Photo of Claire Morrissey

Following the CJEU decision in the Schrems Case on 6 October 2015 invalidating the Safe Harbour regime, the Article 29 Working Party (the group comprised of representatives of European national data protection authorities (Article 29WP)) gave the EU and US a three month timeline in which to agree a political solution to replace Safe Harbour. Following intense negotiations, political agreement on the core elements of a new EU/US Privacy Shield was announced yesterday

Continue Reading Safe Harbour will be replaced by an EU/US Privacy Shield – will it withstand Article 29 Working Party scrutiny?

The Department of Justice yesterday published the Criminal Justice (Offences Relating to Information Systems) Bill 2016. The Bill, which is long overdue, will replace some of the existing patchwork of cybercrime legislation.

The primary purpose of the Bill is to transpose the European Directive 2013/40 or the Cybercrime Directive as it is more commonly known. The Cybercrime Directive is aimed at harmonising Member States’ criminal law in the area of cybercrime by creating minimum rules for the definition of cybercrime offences and the relevant sanctions and to improve cooperation between competent authorities.

Continue Reading The Cybercrime Bill is here

Recent high profile security incidents illustrate that no institution or business is immune from cyber attack. A cyber attack on the White House in 2014 resulted in a partial shutdown of its email system. In a reported attempt to extort money from the ECB, email addresses and other user contact information were stolen in 2014. Confidential movie scripts and emails about staff and movie stars were released as part of the 2014 Sony hack. Already this year, the Carphone Warehouse security breach in early August and the more recent Ashley Madison hack have received extensive media coverage.

 

Continue Reading Cyber risk – the legal landscape

“The next big financial shock will arise from a succession of cyber-attacks on financial services firms.” 

This is the case according to the Chairman of the International Organisation of Securities Commission as cited by the Central Bank of Ireland’s Deputy Governor, Cyril Roux, during a recent address to the Society of Actuaries.

 

Continue Reading Cyber Security – The Next Big Financial Shock

Model Contracts are standard contractual clauses for the transfer of personal data outside the EU/EEA which have been approved by the European Commission.  They have been approved on the basis that they provide sufficient safeguards for privacy, fundamental rights and the exercise of those rights.  To date two sets of standard contractual clauses for the transfer of personal data outside the EU/EEA from data controllers to data controllers and one set for transfers from data controllers to data processors have been approved by the Commission.

Continue Reading Transfer Tools Post Schrems: EU Data Protection Authorities’ Common Position on Model Contacts

Great day today attending the Health Informatics Society of Ireland 2014 Annual Conference.  In our Data Protection for Healthcare workshop together with Sarah Reade, Lead ICT Project Manager, Saint John of God Hospitaller Ministries and Jim Gregg, Irish Computer Society, we had a lively discussion on the data protection challenges faced by medical practitioners in the context of research and access requests.

Continue Reading Health Informatics Society of Ireland 2014 Annual Conference