Recently SaaS suppliers have seen a marked increase in EU customers raising concerns about disclosure of their data to US law enforcement authorities under the Patriot Act – an American anti-terrorism law – particularly where the SaaS supplier has a parent company in the USA or data is being hosted or processed in the USA. Now to add to your problems, the UK Government plans to introduce its own “Patriot Act” type law in the near future.
Continue readingTag: personal data
SaaS Agreements – Patriot Act – Renewed Customer Concerns
Recently SaaS suppliers have seen a marked increase in EU customers raising concerns about disclosure of their data to US law enforcement authorities under the Patriot Act – an American anti-terrorism law – particularly where the SaaS supplier has a parent company in the USA or data is being hosted or processed in the USA.
Continue readingSaaS Agreements – Data Protection – Binding Corporate Rules
What are Binding Corporate Rules?
BCR’s are a set of rules adopted within a particular company or corporate group that provide legally binding protections for data processing within the company or group to cover global data transfers.
Continue readingWebsite Legal Requirements – Data Commissioner Fines for Unsolicited E-mails
As a result of an amendment to the Privacy and Electronic Communications Regulations 2003 (PECR), from the 25th of May 2011 the Information Commissioner’s Office (ICO) will have the power to impose fines of up to £500,000 on companies, if they send unwanted marketing e-mails or text messages to consumers.
Continue readingSaaS Agreements – Data Protection – Further Fines by Data Commissioner
On the 8th of February 2011 Ealing and Hounslow Councils were fined £80,000 and £70,000 respectively by the Data Commissioner for serious breaches of the Data Protection Act (DPA) following the theft of two laptops from the house of an employee of Ealing Council.
Continue readingSaaS, ASP Agreements – Data Protection Issues with Sub-contractors – Standard Contractual Clauses
Using a sub-contractor to process your SaaS customer data is a problem under data protection law, where the sub-processor is based outside of the European Economic Area (EEA). Incorporating EU standard contractual clauses into your SaaS agreement is NOT the solution to this common problem. EU Standard Contractual Clauses Under data protection law personal data may only be transferred to countries outside of the EEA where there is adequate protection. In order to deal with the problem of transfers of personal data from a customer (data controller) in the EEA
Continue reading