With bipartisan support of the US., UK and major tech companies, new legislation enacted on March 23, 2018, replaces the outdated 1986 Stored Communications Act. The Cloud Act was forged out of necessity and fast tracked after a cross border conflict erupted when U.S. authorities sought a subpoena in NY for an Irish national’s emails stored in Ireland. Microsoft promptly filed suit against the United States and the Supreme Court is poised to make a decision in that case after oral argument earlier this year, yet the Justices implored Congress to replace the prior law to avoid a decision predicated on a law that predated cloud- based computing. Fueling the rush to put new laws in place is the fact that tech companies are incurring massive fines by complying with US law enforcement subpoenas that violate the privacy laws of other nations.
How His New Machine Learning SW is Causing Big Headaches for the North Pole
AP Report--Dublin, Eire December 25, 2017; by James M. McCarthy, General Counsel
Having just rebounded from fallout arising from defending privacy claims involving its controversial practice of sending a special (and just a bit creepy) elf scout from the North Pole to EU homes to help Santa Claus manage his naughty and nice lists, NorthPole, Inc., is grappling with a new compliance problem…GDPR. Readers will recall that its stock (ST-NIK) took a hit on all exchanges following legal fees and penalties for violations of the EU’s Directive 95/46 and UK’s Data Protection Act, proscribing automated collection of data that occurred in the “Eric the Elf” debacle. 
They knew they had something here. I guess they should have known that when one of the largest banks in North America became one of their first clients. Our founders brought a simple tool to market - a software solution that moved data, moved it fast, and moved it completely, to the cloud. At that time, we liked to describe the company as a moving company and everyone was (and still is) always moving. What made it better was that everyone’s lawyer and every new law required our customers to never throw any of those old boxes of stuff away. By law, every relatively insignificant email, attachment, scrap of metadata, etc., from every deal, and every past and current employee had to be boxed up and kept in storage in perpetuity, or until someone somewhere had the guts to actually say “delete it.”
President Trump signed an Executive Order (EO) on 5/11 designed to strengthen the cybersecurity of federal networks by continuing a massive shift in how the US Government handles its data aiming to create a single federal IT enterprise. This effort will be quarterbacked by the Department of Homeland Security (DHS) and the Office of Management & Budget (OMB). DHS Security Advisor Tim Bossert explained that there will be a preference in federal procurement for shared IT services among the 190 federal agencies and the goal of this move to the cloud is to avoid defending antiquated and fractional systems.
Microsoft had a good week. On Tuesday, a federal appeals court in New York quashed a search warrant seeking to compel Microsoft to turn over customer emails it stores overseas.  The day before, Microsoft defended itself against a US Department of Justice (DOJ) motion to dismiss its lawsuit to protect its customers from “Secrecy Orders,” a procedure where Microsoft is compelled to turn over customer’s email and data and then restrained from advising its customers of the search.  The fever pitched privacy battles in 2016 are shaping up to be an undercard for larger title fights in 2017, if the first few weeks of the New Year are any harbinger of what is to come.
The adage “too big to fail” relates to financial institutions so large and interconnected that their failure would have seismic repercussions in the economy, but what about these same companies’ plans to manage big data? The new question is whether there is a data archive “too big to move?”
This title is a misnomer to anyone conversant with cybersecurity reality. Cybersecurity legend John McAfee may have said it best in reference to every company’s online data assets;
On September 2, 2016, Archive360 and other industry leaders filed a motion to join Microsoft’s lawsuit against the US Department of Justice (“DOJ”),  challenging the Electronic Communications Privacy Act (“ECPA”). Aside from the business benefits of cloud computing, cost savings, efficiency, and protection against hackers, cloud computing has now provided law enforcement a new tool to conduct extensive and unannounced searches. The DOJ may obtain customer’s data, including e-mails, photos, and business documents, from third-party service providers such as Microsoft, Google, or Apple. Under the “gag order” portion of the law, the government can bar those providers from notifying their customers that the government has sought access to the customer’s electronic stored information.  Prior to the advent of cloud based computing, if the government wanted to search such records it had to serve a warrant on the business thereby notifying them that their data was the subject of a search. Businesses could then challenge the subpoena or limit the extent of the documents sought; these procedural safeguards are lost if a business does not know its data is being delivered and reviewed.
In a victory for email privacy, a federal appeals court in New York has reversed a trial court’s ruling compelling Microsoft to turn over emails stored on servers located outside the US.  This latest ruling is one of several cases demonstrating that the law is trending towards privacy. This case involves governmental seizure of electronic records. The concern expressed in that case was that if the US could use an antiquated law to seek disclosure of records stored in the EU, other countries could use their local laws to compel US companies to disclose records to that country’s authorities. Microsoft’s attorneys correctly warned that this would create a “global free for all.”
Companies that transmit data from Europe to the US have become vulnerable to unexpected financial costs from EU members. Brexit may be the most visible headline from the EU but a lesser-known threat poses more of a compliance concern. We reported last Fall about the potential fallout expected after the EU’s decision in the Schrems case invalidating the Safe Harbor Agreement and what US companies could expect were they not to change course before the EU’s January 2016 deadline. [i] Specifically, our concern was that an individual EU member State could impose its own rules and fine companies in the absence of a common plan subjecting US companies to potentially 28 different sets of privacy rules. Germany has now fired the first shot in this new privacy skirmish.
In Part 1 of this Series, we introduced the new “Defend Trade Secrets Act of 2016” (“DTSA”) signed into law by President Obama in May 2016, which on first read, appears to create some uniformity into a patchwork of differing State law allowing companies to pursue trade secret thieves. DTSA has not been universally received as a panacea to solve the growing problem of trade secret piracy, however, and many believe that it is likely to make things worse, especially for innovators and start-up companies. How can this be?
On May 11, 2016, President Obama signed into law a new private cause of action for civil litigation under the Economic Espionage Act of 1996 known as the “Defend Trade Secrets Act of 2016” (“DTSA”). Previously, trade secrets were protected under individual State law1. The new law now opens up federal courts to plaintiffs to litigate trade secret claims and obtain injunctions, prevent disclosure and seek economic damages for trade secret violations similar to those available for other intellectual property such as patents and copyrights. Trade secrets involve varied types of legally protected information including computer software and customer lists. One unique feature of the new law involves an ex parte “seizure” provision that allows trade secret owners to actually petition the court in advance of a lawsuit without notice to the alleged offender to obtain a federal order to seize servers and other tangible property involved in the alleged illegal activity. Economic damages under the DTSA are meant to serve as a deterrent with severe punitive features including double damages available to successful litigants.
The United States and the global technology community are engaged in a fight over national security and privacy, with national security winning the last round against Apple. On February 16, 2016, a United States federal judge directed Apple to assist the Federal Bureau of Investigation (FBI) by creating software to operate as a “back door” to bypass its own encryption protections on the ubiquitous iPhone. In a case involving the FBI’s investigation of a tragic shooting in California, Apple’s CEO, Tim Cook, quickly issued a public rebuke of the Order. Citing Apple’s concerns that the tool they have been ordered to create is a ”key to an encrypted system…that unlocks the data, and…[O]nce the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes.”
Topics: Data Privacy
Is Your Company Exposed To Spoliation And Non-Compliance Claims?
As if collecting and storing archived data for eDiscovery or FOIA requests was not challenging enough, our techs are now advising us that most email data migrations are inherently flawed, potentially resulting in corrupted email files. Further, companies are unlikely to realize this until it is too late, namely when they are accused of spoliation during a litigation or unable to properly produce records sought by a governmental authority.