nanog mailing list archives
Re: Whois vs GDPR, latest news
From: "K. Scott Helms" <kscotthelms () gmail com>
Date: Wed, 23 May 2018 13:05:54 -0400
Anne, Yep, if you're doing a decent job around securing data then you don't have much to be worried about on that side of things. The problem for most companies is that GDPR isn't really a security law, it's a privacy law (and set of regulations). That's where it's hard because there are a limited number of ways you can, from the EU's standpoint, lawfully process someone's PII. Things like opting out and blanket agreements to use all of someone's data for any reason a company may want are specifically prohibited. Even companies that don't intentionally sell into the EU (or the UK) can find themselves dealing with this if they have customers with employees in the EU. On Wed, May 23, 2018 at 12:29 PM, Anne P. Mitchell Esq. <amitchell () isipp com
wrote:
On May 23, 2018, at 10:21 AM, Daniel Brisson <dbrisson () uvm edu> wrote:Also, don't forget the private right of action. Anyone can fileanything in the U.S. courts... you may get it dismissed (although then again you may not) but either way, it's going to be time and money out of your pocket fighting it. MUCH better to just get compliant than to end up a test case.Isn't "better" a factor of how much it costs to become compliant withGPDR? I'm no expert, but some of the things I've heard sounded not trivial to implement (read potentially BIG investment).-danIn our experience, orgs that are already following all industry best practices are, generally, at least 70% of the way to becoming compliant already. Where it can get expensive for the ones who aren't is in hardening their systems to provide for better security/privacy. U.S. companies are used to being able to drink at the firehose of data that is collected here in the U.S., and use it however they want.. this is the real major change. I suppose you could say it's expensive in that it is reducing the ways they can monetize that data. Anne Anne P. Mitchell, Attorney at Law CEO/President, SuretyMail Email Reputation Certification and Inbox Delivery Assistance GDPR Compliance Consultant GDPR Compliance Certification http://www.SuretyMail.com/ http://www.SuretyMail.eu/ Attorney at Law / Legislative Consultant Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Author: The Email Deliverability Handbook Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law Center Member, California Bar Cyberspace Law Committee Member, Colorado Cybersecurity Consortium Member, Board of Directors, Asilomar Microcomputer Workshop Member, Advisory Board, Cause for Awareness Member, Elevations Credit Union Member Council Former Chair, Asilomar Microcomputer Workshop Ret. Professor of Law, Lincoln Law School of San Jose Available for consultations by special arrangement. amitchell () isipp com | @AnnePMitchell Facebook/AnnePMitchell | LinkedIn/in/annemitchell
Current thread:
- Re: Whois vs GDPR, latest news, (continued)
- Re: Whois vs GDPR, latest news Mike Hammett (May 23)
- Re: Whois vs GDPR, latest news K. Scott Helms (May 23)
- Re: Whois vs GDPR, latest news Mike Hammett (May 23)
- Re: Whois vs GDPR, latest news K. Scott Helms (May 23)
- Re: Whois vs GDPR, latest news John Levine (May 23)
- Re: Whois vs GDPR, latest news Owen DeLong (May 23)
- Re: Whois vs GDPR, latest news Anne P. Mitchell Esq. (May 23)
- Re: Whois vs GDPR, latest news Stephen Satchell (May 23)
- Re: Whois vs GDPR, latest news Daniel Brisson (May 23)
- Re: Whois vs GDPR, latest news Anne P. Mitchell Esq. (May 23)
- Re: Whois vs GDPR, latest news K. Scott Helms (May 23)
- Re: Whois vs GDPR, latest news Anne P. Mitchell Esq. (May 23)
- Re: Whois vs GDPR, latest news Michel 'ic' Luczak (May 26)
- Re: Whois vs GDPR, latest news JORDI PALET MARTINEZ via NANOG (May 26)
- Re: Whois vs GDPR, latest news valdis . kletnieks (May 26)
- Re: Whois vs GDPR, latest news John Levine (May 27)
- Re: Whois vs GDPR, latest news Stephen Satchell (May 27)
- Re: Whois vs GDPR, latest news Anne P. Mitchell Esq. (May 28)
- Re: Whois vs GDPR, latest news Owen DeLong (May 23)
- Message not available
- Re: Whois vs GDPR, latest news Owen DeLong (May 23)
- Message not available
- Re: Whois vs GDPR, latest news Anne P. Mitchell Esq. (May 24)