The European Commission recently adopted a new set of Standard Contractual Clauses (SCCs) for organizations to use in compliance with the EU General Data Protection Regulation requirements for transfers of personal data from the European Economic Area. The previous SCCs were outdated and did not cover many common data processing scenarios. Organizations will have an 18-month transition period to adopt the new SCCs, but many parties will need this time to re-examine their dataflows and review their internal compliance procedures to meet the exacting new standards.
Category: Data Strategy
Second Circuit Addresses Critical Issue in Data Breach Class Actions: Article III Standing Based on Allegations of Future Misuse of Personal Data
On April 26, 2021, the Second Circuit Court of Appeals decided the case of McMorris v. Carlos Lopez & Assocs., No. 19-4310, 2021 WL 1603808 (2d Cir. Apr. 26, 2021) and addressed one of the most critical issues in private data breach class actions – whether victims of a data breach can establish Article III standing by alleging they are at an increased risk of identity theft or fraud, even if their personal data has not yet been misused.
Although the district court’s ruling that plaintiffs did not establish standing was upheld, the Second Circuit found that victims of a data breach can establish standing based on a risk of future identity theft or fraud. The court also put forward a three-factor test to determine if standing exists when misuse of plaintiffs’ data has not yet occurred.
The U.S. in the AI Era: the National Security Commission on Artificial Intelligence Releases Report Detailing Policy Recommendations
On March 1, 2021, the National Security Commission on Artificial Intelligence (NSCAI) released its 700-page Final Report (the “Report”), which presents NSCAI’s recommendations for “winning the AI era” (The Report can be accessed here). This Report issues an urgent warning to President Biden and Congress: if the United States fails to significantly accelerate its understanding and use of AI technology, it will face unprecedented threats to its national security and economic stability. Specifically, the Report cautions that the United States “is not organizing or investing to win the technology competition against a committed competitor, nor is it prepared to defend against AI-enabled threats and rapidly adopt AI applications for national security purposes.”
In the Final Report, NSCAI makes a number of detailed policy recommendations “to advance the development of AI, machine learning, and associated technologies to comprehensively address the national security and defense needs of the United States.” The Report, its findings and recommendations all signal deep concern that the U.S. has underinvested in AI and must play catch-up in order to safeguard its future.
Faegre Drinker on Law and Technology Podcast: Tritura, QuarterJack and Artificial Intelligence
In the inaugural episode of the Faegre Drinker on Law and Technology Podcast, Faegre Drinker Counsel Jason G. Weiss and Chief Data Scientist Bennett Borden discuss how data analytics can be an asset in various legal issues. In particular, they explain how Faegre Drinker’s data science subsidiary Tritura — and its new artificial intelligence engine, QuarterJack — can unlock efficiencies in legal services.
Emerging Cyber-Security Threats for 2020: The Rise of Disruptionware and High-Impact Ransomware Attacks
Disruptionware is defined by the Institute for Critical Infrastructure Technology (ICIT) as a new and “emerging category of malware designed to suspend operations within a victim organization through the compromise of the availability, integrity and confidentiality of the systems, networks and data belonging to the target.” New forms of disruptionware can be a more crippling form of cyber-attack than other more “garden-variety” malware and ransomware attacks. This is the case since, as the ICIT notes, disruptionware not only attempts to encrypt and deny users access to their data, but works as a “layered attack” designed to “disrupt operations and production in manufacturing or industrial environments (as well as infrastructure) in order to achieve some other strategic goal.”
U.S. State Department Changes Export Control Requirements for Secure Handling of Defense Technical Data, Easing Burden on U.S. Industry
On December 26, 2019, the U.S. State Department’s Directorate of Defense Trade Controls announced it is amending the International Traffic in Arms Regulations (ITAR) to streamline requirements for the secure storage and transfer of defense technical data. This rule change has important implications for IT service providers and companies that may wish to use cloud-based systems and services for the transfer, processing, and storage of ITAR technical data.
Read the full alert to learn about the new regulations and their potential benefits to U.S. companies and their overseas partners.