Monthly Archives: January 2009

Obama’s Themes of Responsibility and Accountability Resonate for Privacy

Posted on January 28, 2009 by Hunton & Williams LLP

The Centre for Information Policy Leadership provides the following thoughts on the Obama Adminstration’s views on privacy:
 
The themes of President Obama’s inaugural address not only conveyed a strong message to the nation, but reflected current concerns about data governance shared by privacy professionals and policymakers as well.  His speech captured the importance of individual responsibility in public and personal life as America faces challenging economic times.  In demanding accountability from government, he required that the nation’s work be conducted “in the light of day — because only then can we restore the vital trust between a people and their government.”  Obama’s remarks about the potent values of responsibility and accountability apply in the information-intensive world of business. 

Continue reading…

Tags: ,

Data Privacy Day 2009

Posted on January 23, 2009 by Hunton & Williams LLP

Wednesday, January 28, 2009, marks the second annual international Data Privacy Day, which brings together a broad coalition of privacy professionals from both the private and public sectors, as well as corporations, academics and policymakers, with the goal of promoting awareness and collaboration on a variety of data privacy issues.

A wide variety of events celebrating Data Privacy Day has been scheduled throughout the week across the United States, Canada and the European Union. The Triangle Center on Terrorism and Homeland Security and Intel Corporation are sponsoring a panel discussion on the future of privacy and national security, which will include leading experts from the U.S. State Department, Justice Department and Department of Homeland Security and the European Commission, as well as professionals from both the private sector and academia. The discussion will be followed by a reception hosted by Hunton & Williams LLP. This event is open to the public and will take place January 27 from 4 – 6 p.m. at the Sanford Institute of Public Policy at Duke University.

In addition, on Wednesday the 28th, representatives from Hunton & Williams Centre for Information Policy Leadership, TRUSTe, CDT and various industry groups including the ITAA will join Congressman David Price and Member of the European Parliament Alexander Alvaro to participate in an event focused on government’s role in increasing privacy awareness and trust, from 4:30 – 6:30 p.m. on the Hill at the Rayburn Building. That same day, the European Privacy Officers Forum and the International Association of Privacy Professionals will host a cocktail reception following a panel discussion on the future of data protection featuring top EU privacy experts. The reception will take place from 5:30 – 7:30 p.m. in the Brussels offices of Hunton & Williams LLP.

More information about Data Privacy Day can be found here.

Tags: ,

California Medical Privacy Laws

Posted on January 22, 2009 by Hunton & Williams LLP

Two California medical privacy laws became effective on January 1, 2009.  The laws, A.B. 211 and S.B. 541, create new obligations for health care providers and facilities in California to protect against unlawful or unauthorized access to patient medical information.  In contrast, other medical privacy regulations, including the Privacy Rule promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), focus only on the unauthorized use or disclosure of protected health information.

Continue reading…

Tags: , ,

Barcelona Initiative – A Harmonized International Data Protection Code

Posted on January 21, 2009 by Hunton & Williams LLP

The Centre for Information Policy Leadership’s Executive Director, Marty Abrams, brings you these thoughts on a recent data protection summit in Barcelona.

Harmonized international data protection rules have been privacy’s Holy Grail since the EU Directive was enacted in 1995. Harmonized, globally recognized rules would simplify life for privacy protection authorities and companies. Numerous efforts have been undertaken to create a harmonized code. The most recent, an international standards project led by the Spanish Data Protection Commissioner, began on January 12 as international privacy experts met in Barcelona. The Spanish Data Protection Commissioner leads the project, and the finished product — a harmonized privacy code that will be the basis for a data protection treaty— will be a center-piece of the 31st International Conference of Data Protection and Privacy Commissioners on November 2009 in Madrid. 

The Barcelona meeting focused on a draft standards document developed by the Spanish Data Protection Authority, Agencia Espanola de Proteccion de Datos.  The document integrates many of the elements from the OECD Privacy Guidelines, Council of Europe Convention, EU Directive and APEC Privacy Framework.  In its 30 sections, the document recognizes almost every concept found in this existing guidance.

