E-Commerce Law Week, Issue 463

EU Accepts U.S. Treasury's Promises to Protect SWIFT Data

The European Union announced last month that the U.S. Treasury Department has made a unilateral commitment to handle "EU originating personal data" it obtains from the Brussels-based banking consortium known as SWIFT in a manner that "take[s] account of EU data protection concerns."  The EU stated that the European Commission considers Treasury's representations -- in combination with SWIFT's promises to abide by "safe harbor" principles and inform customers that their personal data will be sent to the United States, where it will be subject to subpoena -- "sufficient to guarantee respect for and the enforcement of European data protection rights."  The EU's announcement provides a window into the procedures U.S. authorities will follow to avoid running afoul of EU data protection law.  Companies might want to consult the specifics of this deal (once they're publicly released) when considering whether or how to provide personal data from the EU to U.S. authorities.

Oregon Serves Up Another Breach Notification Law, With a Side of Security Requirements

Oregon is likely to become the 37th state to enact a data breach notification law.  SB 583, which cleared the Beaver State's legislature late last month, would require "[a]ny person that owns, maintains or otherwise possesses" the personal information of Oregon residents for business purposes to notify them in case of a breach.  The bill also includes substantive data security requirements, adding to a growing trend among the states.  Governor Ted Kulongoski is expected to sign the bill this month.  With no sign that federal legislation preempting the patchwork of state laws will emerge any time soon, companies should keep abreast of developments at the state level.

Does GPL v3 Create More Problems Than It Solves?

On June 29, the Free Software Foundation released version 3 of the GNU General Public License (“GPL v3”).  GPL v3 is the first update to the most important open source software license since GPL v2 was released in the early 1990s, at about the same time that the Linux kernel (the core of the Linux operating system) was first developed.  GPL v3 has generated a lot of controversy as earlier drafts were debated over the past year or two, in particular because the revised license adopts various changes to deal with perceived “threats” to the open source software movement.  And it isn’t yet clear whether the responses to these threats create more problems than they solve.

Steptoe & Johnson Webcast:  "Navigating International Encryption Regulations"

Join Steptoe partners Tom Barba, Maury Shenk, and Michael Vatis on July 18, 2007, at noon EDT for a discussion of the important role of encryption in corporate security and the evolving nature of data security threats.  The webcast will cover country-specific encryption export and import licensing rules (including a demonstration of our Country-by-Country Guide to Encryption Regulations), best practices in global deployment, approaches to global licensing, and strategies for dealing with encryption regulations around the world.  There's no charge to participate, but registration is on a first-come, first served basis.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.