ARCHIVED CONTENT
You are viewing ARCHIVED CONTENT released online between 1 April 2010 and 24 August 2018 or content that has been selectively archived and is no longer active. Content in this archive is NOT UPDATED, and links may not function.
Extract from article by Sara Peters and published in Dark Reading
By passing the Cybersecurity Information Sharing Act (CISA) as part of the omnibus spending bill last month, the US legislature has encouraged American companies to share threat intelligence with the government by absolving them of some of the data privacy liability concerns that stilled their tongues in the past. Yet, the federal government can do nothing to absolve companies of their duties to European data privacy regulations.
Here’s what you need to know about CISA and Safe Harbor — and what you can do about it.
The United States was already at odds with the European Union (EU) over privacy. In October, the European Court of Justice (ECJ) struck down Safe Harbor, the data transfer agreement that had, for the past 15 years, allowed multinationals to store Europeans’ data in the US if the companies agree to comply with the EU’s data privacy laws.
The ECJ’s ruling, in a nutshell, was that American companies were incapable of complying with European laws, simply because they were American. The US government’s own invasive surveillance practices and the lack of sufficient American laws protecting privacy put the personal data of all citizens (American and European alike) perpetually at risk.
CISA just adds fuel to the flame. Not only does it absolve companies of some liability for data security, but the final version was stripped of all the proposed provisions requiring data to be scrubbed of personally identifiable information before being shared.
So, while American companies now have more legal leeway in the States, the situation in Europe is more treacherous than ever.
Read the complete article at No Safe Harbor Is Coming — CISA Made Sure Of It