John Montana

The EU’s General Data Protection Regulation – a Sea Change, or Old Wine in a New Bottle?

In April of this year, after many years of debate and drafting, the EU adopted its new General Data Protection Regulation (which I will call “the regulation” for the rest of this post). The regulation is an attempt to resolve a problem which is manifested itself for a very long time now – privacy regulation in Europe is done on a national basis, by highly independent national data privacy authorities, which means that any business in Europe that is implicated by privacy laws is dealing with 28 sets of laws. The national data privacy authorities have gone off in a great many different directions, resulting in very light regulation of data privacy issues in some places – e.g. the United Kingdom – and extraordinarily prescriptive and detailed regulation in other places such as France. The resulting hodgepodge has been a compliance nightmare for organizations for many years now, and the stated goal of the regulation is to harmonize this mass of law and make it easy for organizations to comply. The question is, does it actually do this?

Read more

Electronic Signatures in Washington

Washington remains the only state that does not accord the same legal effect to electronic signatures as it does to their wet-ink versions for intrastate transactions involving government agencies.  Read more

John Montana

The Dodd Frank Conflict Minerals Certification Provision

Conflicts, What Conflicts?

One of the more obscure provisions of the Dodd Frank Act that’s coming up on a lot of organizations is the conflict minerals certification provision found at section 1502.

Read more