Paul Glass, Author at Connect On Tech

In Cybersecurity

Trends in Notification Laws for Global Cyber Incidents (Video)

July 26, 2022 by Paul Glass and Teresa Michaud 2 Mins Read

On June 14, 2022, Baker McKenzie held its inaugural Cybersecurity Symposium in New York in conjunction with the Association of Corporate Counsel (ACC). It was a thought-provoking day discussing trends and fresh insights from key players in the government and private sector, the ever-changing regulatory landscape, best practices for cyber-readiness and practical advice to manage cyber-threats, data breach response, insurance and related litigation. The following video provides valuable information and key-takeaways in connection with cybersecurity…

In Podcast

Podcast Episode: Class Action and Regulatory Trends: Significant Developments and Predictions

May 26, 2022 by Paul Glass, Teresa Michaud and Stephen Reynolds 1 Min Read

In this episode, Paul Glass, head of Cybersecurity in the UK, is joined by Teresa Michaud, co-chair of the North America Class Action subgroup, and Stephen Reynolds, partner based in Chicago, as they discuss consumer class actions in relation to data breaches and security incidents. Listen in to hear about: overriding themes that have characterized the last year of US class action litigationcybersecurity and data privacy trends and significant developments in the class action space,…

In Data Privacy

Lloyd v Google LLC – what limits are there on data protection class actions?

December 9, 2021 by Paul Glass, James Parker and Natasha Denton 15 Mins Read

In a recent judgment, the UK Supreme Court unanimously refused to give permission for a litigant to serve a claim form outside of the jurisdiction in respect of a representative action brought against Google. This case, Lloyd v Google, is the latest, and most significant, in a line of recent decisions (see our other updates here and here) which show a general trend of the courts interrogating the type of losses that have been claimed and rejecting claims for…

In Data Privacy

Consideration for EU Service Providers Supporting EU and Non-EU Customers

The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…

In EU GDPR

Intra-EU/EEA Standard Contractual Clauses: What you need to know

The European Commission (“EC”) recently issued a set of standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). The Intra-EU SCCs accompany a wider set of clauses issued for extra-EU/EEA personal data transfers (“Extra-EU SCCs”), covering transfers between different types of data processing actors (processors, controllers, sub-processors etc.). Both of them were published in the Official Journal of the European Union on June 7, 2021. The clauses for intra-EU data processing arrangements…

In Data Privacy

The New European Commission Standard Contractual Clauses: What you need to know

The European Commission (“EC”) recently issued its revised standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and a companion set of standard clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). Both are now published in the Official Journal. The following is an introduction to the core elements of the Ex-EU SCCs and a brief overview of the Intra-EU SCCs. Legal Context The Ex-EU SCCs are a mechanism that companies can…

In Data Privacy

EDPB Publishes Guidelines on Examples Regarding Data Breach Notification

February 4, 2021 by Brian Hengesbaugh, Cristina Messerschmidt, Michael Egan, Harry Valetk, Dominic Panakal, Julia Kaufmann, Francesca Gaudino, Paul Glass, Elisabeth Dehareng and Gary Hunt 4 Mins Read

The European Data Protection Board (EDPB) recently published the draft Guidelines on Examples Regarding Data Breach Notification, a document that encompasses eighteen examples of data security incidents, on a spectrum of risk and necessary mitigating measures. Each example concludes with recommended actions based on the identified risks, mainly: recording the incident in the organization’s internal register, notifying the organization’s supervisory authority, and notifying affected individuals. The Guidelines are currently open for public consultation. The Guidelines…

In Podcast

Podcast Episode 27 – Breaking Down the UK ICO’s Guidance on the Solar Winds Cyber Attack

February 1, 2021 by Brian Hengesbaugh and Paul Glass 1 Min Read

Brian Hengesbaugh and Partner Paul Glass dissect the recent guidance issued by the ICO in response to the SoldWinds cyber attack. Listen to hear: an overview of what the guidance sayswhy the ICO decided to release guidance in regards to this incidenthow companies should best approach the 72-hour notification rule https://open.spotify.com/episode/5ufO2qYMt4rPOQiVOKHo4n?si=ZMqpxKVpRvKsT8G7jo6o-A

In Data Privacy

Brexit: How does the UK/EU Agreement affect Data?

December 29, 2020 by Harry Small, Paul Glass and John McGovern 4 Mins Read

On Christmas Eve the UK and the EU concluded a Trade and Cooperation Agreement in principle.We’ve set out the key points from a data protection perspective below.The key take away is that transfers of personal data from the EEA to the UK can continue without safeguards for a period of up to six months from the end of the transition period while the European Commission considers whether to adopt an adequacy decision in respect of the…

In Data Privacy

ICO issues statement on SolarWinds Orion compromise

December 24, 2020 by Paul Glass and Harry Valetk 3 Mins Read

The ICO has issued a statement confirming that organisations should immediately check to see whether they are potentially a victim of the cyber-attack carried out through the SolarWinds Orion IT management platform (see ICO statement). Initial technical research indicates that while the majority of potentially compromised users of Orion are based in the United States of America, there are significant numbers of users in the United Kingdom and EU. The versions of the software that…