Continue reading…

Tags: , , , ,

Austrian DPA Approves SOX Whistleblowing Hotline but with Limitations

Posted on January 20, 2009 by Hunton & Williams LLP

On December 5, 2008, the Austrian data protection authority ("DPA") issued its first decision on the implementation of a whistleblowing hotline as required by the Sarbanes-Oxley Act ("SOX"), to be administered by the Austrian subsidiary of a U.S.-based company. The DPA partly approved the data transfers from the Austrian entity to the U.S. entity for the purpose of enabling it to prosecute "serious incidents" caused by the behavior of executive managers. The DPA ordered the Austrian subsidiary to implement a contract guarantying data subjects the ability to exercise their rights through the service provider managing the hotline. The DPA did not consider SOX to provide a legal basis for the transfer, but rather found that the legal basis was provided by the legitimate interests of the Austrian subsidiary, as conveyed by instructions of the employer, admissible in the context of an employment relationship, including a Code of Conduct. The conditions placed on the hotline are based on the recommendations issued by the Article 29 Working Party in its Working Paper 117. Full text of the decision is available in German here.

Tags: , ,

China to Consider Measure to Increase Protection of Personal Information

Posted on January 14, 2009 by Hunton & Williams LLP

A law that could increase the level of protection of personal information is circulating among legislative bodies in China. The proposed PRC Tort Liability Law would include clauses providing protections for personal information, by giving a person whose rights are infringed by the use of Internet services a right to demand deletion of the infringing materials. Another clause imposes liability on an Internet service provider that fails to take timely measures after receiving such a demand. Read more…

Tags:

New Anti-Spam Law Takes Effect in Israel

Posted on January 13, 2009 by Hunton & Williams LLP

On December 1, 2008, a strict anti-spam law came into effect in Israel.  The legislation, enacted as an amendment to the country’s Communications Law, prohibits the delivery of advertisements using mobile text messaging, email, fax or automatic dialing systems without first obtaining the recipient’s explicit written consent.  The law contains several exceptions to the prior consent requirement.  For example, advertisers may reach out to businesses to inquire whether they wish to receive marketing communications.  Advertisers also may send unsolicited marketing communications to individuals with whom they have established a prior business relationship, but the recipients retain the right to opt out of receiving marketing communications in the future.  The law also regulates the content of marketing communications. It requires advertisers to include in a commercial message the word "advertisement" and the advertiser’s name, address and contact information, including an email address that recipients may use to opt out.  The law contains strong enforcement provisions. Recipients of unsolicited communications may sue advertisers to collect up to the equivalent of $250 for every unsolicited communication, without proving actual damages.  Violators also may face criminal penalties and fines potentially exceeding the equivalent of $50,000.

A press release from the Israel Ministry of Communications is available here.

Tags: , ,

Satyam Crisis Highlights Data Security and Corporate Issues for Outsourcing Customers

Posted on January 9, 2009 by Hunton & Williams LLP

 Scarcely a month after the world media was flooded with news of the catastrophic terrorist attacks in Mumbai, headlines are once again rife with articles on the global impact of events in India. This time, the news has focused on Satyam Computer Services (“Satyam”), previously one of India’s largest and most prestigious outsourcing providers, and a series of missteps that began in October 2008, when alarming allegations of possible involvement in a customer security breach surfaced in the media. After that news, there were allegations of misdeeds with customers, a failed takeover attempt, and now the chairman’s confession of massive accounting irregularities.

To read more on the Satyam crisis, please click here.  Hunton & Williams has organized a cross-disciplinary team of lawyers to respond to the Satyam situation, including leading outsourcing, data security and insolvency practitioners, as well as local counsel in India. We have also released a second client alert on how Satyam customers should consider dealing with agreements, please click here to read this alert.

Tags: ,

California Ruling Permits Collection of ZIP Codes in Certain Credit Card Transactions

Posted on January 7, 2009 by Hunton & Williams LLP

A California state Court of Appeal has ruled that a California law barring merchants from collecting “personal identification information” in connection with certain credit card transactions does not prohibit the collection of a five-digit ZIP Code alone. Party City Corp. v. Superior Court of San Diego County, No. D053530, 2008 WL 5264023 (Cal. Ct. App. Dec. 19, 2008).

Continue reading…

Tags: , ,