In December, the Sedona Conference® made available its latest publication, International Principles on Discovery, Disclosure & Data Protection: Best Practices, Recommendations & Principles for Addressing the Preservation & Discovery of Protected Data in U.S. Litigation (Public Comment Version). Among the information included are six Principles and attendant commentary as well as a model protective order and a “model data process and transfer protocol for use by parties and courts to better protect litigation-related data subject to data protection laws within the ambit of traditional U.S. litigation and court discovery practices.”
The Sedona Conference® Issues “International Principles on Discovery, Disclosure & Data Protection” : Electronic Discovery Law
January 12, 2012 By Leave a Comment
Amazon bests Microsoft, all other contenders in cloud storage test | ars technica
December 14, 2011 By Leave a Comment
Amazon’s S3 Simple Storage Service has outperformed Microsoft’s Windows Azure Storage and all other major providers in an extensive study testing the feasibility of businesses using cloud services for primary storage, data protection, and disaster recovery.
Nasuni, which sells data protection services that work across any type of cloud storage, says it has been testing the 16 largest cloud storage providers (CSPs) since April 2009 to determine the best services for its customers. Ultimately, only six of the 16 providers passed Nasuni’s testing—in addition to Amazon and Microsoft, the other winners were Nirvanix, Rackspace, AT&T Synaptic, and Peer1 Hosting. Both AT&T and Peer1 use EMC’s Atmos platform on the back end, although EMC itself discontinued its own public cloud based on Atmos.
While these six are, apparently, ready for real-world use, Nasuni politely declined to say which ten services failed its test, so we can’t warn you away from those vendors. But Nasuni does say the difference between the ones who passed the tests and those that didn’t is in some cases quite large. When Nasuni tested the providers for scalability by continuously writing small files of 1KB for weeks on end to determine error rates and performance, two of the eight providers that made it through this stage of testing failed, and others couldn’t complete the test.
“Without proper testing, it is impossible to differentiate between an industrial-strength CSP and a lesser operation,” Nasuni said. “In fact, some providers have asked Nasuni to cease testing at this stage because they said it was negatively impacting their customers, which is a truly frightening statement. True cloud storage should be able to accommodate billions of files without any visible strain. Those CSPs that faced performance issues under Nasuni’s test are simply not equipped to deliver an appropriate level of service to customers.”
via Amazon bests Microsoft, all other contenders in cloud storage test.
EU’s Data-Protection Reform Should Inspire U.S., Reding Says – Businessweek
December 6, 2011 By Leave a Comment
European Union reforms of 16-year-old data-protection rules should inspire the U.S. to strengthen its privacy regime, the EU’s justice chief said.
The EU data privacy reforms, which the European Commission plans to present by the end of next month, should be “an inspiration for changes in the U.S. and elsewhere,” EU Justice Commissioner Viviane Reding said today. Referring to cloud companies that lure clients by promising to protect their data from the U.S. government, she urged for the free flow of information.
“I do encourage cloud computing centers in Europe. We need more innovation, more research and more investment in the ICT industry,” Reding said in prepared remarks for a speech in Brussels. “But this cannot be the only solution. We need free flow of data between our continents. It doesn’t make much sense for us to retreat from each other.”
Deutsche Telekom AG’s T-Systems information technology unit is pushing regulators to introduce a certificate for German or European cloud operators to help companies shield data from U.S. government access through the Patriot Act. Some of the surveillance powers of the act, passed after the Sept. 11, 2001, terrorist attacks, have been opposed by lawmakers and outside groups, including civil liberties activists.
via EU’s Data-Protection Reform Should Inspire U.S., Reding Says – Businessweek.
Global Data Privacy in a Networked World (Graham Greenleaf) | SSRN
November 8, 2011 By Leave a Comment
Abstract:
This article analyses the global growth of data privacy (‘data protection’) laws over 40 years from a number of perspectives. After outlining the extent of global expansion, the influence of international agreements concerning privacy is identified as one reason for their relative consistency and stability. The nature of United States exceptionalism is discussed briefly, as is the failing APEC alternative. The fundamental elements of data privacy principles, and data privacy enforcement, as seen through these agreements and national legislation, is summarized. The points on which the European Union is proposing to strengthen both principles and enforcement are noted. The extent to which these principles and enforcement mechanisms can cope with the new challenges of a networked world are illustrated through two examples: social networking systems (SNS) and cloud computing.
