eWhite House Watch returned for another great opportunity to report on the annual International Association of Privacy Professionals (IAPP) Global Privacy Summit in Washington D.C..  In the world of Cambridge Analytica and Facebook troubles, GDPR, and most recently, the new California privacy law, data protection and privacy have become a mainstream topic of conversation.  That is why the IAPP Global Privacy Summit of 2018 this year was described as “A Monumental Conference for A Profession at Crossroads.” As always, the world’s biggest privacy conference hosted more than 3,500 attendees, collaborating and seeking answers to important global privacy issues, highlighting topics such as survival, resilience, digital reputation, and equality, with a large focus in trust.  These issues were driven home by the conference’s distinguished Keynote Speakers, including  Social Activist, Writer, and Public Speaker Monica Lewinsky; MEP, International Trade, TiSA Rapporteur Viviane Reding; Writer, Broadcaster, Journalist, and Documentary Filmmaker Jon Ronson, Professor at Columbia University and contributing Editor of the Financial Times Simon Schama; and Birgit Sippel, MEP, Group of the Progressive Alliance of Socialists and Democrats.  The keynote speakers gave in depth discussions on issues central to the conference such as the EU’s position in global trade and the digital economy, spearheaded by MEP Reding. Additional topics included changes in the internet and the growing prominence of social media as well as the EU’s new Privacy regulation and their stance on Privacy in the 21st century.    The Conference hosted a plethora of other speakers, ranging from in-house counsel at prominent corporations, government officials, and cybersecurity experts.   In the segment titled “A Fireside Chat with the Chair of the Article 29 Working Party”, Chairwomen of the WP 29 and Director of the Austrian Data Protection Authority Andrea Jelinek, together with Corporate VP and Deputy General Counsel at Microsoft Julie Brill discussed the main areas of uncertainty remaining in the GDPR.  These two prominent speakers brought forth important questions such as: What will enforcement look like once the GDPR comes into effect? How will European regulators handle and coordinate cross-boarder investigations? How do DPAs keep up-to-date on artificial intelligence, machine learning, and similar advanced technologies? And what will data protection look like five years from now?  Staying true to years past, the conference hosted many remarkable panels and discussions.  Some interesting sessions included: Mitigating Human Risk Factors Through Privacy and Cybersecurity Training; Regulating for Results: Effective Use of Both Carrot and Stick; and Privileged & Confidential… And Lets Keep It That Way! One of the most helpful sessions for in-house counsel who assist their companies in compliance was Vendor Risk 2.0. The panel, consisting of privacy pros Michelle Beistle, Dori Kuchinsky and Charlotte Young, focused on such issues as how to set up a process for both, new and existing, vendors, what clauses to have in their contracts, find out what type of data is shared with them and what type of protections are in place. The Meeting Challenges of Privacy, Security and GDPR Compliance in the Cloud session focused on the key issues in cloud privacy space.  With the exponential growth of cloud use by the business, how to tackle compliance while assisting your business in accomplishing their goals takes center stage. The Summit also focused on international topics, spotlighting issues involving compliance with and enforcement of GDPR as well as trans-border data flows.  In the “Privacy Shield as the GDPR Comes Online” session, such distinguished speakers as Bruno Gencarelli, the Head of International Data Flows and Protection, European Commission, explained how while Privacy Shield facilitates transatlantic data flows, its intersection with the GDPR may present challenges. The panel’s warning about the Privacy Shield effectiveness has come true when recently the European Parliament threatened to suspect it until the United Stated complies with its terms. No surprisingly, the Parliament specifically referred to Facebook and Cambridge Analytica- both were certified under the Privacy Shield.   Staying true to its reputation, the Summit ushered in thousands of privacy practitioners and provided the opportunity to spread a wealth of knowledge and information from across continents and allowed practitioners to network, correspond on prominent privacy and security issues, and discuss the changing privacy and cyber landscape.  The mindset of the conference can be summed up by Keynote Speaker MEP Reding’s challenge: “Do you want to be a standard maker or a standard taker?” 

Angela M. Cooper January 28th, 2018   On January 28th, 2018 the United States, and many other nations, celebrated National Data Privacy Day. The Data Protection Day celebration in Europe pre-dated the US and Canadian celebrations. Data Protection Day commemorates the signing of the Council of Europe’s Convention 108. The Convention was the first legally binding international treaty dealing with privacy and data protection in history. The treaty was signed and ratified by 51 nations including 9 non-Council of Europe members. While the US did not sign the treaty, they have enacted resolutions for there to be an official day of observance for Data Protection. This day of observance was established in 2009 by the 111th US Congress’ enactment of Senate resolution 25 and House resolution 31. The 2010 version, in Senate resolution 402, “[r]esolved[] that the Senate--

By: Angela M. Cooper 1/17/2018   Recent news has sent Intel stock dropping and cyber-threat analysis upgrading the threat level. The ‘Intel chip’ vulnerability, which allows personal data to be accessible on devices using Intel chips, has been evolving through recent updates. It now includes more than just Intel chips, unlike the original reports seem to indicate. The vulnerability may have been characterized as an ‘Intel’ issue, but it is not limited to Intel’s processor chips. Indeed, the vulnerability is for most processor chips found in most computing devices. Different processors, including AMD and ARM, may have varying levels of vulnerability and are currently under review.

January 9th, 2018 By: Connor Breza   To close out 2017, on December 4th and 5th ALM Media hosted its annual cyberSecure 2017 conference in New York City.  The two day conference, which took a holistic approach to cyber-security, brought together professionals across industries and functions to better prepare corporations and corporate leaders for cyber risks and to “shape policies, risk management strategy, compliance programs, and an organization’s cyber-incident response playbook.”  The event’s main focus was to educate in-house counsel, compliance and privacy officers, technology solution providers, law firms and advisory consulting professionals on ways to improve their preparedness and response time to the growing dangers of cyber attacks that may hinder a business’s functionality, and to provide better strategies to strengthen corporate “cyber resiliency.”

By: Connor Breza 10/26/2017   This year, eWhite House Watch had the privilege of attending the Association of Corporate Counsel’s 2017 Annual Meeting in Washington D.C. on October 16–18, 2017.  Corporate Counsel from around the world flocked to the nation’s capital for what is recognized to be “the world’s largest gathering of in-house counsel.”  Beginning on Sunday October 15, the convention continued into Wednesday the 18th, hosting a plethora of events geared toward educating in-house lawyers on the latest on current legal issues and providing an excellent opportunity to network and broaden attendees’ legal horizons.

September 14th, 2017 By: Connor Breza   Responding to Secretary of State Tillerson’s plans to eliminate and consolidate the State Department’s Office of the Coordinator for Cyber Issues, lawmakers spanning across party lines have proposed a bill this week to preserve the department and strengthen U.S. cyber security and diplomacy.  In a statement last week, Congressman Ted W. Lieu announced a bipartisan bill titled the Cyber Diplomacy Act, introduced by Congressman Royce of California, which Congressman Lieu claims “will build the structure, strategy and oversight at the State Department to ensure that U.S. leadership extends to the critical areas of cyberspace.”