Author

Stephen Reynolds

Browsing

A flaw in a widely used software threatens system security and makes companies vulnerable to cyber threats. The Apache Software Foundation released an advisory that Apache Log4j versions up to and including 2.14.1 has a defect that may allow threat actors to execute arbitrary code and deploy viruses including ransomware on that IT infrastructure. Entities that directly or indirectly leverage this software should act with haste to mitigate the risk of a data incident. These…

In this episode of Connect On Tech, your host Brian Hengesbaugh is joined by Stephen Reynolds, data privacy and security partner in our Chicago office, to highlight developing trends surrounding the Log4j security vulnerability. In this episode, you will learn about: Log4j: what it is and why it’s importantWhat organizations should be doing to prepare for and prevent a security eventLegal risks and potential issues associated with this vulnerability https://open.spotify.com/episode/79ufz5Zr1z9MDDrCnbYdEm Want to Learn More?Stay tuned…

Colorado has joined the growing list of US states passing new comprehensive privacy laws by enacting the Colorado Privacy Act (the “CPA”). Governor Jared Polis signed the CPA into law on July 7, 2021, making it the third comprehensive state privacy law enacted in the US. With other states also considering proposals on comprehensive privacy legislation, CPA is another signal that companies must be prepared for more (not less) privacy regulatory risks. Like the California…

The new standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”) issued by the European Commission provide for, both, chances and challenges for EU service providers supporting EU and non-EU customers, some of which are outlined below. 1. When do the Ex-EU SCCs apply? EU service providers supporting non-EU customers might want to enter into the new Ex-EU SCCs with…

The European Commission (“EC”) recently issued a set of standard contractual clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). The Intra-EU SCCs accompany a wider set of clauses issued for extra-EU/EEA personal data transfers (“Extra-EU SCCs”), covering transfers between different types of data processing actors (processors, controllers, sub-processors etc.). Both of them were published in the Official Journal of the European Union on June 7, 2021. The clauses for intra-EU data processing arrangements…

The European Commission (“EC”) recently issued its revised standard contractual clauses for data transfers to third countries (“Ex-EU SCCs”) and a companion set of standard clauses for controllers and processors in the EU/EEA (“Intra-EU SCCs”). Both are now published in the Official Journal. The following is an introduction to the core elements of the Ex-EU SCCs and a brief overview of the Intra-EU SCCs. Legal Context The Ex-EU SCCs are a mechanism that companies can…