Laura Clark Fey to Present on GDPR at Denver Summit for Senior Information Security Leaders

Laura Clark Fey, CIPP/US, CIPP/E, CIPM, FIP, Principal of Fey LLC, will speak to senior information security leaders at the 2017 Alliance Leadership Summit on “Overcoming EU GDPR Challenges at the Intersection of Privacy and Security.”  She will co-present with Leon Ravenna, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, FIP, PMP, Chief Information Security Officer of KAR…


Fey to Moderate Upcoming Cybersecurity & Privacy Regulator/Prosecutor Panel in Chicago

Next week, Laura Clark Fey, CIPP/US, CIPP/E, CIPM, FIP, Principal of Fey LLC, will moderate a panel at the DRI Cybersecurity and Data Privacy Seminar that will provide seminar participants with an opportunity to not only listen to two regulators and a prosecutor talk about important privacy and cybersecurity issues—but also to interact directly with…


Less than One Year until EU GDPR: Recommended Steps to Take Now

It is now less than one year before the EU General Data Protection Regulation (“GDPR”) takes effect—bringing with it increased compliance obligations, penalties (as high as 20 million euros or 4% annual worldwide turnover), and enforcement.  EU regulators have already advised organizations that there will be no grace period for compliance after May 25, 2018. …


Reason to Move Onward: The Privacy Shield’s Limited-Time-Only Grace Period

If your company plans to join the Privacy Shield, if possible, you should try to self-certify by September 30, 2016.  By doing so, you will be able to take advantage of a nine-month grace period to bring existing third-party relationships in conformance with the Accountability for Onward Transfer Principle.  Why is this nine-month grace period…


Implementing an Actionable, Right-Sized Records Retention Schedule

Our August 9 blog post addressed how current privacy and security regulatory developments were making the case for implementing processes for the prompt and defensible disposition of your company’s records and information.  Before there can be defensible disposition, however, it is first necessary for a company to develop and implement an actionable, right-sized records retention…


Privacy and Security Regulatory Developments Make the Case for Defensible Disposition

There is a strong business case for defensible disposition, which is the process of disposing of company information when it is no longer needed for business or legal purposes.  Key business benefits for defensible disposition include saving costs for storage; improving operational efficiency by better enabling employees to access needed information without having to wade…


Article 29 Working Party Releases Statement on Final EU-U.S. Privacy Shield

Yesterday, the Article 29 Working Party (“Working Party”) released a statement concerning the final version of the EU-U.S. Privacy Shield.  Yesterday’s statement from the Working Party is generally more favorable than its April opinion on the previous draft Privacy Shield.  Here are our key takeaways from yesterday’s press release: The Working Party Considers the Privacy…


Laura Fey Discusses the “Internet-of-Everything” and Top Privacy Tips

Laura Fey is quoted in a Super Lawyers® feature story, “Is Privacy Dead?: Navigating the Digital Age with Top Privacy and Technology Lawyers.”  In the piece, Laura shares her thoughts on what she calls the “Internet-of-Everything,” the increasing prevalence of devices that track the movements, health conditions, habits, etc. of human beings. Laura also shared…


Four Steps for a Successful Information Governance Program

Today, we celebrate Global Information Governance Day, established in 2013 as an international celebration of information governance, which is the practice of putting in place the people, processes, and technologies that allow entities to maximize the value of their information, while minimizing business and legal risks and costs.  In honor of this fourth annual Global…


Article 29 Working Party Provides Some Answers, But Few Assurances on Future of Transatlantic Data Transfers

The decision of the Court of Justice of the European Union (CJEU) invalidating the U.S.-EU Safe Harbor in Schrems v. Data Protection Commissioner (C-362-14) left countless companies with questions concerning how broadly that decision will be interpreted; when and how the decision will be enforced; and whether and how companies can lawfully transfer data from…