14, 2011, the PCI Security Standards Council’s Virtualization Special Interest Group published its “Information Supplement: PCI DSS Virtualization Guidelines”(the “Guidelines”) to Version 2.0 of the PCI Data Security Standard (“PCI DSS”).  The Guidelines provide context for the application of the PCI DSS to cloud and other virtual environments, and offer at least three critical reminders:

  • the PCI DSS applies to cloud environments without exception; 
  • critical analysis of the application of the PCI DSS to rapidly evolving cloud offerings is essential to compliance; and
  • cloud providers must be prepared to document and contract for necessary controls.

Continue reading…

Tags: , , , ,

European Data Protection Supervisor Publishes 2010 Annual Report; Sets Agenda for the Future

Posted on June 17, 2011 by Hunton & Williams LLP

On June 15, 2011, European Data Protection Supervisor (“EDPS”) Peter Hustinx gave a press conference to present his annual report for 2010.  The annual report provides an overview of the EDPS’ main activities in 2010 and sets forth key priorities and challenges for the future.

In his speech, Hustinx focused primarily on the review of the EU data protection framework and the Data Retention Directive.  He referenced his recent Opinion in which he concluded that the Data Retention Directive does not meet general EU data protection requirements and that the European Commission should explore the possibility of replacing it with alternative measures such as data preservation through a “quick freeze” procedure.  Hustinx also stated his intention to keep a close eye on any developments with respect to RFID technology, cloud computing and online enforcement of intellectual property rights. Continue reading…

Tags: , , , , , , ,

Live Coverage from Budapest: Day One of the Hungarian International Data Protection Conference

Posted on June 16, 2011 by Hunton & Williams LLP

On June 16, 2011, the Hungarian Presidency of the Council of the European Union hosted the first day of a high-level international data protection conference in Budapest.  The conference was attended by approximately 150 people, most of whom are representatives of EU governments, data protection authorities (“DPAs”), the European Commission, and other governmental groups such as the Council of Europe. 

Continue reading…

Tags: , , , , , , , ,

Complaint to FTC Alleges Cloud Service Dropbox Fails to Sync Security with Representations

Posted on May 26, 2011 by Hunton & Williams LLP

According to a complaint submitted to the Federal Trade Commission on May 11, 2011, the popular cloud-based data storage provider Dropbox, Inc. made false claims about the security of its users’ data, thereby putting them at risk while gaining an unfair advantage over competitors that actually offer the sort of security Dropbox advertised.  The Dropbox service allows users to create folders on their computers that automatically sync with corresponding folders on Dropbox’s servers.  Users can specify whether their folders are public or private.  The allegations concern the folders designated as private, which are touted as being protected by encryption.  According to the complaint, which was filed by Christopher Soghoian (a security researcher and former technologist at the FTC’s Division of Privacy and Identity Protection), although Dropbox represented that its encryption features would render a user’s files completely inaccessible to any person other than the user, in fact, Dropbox employees maintained copies of the encryption keys and could therefore access the contents of users’ files.  This left Dropbox users’ files susceptible to unauthorized access (e.g., governmental demands for data, hacking attacks, rogue insiders). Continue reading…

Tags: