Thanks to our Sponsors:

​

​

There has been much coverage on the both sides of the Atlantic on the issue of data protection and management, especially given the newly proposed EU-US privacy framework. The new EU-US Privacy Shield agreement outlines a set of reformed guidelines to ensure that citizens’ personal and private information is protected to comply with EU standards when data is transferred and stored in the US. This new transatlantic agreement seeks to replace the previous Safe Harbour Privacy Principles which were struck down in a 2015 European Court of Justice Court ruling.

The court held that Safe Harbour principles were both insufficient and invalid as they did not necessitate that
all organizations working with EU privacy-related data work in compliance with the act.They rendered that those companies opting in were “bound to disregard, without limitation, the protective rules laid down by that scheme where they conflict with national security, public interest and law enforcement requirements.”

At an event held at Patron member Hogan Lovells on March 30
^th 2016, the BABC assembled an expert panel to discuss the risks and challenges of cross border data transfer, where the audience were educated on how best to protect themselves going forward. Moderated by David Smith (Managing Director, Head of US First Capital) the panel including: Chris Steffen (Chief Evangelist for Cloud Security, Hewlett Packard Enterprise), John Story (Senior Legal Counsel, GoPro), Rob Chahin (Principal Consultant, NCC Group),Tim Tobin (Partner, Hogan Lovells) and Dan Domagala (Head of Cyber Security EKS&H).

The panel assessed what impact the new regulations will have on transatlantic business going forward. They noted that the privacy shield will usher in a new wave of regulation and restrictions for US companies in regards to data. The agreement will require companies to adhere to stricter rules and regulations consistent with EU law. Businesses will have to assess the data they currently have and revaluate how they handle and store data going forward. Transatlantic companies will have to decide which data remains in Europe and under European jurisdiction and which data will be stored in the US and be subject to US rule.

They made a strong case for data segregation and the separation of classified data which is ultimately the best practice for companies in order to streamline their data-storage process. The panel noted that there would be further changes once the General Data Protection Regulation (GDPR) is enacted. The GDPR will extend the scope of the EU data protection law to all foreign entities processing EU resident’s data, which will have a subsequent bearing on the US companies operating in those geographic locations. The GDPR will ultimately increase the power and resources of data protection authorities enabling them to fine non-compliant businesses.

As we live in a world governed by our use and management of data, we become prone to a breach of our data. It has become a question of when and not if. Data breaches pose a significant threat to companies – reputations and bottom lines. Whether it is the headline grabbing data hack, money laundering by terrorist organizations or something as common as credit card fraud and identity theft, data breaches are a frequent occurrence.

The panel turned their attention to this topic of data breaches and how can they be protecting themselves moving forward. The first step is to have a clear response plan in place to protect against future breaches and minimize damage. This includes investing into the company infrastructure not simply into technology but into your staff as well. The number one reason for data breaches in the US remains negligent employees. Investing money into personnel training will raise awareness and ensure that employees act as a front line against a future attacks. The panel also spoke about the importance of data encryption and fully-understanding of the term ‘encryption’. Simply being legally compliant is not merely enough to protect companies from breaches, as the law acts as a minimum standard. The reality is that every company holds employee data, thus every company has to take this into consideration. Even those companies with specialized departments require third party assistance to highlight any weak areas and give expert advice based on past experience.

Many thanks to our host Hogan Lovells and our event sponsors:
Hogan Lovells, Fitzgerald and Law, NCC Group, EKS&H and media partners: Irish Network Bay Area. A big thank you to Aer Lingus for providing two round trip tickets to London via Dublin for our business card drawing and Special thanks to our expert panelists: Chris Steffen (Chief Evangelist for Cloud Security, Hewlett Packard Enterprise), John Story (Senior Legal Counsel, GoPro), Rob Chahin (Principal Consultant, NCC Group),Tim Tobin (Partner, Hogan Lovells), Dan Domagala (Head of Cyber Security) EKS&H and Moderator David Smith (Managing Director, Head of US First Capital).

Click here to view the
flickr photos