Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
President-elect Donald Trump’s Commerce secretary nominee Wilbur Ross gave no indication during a Jan. 18 confirmation hearing that he might roll back international data transfer programs or domestic cybersecurity initiatives under the Commerce Department’s jurisdiction.
U.S. companies concerned about possible Trump administration changes in how they legally move personal data from Europe under the European Union-U.S. Privacy Shield data transfer program should be able to breathe easier based on Ross’ responses. Companies that have been relying on Commerce’s National Institute of Standards and Technology (NIST) cybersecurity advice should also be able to continue to rely on those standards, if Ross is confirmed.
Billionaire private-equity investor Ross—worth an estimated $2.9 billion, according to Bloomberg data—appeared before the Senate Commerce, Science and Transportation Committee to answer questions about how he would run Commerce.
Many of the questions swirled around spectrum allocation, international trade and climate change. But Ross, who has been largely silent on cybersecurity and privacy issues, also answered questions on cross-border data transfer programs, cybersecurity initiatives and private-public threat data sharing partnerships. Ross appeared supportive of cross-border data sharing programs and cybersecurity initiatives but also said privacy and security must be balanced in a “cost-benefit approach.”
Privacy attorneys and advocates didn’t all agree with that assessment.
Michelle Cohen, data privacy member at Ifrah Law in Washington and head of the firm’s electronic commerce practice, told Bloomberg BNA Jan. 18 that privacy and security complement one another. Companies should strive for top-notch cybersecurity to protect the data they collect and provide privacy policies sufficient to protect against consumer class claims, regulatory enforcement charges and other potentially costly action, she said.
“Privacy is absolutely key to security,” Matt Wood, policy director for open internet think tank Free Press in Washington, told Bloomberg BNA Jan. 18. To protect against cybersecurity incidents and other privacy problems, companies should realize that “strong encryption and other so-called privacy measures are essential to defending our security,” Wood said.
Ross’ comments on the EU-U.S. Privacy Shield data transfer program indicated that the program is viable for the foreseeable future.
The Privacy Shield allows U.S. companies that self-certify their compliance with EU-approved privacy and security principles with Commerce to legally transfer personal data from the EU to the U.S. It provides critical support for the more than $260 billion in trade in services between the U.S. and EU, according to the Obama administration’s Jan. 4 exit memo on Commerce.
The Privacy Shield is relied upon by over 1,000 companies, including Alphabet Inc.'s Google, Microsoft Corp. and Facebook Inc. Ross, who may be hesitant to upend new relationships he’s forged with tech sector leaders, said that he was “impressed” with the willingness of leaders such as Apple Inc. CEO Tim Cook and Sheryl Sandberg, Facebook’s chief operating officer, to work with the incoming Trump administration.
Although Ross said that he doesn’t “intend to be pushed around by anyone,” the tech sector’s influence may help insulate programs like the Privacy Shield, which was finalized in July 2016 as a replacement for the U.S.-EU Safe Harbor data transfer program, from cuts or elimination for the time being.
The Safe Harbor program was relied on by over 4,000 U.S. companies and tens of thousands of EU business partners before being invalidated by the EU’s top court, partly over cybersecurity concerns related to government access to transferred data.
During the hearing, Ross said “there are agreements that exist” for cross-border data transfers but also said tensions may arise between privacy and data localization efforts. Data localization is the practice whereby a country demands that certain types of data be stored within its geographic borders.
Under questioning, Ross weighed in on the cybersecurity risk to government and industry in light of the Russian hacking scandal, including allegations of that country’s interference in the U.S. presidential election.
In response to questions from Sens. Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.), Ross called cybersecurity issues “very complicated” and said the U.S. needs to be “extremely vigilant in developing new and better systems” to protect against a “large and imminent” cyberattack risk.
In particular, Ross said he understood about cybersecurity risks to small- and medium-sized banks because of his experience investing in those institutions. But a growing cybersecurity threat faces all industrial sectors, he said.
To combat threats, Commerce’s development of cybersecurity standards for companies will remain a “very serious function,” Ross said. He also called for a “thorough investigation” into what could help companies fight cyberattacks.
To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)