Bennett and Raab (2006), in the most systematic global review of data privacy regulation, presented their ‘main research question’ as whether there was a ‘race to the bottom’, a ‘race to the top’, or something else, in the global development of data privacy protection. They correctly caution that the existence and formal strength of a data privacy law is only one factor by which we should measure data privacy protection in a country, and two other key dimensions are the effectiveness of enforcement and the extent of surveillance (discussed below). Therefore, globally, there is more than one race to the top or bottom. They concluded that the most plausible future scenario (the Bennett-Raab thesis) was ‘an incoherent and fragmented patchwork’, ‘a more chaotic future of periodic and unpredictable victories for the privacy value’. So Bennett and Raab found some ‘upward’ global trajectory influenced significantly by the EU Directive, but sufficiently weak in the mid-2000s that the countervailing weakness of the APEC approach was enough to make the future quite unpredictable.
Half a decade later, it can be argued that there is now a clearer ‘upward’ global trajectory than Bennett and Raab found, provided we keep clear that we are only talking about the existence and formal strength of data privacy laws, not the other factors. The article shows that by mid-2011 there are 27 data privacy laws outside Europe (as many as there are EU member states), and a handful of further Bills expected to be enacted soon. Of course, the number of data privacy laws can only be part of the measure, but in Africa, Latin America and even in Asia the European Directive has become the single most significant influence on the content of those laws, and leads to them embodying a relatively high standard of data protection principles. The lower standards of the APEC Privacy Framework have not served to ‘slow or even reverse’ this trend as Bennett and Raab and others (myself included) feared. A handful of new data privacy laws across the globe each year, with EU-influenced privacy principles, and revisions of some existing weaker laws to strengthen them, does not constitute a ‘race’ in most uses of the term, but nor does it any longer look like such a ‘halting and meandering walk’ as Bennett and Raab found. It may not be a race, but data privacy laws do have a global trajectory, namely expansion at an increasing rate with principles more commonly influenced by the EU Directive than any other source.
But as Bennett and Raab conclude, there is not one race to the top or bottom that we must consider. It is better to say that the various dimensions on which we must measure the health of privacy as a value, including data privacy principles, their enforcement, and surveillance practices. These dimensions, as they say, differ from place to place and time to time, and are not readily ‘balanced’ into one overall measure. Nevertheless, considered solely on the dimension of the global spread of EU-like data privacy laws, the Bennett-Raab thesis no longer appears correct. On the other dimensions of effective enforcement and limiting surveillance, there are no obvious global trajectories which could give rise to similar optimism.
download @ Global Data Privacy in a Networked World by Graham Greenleaf :: SSRN.
Google: Microsoft uses patents when products “stop succeeding” | Ars Technica
November 7, 2011 By Leave a Comment
A Google patent lawyer says that the patent system is broken, and he accuses Microsoft of abusing the system. Speaking to the San Francisco Chronicle on Sunday, Google’s Tim Porter pointed to Microsoft’s attacks on Linux as an example of its broader corporate strategy.
“When their products stop succeeding in the marketplace, when they get marginalized, as is happening now with Android, they use the large patent portfolio they’ve built up to get revenue from the success of other companies’ products,” he said.
Microsoft has argued that the patent royalties it seeks from Android vendors are part of the natural evolution of a new industry. Porter disagrees.
“Microsoft was our age when it got its first software patent,” he said. “I don’t think they experienced this kind of litigation in a period when they were disrupting the established order. So I don’t think it’s historically inevitable.”
Of course, the reason Microsoft didn’t have to worry about patents during its first dozen years was because the courts and the patent office didn’t allow patents on software until the 1980s. Indeed, the idea of patents on software alarmed Bill Gates, who wrote in 1991 (when Microsoft was already older than Google is now) that “the industry would be at a complete standstill” if software had been eligible for patent protection in the early days of the industry. He worried that “some large company will patent some obvious thing,” enabling the company to “take as much of our profits as they want.”
Today, Google finds itself in exactly the predicament Gates warned about 20 years ago. The Chronicle asked Porter the obvious question: should software be patentable? Porter refused to give a straight answer “There are certainly arguments” that copyright protection is “more appropriate” for the software industry, he said. But he would only say that “the current system is broken,” and that there has been “a 10- or 15-year period when the issuance of software patents was too lax.”
via Google: Microsoft uses patents when products “stop succeeding”.
No Friends In Ireland: Probe Begins Into Facebook Privacy Issues | Fox News
October 26, 2011 By Leave a Comment
Privacy watchdogs began an on-site investigation Tuesday of Facebook’s regional office in Ireland, FoxNews.com has learned, following sensational accusations that the company is creating extensive “shadow profiles” of non-users.
