Export Control Compliance and Defense Technology

In the U.S, a host of stringent regulations apply to the export of defense solutions, products, or services. The laws govern the confidentiality of data or information on controlled military technology originating from the U.S to ensure that it does not fall in the wrong hands and negatively impact national security or foreign policy. Small […]

Read More

ITAR, Cloud, and Encryption

The International Traffic in Arms Regulations (ITAR) affect many businesses based or with operations in the United States. As businesses, especially small and medium sizes, embrace the cloud and other forms of digital transformation it becomes increasingly difficult to manage the responsibilities under ITAR as defense articles are virtualized and the definition of “export” becomes […]

Read More

ITAR and EAR Compliance in the Cloud

Recent changes to the EAR regulations provides a way for organizations to store data in Cloud environments and stay compliant with export rules. We first learned of these changes in the June 3, 2016 Federal Register but they are now final and part of the U.S. Code 15 CFR 734.18 and 734.19. In short, the […]

Read More

Encryption, GDPR, EAR, and HIPAA Compliance

What do GDPR, HIPAA/HITECH, and EAR all have in common? Each of these regulations specifically mention the use of encryption as a means for “safe harbor” but only if the encryption prevents an unauthorized user from accessing the data in the clear. Even the authors of PCI DSS have dipped their toes in these waters […]

Read More

Office 365 + ITAR Compliance = Oxymoron

Disclaimer: I am not an ITAR attorney, nor do I play one on TV…and I didn’t stay at a Holiday Inn Express last night. Many manufacturing and design firms want to migrate to Office 365 but need ITAR Compliant document storage. As with many regulations, ITAR is, at best, ambiguous, and many sections offer an […]

Read More