Amy C. Pimentel
Subscribe to Amy C. Pimentel's PostsAmy C. Pimentel focuses her practice on privacy and data security and general health law. Her clients operate in a variety of industries, including health care, consumer products, retail, food and beverage, technology, banking and other financial services. Read Amy Pimentel's full bio.
Safe Harbor Update: European Commission Reaffirms Commitment to a Safe Harbor Sequel
By Amy C. Pimentel on Nov 6, 2015
Posted In Data Privacy, Data Transfers/Safe Harbor/Privacy Shield
As we reported on October 19th, the Article 29 Working Party on the Protection of Individuals with Regard to the Processing of Personal Data challenged the EU member states to “open discussions with the US” to find a viable alternative to the Safe Harbor program. Today, the European Commission (EC) issued a public statement confirming its commitment to...
Continue Reading
Safe Harbor Update: House Votes to Pass Judicial Redress Act
By Amy C. Pimentel on Oct 22, 2015
Posted In Consumer Protection, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield
The Judicial Redress Act of 2015 (H.R. 1428) (Judicial Redress Act) is on its way to the U.S. Senate. On October 20th, the U.S. House of Representatives voted in favor of passage. The Judicial Redress Act extends certain privacy rights under the Privacy Act of 1974 (Privacy Act) to citizens of the EU and other...
Continue Reading
Safe Harbor Update: Safe Harbor Sequel Coming Soon?
By Amy C. Pimentel on Oct 19, 2015
Posted In Data Privacy, Data Transfers/Safe Harbor/Privacy Shield
As we wrote on October 6, 2015, the Court of Justice of the European Union (CJEU) announced its invalidation of the U.S.-EU Safe Harbor program as a legally valid pathway for transferring personal data of European Union (EU) residents from the EU to the United States. An avalanche of reports, analyses and predictions followed the...
Continue Reading
California Joins Other States with the Passage of CalECPA
By Amy C. Pimentel on Oct 13, 2015
Posted In Data Privacy
Law enforcement requests for electronic information, particularly from technology companies such as Google and Twitter, have skyrocketed in recent years. In response, several states—Maine and Texas in 2013, Utah in 2014 and Virginia earlier in 2015—passed laws that limit law enforcement searches of electronic data. On October 9, 2015, California joined these states by passing...
Continue Reading
Court of Justice of the European Union Says Safe Harbor Is No Longer Safe
By Amy C. Pimentel on Oct 6, 2015
Posted In Big Data, Consumer Protection, Cybersecurity, Data Privacy, Data Transfers/Safe Harbor/Privacy Shield, Social Media
Earlier today, the Court of Justice of the European Union (CJEU) announced its determination that the U.S.-EU Safe Harbor program is no longer a “safe” (i.e., legally valid) means for transferring personal data of EU residents from the European Union to the United States. The CJEU determined that the European Commission’s 2000 decision (Safe Harbor...
Continue Reading
DOJ Guidance for Victims of Cybercrime: The Dos and Do Nots of Cyber Preparedness
By Amy C. Pimentel on May 5, 2015
Posted In Cybersecurity, Data Privacy, General Interest
On April 29, 2015, the Cybersecurity Unit in the Computer Crime and Intellectual Property Section (CCIPS) of the U.S. Department of Justice released a best practices document (Document) for victims of cyber incidents. The Document provides useful and practical tips that will assist organizations, regardless of size and available resources, in creating a cyber-incident response...
Continue Reading
Where Are We Now? The NIST Cybersecurity Framework One Year Later
By McDermott Will & Emery and Amy C. Pimentel on May 4, 2015
Posted In Cybersecurity, Data Privacy, Workplace Privacy
The National Institute of Standards and Technology (NIST) released its Cybersecurity Framework (Framework) almost 15 months ago and charged critical infrastructure companies within the United States to improve their cybersecurity posture. Without question, the Framework has sparked a national conversation about cybersecurity and the controls necessary to improve it. With regulators embracing the Framework, industry...
Continue Reading
Cybersecurity Update: U.S. Sanctions on the Horizon for Malicious Cyber-Attackers
By McDermott Will & Emery and Amy C. Pimentel on Apr 21, 2015
Posted In Cybersecurity
Executive Order 13694 is the Obama Administration’s latest tool to combat cybersecurity threats. On April 1, 2015, President Obama declared a national emergency to address the “increasing prevalence and severity of malicious cyber-enabled activities” originating from outside the United States that “constitute an unusual and extraordinary threat to the national security, foreign policy and economy...
Continue Reading
Update on State Breach Notification Laws
By Amy C. Pimentel on Apr 14, 2015
Posted In Consumer Protection, Cybersecurity, Data Privacy
In the first few months of 2015, a number of states have introduced data breach notification bills and proposed legislative amendments designed to enhance consumer protection in response to increasingly high profile data breaches reported in the media. This activity at the state level seems to indicate that protecting consumers from data breaches is one...
Continue Reading
Employers with Group Health Plans: Have You Notified State Regulators of the Breach?
By McDermott Will & Emery and Amy C. Pimentel on Feb 20, 2015
Posted In Consumer Protection, Cybersecurity, Data Privacy, General Interest
Data security breaches affecting large segments of the U.S. population continue to dominate the news. Over the past few years, there has been considerable confusion among employers with group health plans regarding the extent of their responsibility to notify state agencies of security breaches when a vendor or other third party with access to participant...
Continue Reading
