[This is a guest post by our Associate Consultant Carey Lening. In it she discusses the Department of Commerce's rosy view of privacy in the post-Schrems world. It highlights the need for Data Controllers to adopt a "trust but verify" posture on Standard Contractual Clauses and poses some questions regarding the 'on the ground' practicalities of the Dept of Commerce's position.]
The Department of Commerce's Rosy View and Reality
Late last month, the US Department of Commerce
Carey Lening, CIPP-E, CIPP-US works with Castlebridge as an outside information security and risk consultant. She has over 20 years of progressive experience assessing risks and enabling top-tier data security and data protection for industry leaders like Facebook, Palantir and numerous Fortune 500 companies. Her cross-functional and cross-domain knowledge makes her equally comfortable discussing the legal nuances of data protection with lawyers, hashing out technical and operational security controls with engineers and information security professionals, doing a risk audit, and providing a high-level overview to the C-Suite.
Carey earned a Bachelor’s degree from the University of California, Irvine, and her JD from the University of New Hampshire School of Law. As a former attorney, Carey focused on the legal and policy issues surrounding computer & data security and privacy law. Carey has written and lectured extensively on best practices in cybersecurity and data protection, with a particular interest on emerging threats, risk mitigation, and how to make sense of it all.
Carey consumes far too much coffee, and has a strong appreciation for cats, homebrewing, and travel.