The eye-popping assertion came in a complaint filed in August by Ireland’s Data Protection Commissioner, which alleges that users are encouraged to hand over the personal data of others. That includes “sensitive data such as political opinions, religious or philosophical beliefs, sexual orientation and so forth” — and Facebook is storing it all up in its databases.
Despite the company’s firm denials, the Data Protection Office began hunting for evidence on Tuesday, Oct. 25, to back up those claims.
“The on-site element started on Tuesday,” Lisa McGann, a spokeswoman for the Office of the Data Protection Commissioner, told FoxNews.com. The search will take a number of days, she said, but she could not address questions about what specifically the commissioner hoped to find or had already discovered.
In such investigations, the office has the power to inspect the building, question employees, and take away copies of any files stored on local computers, according to the Commissioner’s audit guidelines. The agency will then pore over that data for the next few weeks.
“It is the intention of the commissioner that the investigation will be completed by the end of the year,” McGann told FoxNews.com. The organization conducts few such reports each year; according to the Data Protection Commissioner’s 2010 annual report, the office opened 231 formal complaints under the Privacy in Electronic Communications Regulations act — but only conducted 32 “comprehensive privacy audits.”
via No Friends In Ireland: Probe Begins Into Facebook Privacy Issues | Fox News.
French Data Protection Authority Launches Public Consultation on Cloud Computing : : Privacy and Information Security Law Blog
October 18, 2011 By Leave a Comment
On October 17, 2011, the French Data Protection Authority (the “CNIL”) launched a public consultation on cloud computing (the “Consultation”). The Consultation seeks to gather opinions from stakeholders (clients, providers, consultants) regarding cloud computing services for businesses, to identify legal and technical solutions that address data protection concerns while taking into account the economic interests involved.
- The Consultation addresses several specific topics about personal data protection in the cloud computing context, including:
- The definition of cloud computing
- Cloud computing providers as data processors
- Applicable law (i.e., what law applies to cloud computing stakeholders?)
- Regulation of data transfers (e.g., what legal instruments are best suited to regulate cloud computing? Would binding corporate rules for data processors be an appropriate legal mechanism for transferring personal data to cloud computing service providers?)
- Data security (e.g., cloud-specific risks and proposed security measures)
E-Discovery: What increased data protection means for the global economy | insidecounsel.com
October 10, 2011 By Leave a Comment
As our economy and companies become more digital and global, digital information outside the U.S becomes increasingly relevant to resolving civil disputes within our nation.
Digital information will be governed by a set of laws and values many U.S. companies and their lawyers are not familiar with , because the U.S. trades more heavily with nations outside the EU. While most industrialized (e.g., Canada, the United Kingdom and Australia) and newly industrializing (e.g., Singapore and South Africa) nations have developed laws compelling the transfer of relevant electronically stored information (ESI) in civil disputes, none has laws as liberal and far reaching as U.S. civil discovery procedures.
Many nations also impose restrictions on when ESI can be gathered, processed, used and transmitted beyond borders. Indeed, “In many non-U.S. jurisdictions, including the European Union member states, some Asian nations and a few Latin American nations, data privacy is viewed as a fundamental right and ‘personal data’ is afforded greater protections than we are accustomed in the U.S.” (Gibson Dunn, “E-Discovery Basics: Cross-Border E-Discovery,” Vol. 1, No. 11). In addition, certain countries have privacy laws designed to protect information about their state-run companies (e.g., China) or even the identity of their banking clients (e.g., Switzerland).
Data protection hits the BRICS
Recently, the world’s largest emerging economies, collectively known as “BRICS” (Brazil, Russia, India, China and South Africa), have become more protective of electronic data. Most U.S. litigators have some passing familiarity with the somewhat longstanding and oft-discussed EU Data Protection Directive 94/46/EC, which restricts the processing and transferring of “personal data” about EU member-state citizens. However, they are not generally familiar with the restrictions that emerging economies are placing on data transfer. As recently as July 2011, two BRICS members (Russia and China) passed laws strengthening data protection in their countries.
Every BRICS member nation has stricter data privacy laws than those of the U.S. and none officially authorizes the transfer of “private” data to the U.S. On July 25, 2011, Russia amended its data privacy laws to require written consent to transfer any “personal data” and to grant Russian officials the exclusive authority to determine which sovereignties may receive such data. China also strengthened its protection of “personal information” on July 27, 2011, when it amended the “Provisions on the Administration of Internet Information Services,” preventing Internet service providers from collecting and using personal data without individual consent.
via E-Discovery: What increased data protection means for the global economy.
