Congress’ 2,000-page Omnibus Spending Bill slipped in a trap for the unwary: a radical expansion of the reach of the Stored Communications Act, 18 USC §§ 2701-2712. The “Clarifying Overseas Use of Data Act,” aptly shorthanded as the CLOUD Act, successfully mooted the issue presented in the United States v. Microsoft Corp. case recently dismissed by the United States Supreme Court by instituting a new framework for cross-border discovery in criminal actions. Under the previous version of the Stored Communications Act (SCA), it was necessary to have a Mutual Legal Assistance Treaty (MLAT), essentially a treaty negotiated by a foreign nation and ratified by the Senate. The CLOUD Act, passed on March 23, 2018, allows authorities to bypass MLATs and gives law enforcement the ability to directly compel production of materials by a party storing its data abroad, as well as allowing foreign governments to access data stored in the U.S. Continue Reading A Storm Cloud on the Cross-Border Discovery Horizon
In 2017, the Cayman Islands passed the Data Protection Law (“DPL”), which reads much like the upcoming European Union General Data Protection Regulation (“GDPR”) that goes into effect Mary 25, 2018. The DPL applies to entities falling within the definition of “data controller” who are established in the Islands or who process data in the Islands. The DPL divides data into two categories, personal data and sensitive data. Certain information is exempt from the application of the DPL, such as data processed in connection with a corporate finance service. The DPL gives individuals the right to access their information, object to processing, and the right to request their information be corrected or erased.