Achieved Compliance Approved for Participation in Privacy Shield: Program Essential to Any Company Moving Data from the EU to the U.S.

Achieved Compliance is pleased to announce that it has been approved to participate in the EU-U.S. “Privacy Shield” program. The Privacy Shield provides companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. The Privacy Shield updates the Safe Harbor regime that had supported data flows between the jurisdictions since 2000. As a participant in the Privacy Shield, Achieved Compliance meets all EU legal requirements for protection of data about EU citizens. Companies that use Achieved Compliance software and services can rest assured that we are committed to protecting data…

READ MORE

You Can’t Outsource Liability for Failure To Protect Data – Fine Issued for Negligence in Overseeing a Vendor’s Performance

If a recent decision of the French Data Protection Authority (CNIL) is any indication, companies can expect that data protection authorities will hold them responsible for ensuring that the vendors they contract with can secure and protect the company’s personal data. On July 27, 2017, the French Data Protection Authority (CNIL) fined the Hertz Corporation €40,000 when information about approximately 35,000 users was exposed to inappropriate access because of the negligence of a vendor in charge of designing the Hertz France website. The privacy office’s enforcement committee July 18 held that Hertz failed to meet its data security obligations. The enforcement audit of the company’s website determined that a…

READ MORE

UK Authority Warns Small Companies: “Data Protection Laws Apply to You” Fining an SME £60,000 for Failing To Take Basic Steps

The UK Information Commissioner’s Office sent a clear signal last month that it is paying close attention to the data protection measures taken by small and medium sized companies. In a statement published June 27, 2017 titled “Warning to SMEs as firm hit by cyber attack fined £60,000” (i.e. about $80,000 U.S.), the ICO announced an action against Boomerang Video, a small Internet company based in Berkshire, England, for failure to take appropriate steps to secure customer information. ICO enforcement manager, Anne Poole said: “Regardless of your size, if you are a business that handles personal information then data protection laws apply to you.  “If a company is subject to…

READ MORE

Sequel Announces PrivacyMinder™ Platform

I am pleased to announce the launch of PrivacyMinder™, a new tool Sequel Technology & IP Law is offering to help you comply with data protection laws. PrivacyMinder brings together our deep experience in client counseling with the benefits of easy-to-use technology, a suite of educational videos, and a robust template database. PrivacyMinder is specially designed to meet the needs of companies that do not have the benefit of a compliance staff or legal counsel skilled in this area. PrivacyMinder was originally designed to assist companies in meeting the requirements of new laws like the EU’s General Data Protection Regulation. But it does more: PrivacyMinder helps you understand…

READ MORE

The Countdown Is On – One Year to GDPR & SMEs Lag In Competitiveness and Compliance

This week marks exactly one year until EU individuals will have new rights with respect to how all businesses must protect personal data. Whether a particular business is big or small, based in the EU or based in the US, each must fully comply with the game-changing General Data Protection Regulation (GDPR). GDPR took center stage in Berlin recently, when policymakers, businesses, and regulators from 20 countries met in Berlin at the 7th annual European Data Protection Days conference. Nearly every speaker emphasized the challenges the regulation raises for small and medium sized companies (SMEs) and the critical need for those companies to comply. Companies of all sizes…

READ MORE