Whois vs GDPR, latest news

K. Scott Helms kscotthelms at gmail.com
Wed May 23 17:05:54 UTC 2018


Anne,

Yep, if you're doing a decent job around securing data then you don't have
much to be worried about on that side of things.  The problem for most
companies is that GDPR isn't really a security law, it's a privacy law (and
set of regulations).  That's where it's hard because there are a limited
number of ways you can, from the EU's standpoint, lawfully process
someone's PII.  Things like opting out and blanket agreements to use all of
someone's data for any reason a company may want are specifically
prohibited.  Even companies that don't intentionally sell into the EU (or
the UK) can find themselves dealing with this if they have customers with
employees in the EU.

On Wed, May 23, 2018 at 12:29 PM, Anne P. Mitchell Esq. <amitchell at isipp.com
> wrote:

>
>
> > On May 23, 2018, at 10:21 AM, Daniel Brisson <dbrisson at uvm.edu> wrote:
> >
> >> Also, don't forget the private right of action.  Anyone can file
> anything in the U.S. courts... you  may get it dismissed (although then
> again you may not) but either way, it's going to be time and money out of
> your pocket fighting it.  MUCH better to just get compliant than to end up
> a test case.
> >
> > Isn't "better" a factor of how much it costs to become compliant with
> GPDR?  I'm no expert, but some of the things I've heard sounded not trivial
> to implement (read potentially BIG investment).
> >
> > -dan
>
> In our experience, orgs that are already following all industry best
> practices are, generally, at least 70% of the way to becoming compliant
> already.   Where it can get expensive for the ones who aren't is in
> hardening their systems to provide for better security/privacy.  U.S.
> companies are used to being able to drink at the firehose of data that is
> collected here in the U.S., and use it however they want.. this is the real
> major change.  I suppose you could say it's expensive in that it is
> reducing the ways they can monetize that data.
>
> Anne
>
> Anne P. Mitchell,
> Attorney at Law
> CEO/President,
> SuretyMail Email Reputation Certification and Inbox Delivery Assistance
> GDPR Compliance Consultant
> GDPR Compliance Certification
> http://www.SuretyMail.com/
> http://www.SuretyMail.eu/
>
> Attorney at Law / Legislative Consultant
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Author: The Email Deliverability Handbook
> Legal Counsel: The CyberGreen Institute
> Legal Counsel: The Earth Law Center
> Member, California Bar Cyberspace Law Committee
> Member, Colorado Cybersecurity Consortium
> Member, Board of Directors, Asilomar Microcomputer Workshop
> Member, Advisory Board, Cause for Awareness
> Member, Elevations Credit Union Member Council
> Former Chair, Asilomar Microcomputer Workshop
> Ret. Professor of Law, Lincoln Law School of San Jose
>
> Available for consultations by special arrangement.
> amitchell at isipp.com | @AnnePMitchell
> Facebook/AnnePMitchell  | LinkedIn/in/annemitchell
>
>



More information about the NANOG mailing list