Following the CJEU decision in the Schrems Case on 6 October 2015 invalidating the Safe Harbour regime, the Article 29 Working Party (the group comprised of representatives of European national data protection authorities (Article 29WP)) gave the EU and US a three month timeline in which to agree a political solution to replace Safe Harbour. Following intense negotiations, political agreement on the core elements of a new EU/US Privacy Shield was announced yesterday.
The Department of Justice yesterday published the Criminal Justice (Offences Relating to Information Systems) Bill 2016. The Bill, which is long overdue, will replace some of the existing patchwork of cybercrime legislation.
The primary purpose of the Bill is to transpose the European Directive 2013/40 or the Cybercrime Directive as it is more commonly known. The Cybercrime Directive is aimed at harmonising Member States’ criminal law in the area of cybercrime by creating minimum rules for the definition of cybercrime offences and the relevant sanctions and to improve cooperation between competent authorities.
There have been intense negotiations between EU and US officials on an "Umbrella Agreement" or "Safe Harbour 2.0" following the European Court of Justice’s Schrems decision last October. Progress was reported but no political solution has yet been reached.
Recent high profile security incidents illustrate that no institution or business is immune from cyber attack. A cyber attack on the White House in 2014 resulted in a partial shutdown of its email system. In a reported attempt to extort money from the ECB, email addresses and other user contact information were stolen in 2014. Confidential movie scripts and emails about staff and movie stars were released as part of the 2014 Sony hack. Already this year, the Carphone Warehouse security breach in early August and the more recent Ashley Madison hack have received extensive media coverage.
“The next big financial shock will arise from a succession of cyber-attacks on financial services firms.”
This is the case according to the Chairman of the International Organisation of Securities Commission as cited by the Central Bank of Ireland’s Deputy Governor, Cyril Roux, during a recent address to the Society of Actuaries.
Model Contracts are standard contractual clauses for the transfer of personal data outside the EU/EEA which have been approved by the European Commission. They have been approved on the basis that they provide sufficient safeguards for privacy, fundamental rights and the exercise of those rights. To date two sets of standard contractual clauses for the transfer of personal data outside the EU/EEA from data controllers to data controllers and one set for transfers from data controllers to data processors have been approved by the Commission.
Great day today attending the Health Informatics Society of Ireland 2014 Annual Conference. In our Data Protection for Healthcare workshop together with Sarah Reade, Lead ICT Project Manager, Saint John of God Hospitaller Ministries and Jim Gregg, Irish Computer Society, we had a lively discussion on the data protection challenges faced by medical practitioners in the context of research and access requests.