Guest Contributor

Subscribe to Guest Contributor's Posts

Last week, a federal judge in Massachusetts ruled that the City of Newton’s drone ordinance, which attempted to regulate drone flights in the airspace over Newton, Massachusetts could not be enforced by the municipality because it is pre-empted by federal law. In December of 2016, the city passed an ordinance that required drone operators to register their drones, banned unmanned drone flights under 400 feet, and banned flights over private and public property without permission from the landowner.
Continue Reading City of Newton’s Drone Ordinance Overturned by Federal Judge

The General Data Protection Regulation (GDPR) (EU) 2016/679 of 27 April 2016 which comes into force in May 2018, will introduce major changes to the law on the processing of personal data in the European Union. Over the next several months, several European Union law firms we work very closely with will join us in providing you with more information on the GDPR. Different themes will be tackled month by month to help you prepare for the GDPR deadline.

Part 3 of this GDPR Series is brought to you by the German law firm of Graf von Westphalen. Other blog entries in this series will be brought to you by the law firms of Mills & Reeve (UK), FIDAL (France) and VanBenthem & Keulen (Netherlands) as well as Robinson+Cole (United States).

 Consent as a lawful basis for data-processing

Every data processing activity requires a lawful basis. Such lawful basis may be provided directly by law, or by consent granted by the data subject, both according to the statutory requirements set out in the Directive 95/46/EC and, importantly, national data protection laws. This general principle remains unchanged under the GDPR, however, the new Regulation provides for new or additional requirements for such consent to be a lawful basis for processing and transfer of personal data.
Continue Reading General Data Protection Regulation (GDPR) Series, Part #3: GDPR Consent and Fair Processing

For years, drones have been used to support recovery efforts in the aftermath of floods and other disasters, and the aftermath of Hurricane Harvey is proving to be no different, and we suspect that the same will be true following the wake of Hurricane Irma, which is bearing down on the Southeast, but not without

The General Data Protection Regulation (GDPR) (EU) 2016/679 of 27 April 2016 which comes into force in May 2018, will introduce major changes to the law on the processing of personal data in the European Union. Over the next twelve (12) months, several European Union law firms we work very closely with will join us in providing you with more information on the GDPR. Different themes will be tackled month by month to help you prepare for the GDPR deadline.

Part #2 of this GDPR Series is brought to you by Mills & Reeve, a United Kingdom law firm. Other blog entries in this series will be brought to you by the law firms of Graf von Westphalen (Germany), FIDAL, (France) and VanBenthem & Keulen (Netherlands) as well as Robinson+Cole (United States).

In any major project there is an analysis phase – involving a careful examination of your organization’s current set-up and what needs to be done to deliver the project successfully. Preparing for the GDPR is no exception. Depending on the structures and practices of your organization, compliance could require a significant allocation of resources to ensure that you are ready by the implementation date: 25 May 2018.

So what can be done to get started?

Perhaps the best first step is to conduct a self-assessment audit. This will help organizations map the likely impacts of the changes in data protection law on their activities.

A few key points are worth looking at in detail:
Continue Reading General Data Protection Regulation (GDPR) Series Part #2: The Importance of Self-Assessment

The GDPR will apply as of May 25, 2018. It provides a single set of very innovative rules directly applicable in the entire European Union (EU), without the need for national implementing measures—which means that any personal data processing ongoing at this date shall be in compliance with the GDPR. This leaves one year for companies to ensure compliance with the GDPR.

The GDPR provides for a scope of application wider than processing undertaken in EU countries. Indeed, it will also apply to data controllers or subcontractors not established within the EU which are in charge of data processing with the aim to provide goods and services to EU residents or to monitor EU residents’ behavior.

A business can take several steps in order to organize compliance with provisions of the GDPR:
Continue Reading GDPR Effective Date and Geographical Scope of Application

For decades, it has been assumed that MacBook and iPhone devices are hack proof and virus free. Their advertisements and claims for being indestructible were never questioned. Yet, nothing is truly immune to intrusion.

Consumers pay a high premium for the slick and glossy Apple devices. Their superior brand has continued to sell and grow throughout the years. With each new release or upgrade, their developers have patched up security holes and weaknesses while managing to stay under the radar.

Apple products in the business world take up less than 4 percent, therefore they are less of a target for  hackers to attack. Why develop a code for malware or a virus for a product that has such a small market share? Creating a Trojan virus that thrives in Windows code and spreads around a network of similar devices, is much more effective than attacking a lone device. 
Continue Reading The Truth in Mac Security

This article courtesy of guest blogger Prof. Peter Margulies of Roger Williams University School of Law.

In the wake of Edward Snowden’s disclosures, the United States administration faced a daunting series of challenges on surveillance, cybersecurity, and privacy. Congress was reluctant to enact comprehensive legislation. Moreover, Snowden’s revelations had triggered an international trust deficit. To

On December 28, 2016, the Food and Drug Administration (FDA) issued guidance on Postmarket Management of Cybersecurity in Medical Devices. The guidance clarified aspects of the reporting requirements under Part 806 (21 CFR part 806), which require device manufacturers and importers to report certain device corrections and removals to the FDA. Most actions taken by manufacturers to address cybersecurity vulnerabilities and exploits are considered “routine updates and patches” that do not require advance notification or reporting. However, actions taken by manufacturers to correct device cybersecurity vulnerabilities and exploits that may pose a risk to health must be reported to the Agency. The guidance:

  • Clarified the changes to devices that are considered cybersecurity routine updates and patches (e.g., certain actions to maintain a controlled risk to health); and
  • Outlined circumstances where FDA does not intend to enforce reporting requirements under Part 806 for specific vulnerabilities with uncontrolled risk.

Continue Reading FDA Guidance on Cybersecurity in Medical Devices

Serious trouble for all health and care providers looms large.

High risk women in labour and major trauma cases are being diverted to other hospitals after a cyber-attack recently shut down services at a hospital in the East of England, Northern Lincolnshire and Goole Hospitals NHS Foundation Trust.

Putting aside why anyone would want