In 2002, Congress enacted the Supporting Anti-Terrorism by Fostering Effective Technologies Act (“the SAFETY Act”) to limit the liabilities that energy, financial, manufacturing and other critical infrastructure companies face in the event of a serious cyber or physical security attack. Continue Reading Webinar on the SAFETY Act and Cybersecurity: Protecting Your Reputation and Reducing Liability Risk

On July 19, 2016, Advocate General Saugmandsgaard Oe (“Advocate General”), published his Opinion on two joined cases relating to data retention requirements in the EU, C-203/15 and C-698/15. These cases were brought following the Court of Justice for the European Union’s (“CJEU’s”) decision in the Digital Rights Ireland case, which invalidated Directive 2006/24/EC on data retention. The two cases, referred from courts in Sweden and the UK respectively, sought to establish whether a general obligation to retain data is compatible with the fundamental rights to privacy and data protection under EU law. Continue Reading Advocate General Finds Member States May Not Breach EU Laws Over Electronic Communications Retention

In our August 2009 blog post on data protection issues in China, we noted that there was no uniform Chinese law that specifically addresses the protection of personal data, and that it seemed likely that Chinese personal information protection law would continue to develop as a patchwork of piecemeal regulations. This remains true today, and developments since our previous article was published have in fact reinforced this assumption. In the past year and a half, new laws affecting personal information protection in China have arisen in various forms, including a consumer protection law and regulations, a tort law, a medical records regulation, a social insurance law, a credit reference regulation and even an anti-money laundering banking regulation. Our recent article provides updates on Chinese data protection law.

A Summary of Developments in Personal Information Protection in China was originally published on the DataGuidance website.

The Yomiuri Shimbun has been following a story regarding the November 25, 2010, release by a Tokyo publisher of a book containing Tokyo Metropolitan Police Department anti-terrorism documents that were leaked on the Internet in October.  According to reports, the book (“Leaked Police Terrorism Info: All Data”) contains 469 pages of unedited personal information of foreign residents who are being monitored by Japanese authorities, as well as the names of the police officers involved in the cases and individuals who have cooperated with police investigations.  On November 29, a District Court in Tokyo halted sales of the book after several affected individuals demanded a court order to prevent further damage.  Publication suspensions of this nature are rare in Japan, as the Japanese Constitution guarantees freedom of speech and prohibits censorship.

The Metropolitan Police Department’s investigation is ongoing at this time.  The MPD has not yet confirmed the authenticity of the leaked documents, which continue to be downloaded by Internet users around the world.

On November 30, the Council of the European Union agreed to allow U.S. anti-terrorism authorities access to financial data of individuals located in the EU under certain circumstances. Under the agreement, U.S. authorities will continue to have access to data collected by Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) after a SWIFT database located in Switzerland becomes active later this year (the data had previously been processed in a database located in the U.S.). The agreement contains restrictions on access to the data that have been negotiated between the EU and the U.S. (e.g., access will be limited to data that relate to individuals with links to terrorist activities; U.S. authorities will not have access to data concerning intra-European transactions; and U.S. authorities seeking access to personal data will have to tailor their requests narrowly and justify their requests to the U.S. Department of the Treasury). The agreement will run until October 31, 2010, after which time a further agreement between the U.S. and the EU would have to be negotiated for the U.S. authorities to continue to have access to the data. The agreement was reached despite the abstention from voting of the governments of Austria, Germany, Greece and Hungary because of data protection concerns. Under the EU’s new Lisbon Treaty (which went into effect on December 1, 2009), any further agreement will require participation by the European Parliament, which has been highly critical of the agreement.