Monthly Archives: October 2011

Mexico Hosts 33rd International Conference of Data Protection and Privacy Commissioners

Posted on October 31, 2011 by Hunton & Williams LLP

On November 2-3, 2011, Mexico’s Federal Institute for Access to Information and Data Protection (“IFAI”) will host the 33rd International Conference of Data Protection and Privacy Commissioners in Mexico City. Marty Abrams, President of the Centre for Information Policy Leadership at Hunton & Williams LLP, is the chairman of the Conference’s advisory panel and principal advisor to Conference organizers on program content. Hunton & Williams is a proud sponsor of the event which will feature Hunton representatives as speakers or moderators on multiple panels and plenary sessions, including the following:

Continue reading…

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,

UK Parliament Calls for Prison Sentences for Data Theft

Posted on October 31, 2011 by Hunton & Williams LLP

Members of Parliament on the House of Commons Justice Select Committee have called for courts in the United Kingdom to be given greater powers to imprison and fine individuals who breach the Data Protection Act (“DPA”). The Committee stated in its October 18, 2011 report that the current penalties for unlawfully obtaining personal data (under Section 55 of the DPA) are an inadequate deterrent, and urged the government to exercise its power to introduce prison sentences without delay. Although currently a magistrates’ court can issue fines of up to £5,000 for breaches of Section 55 (and the Crown Court can impose unlimited fines), in practice, penalties often are limited to only a few hundred pounds.

Continue reading…

Tags: , , , ,

Israeli Justice Ministry Announces Breakthrough in Information Theft Case

Posted on October 27, 2011 by Hunton & Williams LLP

On October 24, 2011, Israel’s Data Protection Authority, the Israeli Law, Information and Technology Authority in the Israeli Ministry of Justice (“ILITA”), announced significant developments in an information theft case affecting more than nine million Israeli citizens. In 2006, a contract worker hired by Israel’s Ministry of Welfare and Social Services downloaded a copy of Israel’s population registry to his home computer. The registry later fell into the hands of a software developer and a hacker before being disseminated on the Internet along with a program that allowed users to run searches and queries on the data. The stolen personal information included full names, identification numbers, addresses, dates of birth, dates of immigration to Israel, family status, names of siblings and other information.

Continue reading…

Tags: , , ,

California Passes Law Prohibiting Discrimination Based on Genetic Information

Posted on October 24, 2011 by Hunton & Williams LLP

As reported in the Hunton Employment & Labor Perspectives Blog:

California Governor Jerry Brown recently signed into law Senate Bill No. 559 (SB 559), which prohibits discrimination based on an individual’s genetic information. While SB 559 significantly expands the protections from genetic discrimination provided under the federal Genetic Information Nondiscrimination Act of 2008 (GINA), at this time, its impact on most California employers is thought to be limited to the potential for greater damages to be awarded under it than under its federal counterpart.

Continue reading…

Tags: , ,

Mexico’s Ministry of Economy Releases Updated Data Protection Regulations

Posted on October 21, 2011 by Hunton & Williams LLP

On October 20, 2011, Mexico’s Ministry of Economy made public an update to its proposed Regulations to the Federal Law for the Protection of Personal Data Held by Private Parties. The new draft regulations, which contain changes made in light of public comments on the prior version, will take effect if they receive final executive approval, which may happen later this year. The updates to the draft regulations include:

  • Rules specific to cloud computing
  • Clarification of notice requirements
  • Clarification of consent requirements
  • Exemptions for certain business contact information
  • Revisions to data transfer restrictions
  • Updated security and breach notification provisions
  • Revised requirements for self-regulatory schemes
  • Revisions to provisions governing the exercise of data subjects’ rights
Tags: , , , ,

California Joins the Growing List of States Restricting Employers’ Use of Consumer Credit Reports

Posted on October 21, 2011 by Hunton & Williams LLP

As reported in the Hunton Employment & Labor Perspectives Blog, on October 10, 2011, California became the seventh state to enact legislation restricting public and private employers alike from using consumer credit reports in making hiring and other personnel decisions. Assembly Bill No. 22 both adds a new provision to the California Labor Code — Section 1024.5 — and amends California’s Consumer Credit Reporting Agencies Act (“CCRAA”). Effective January 1, 2012, California employers will be prohibited from requesting a consumer credit report for employment purposes unless they meet one of the limited statutory exceptions, and those employers meeting an exception, will be subjected to increased disclosure requirements. Connecticut, Illinois, Hawaii, Oregon, Maryland and Washington already have similar laws on the books, and many other states, as well as the federal government, are contemplating similar legislation. This trend creates a potential “credit-centric” minefield for employers that do business in any one or more of these states. In light of the multiple laws affecting their use, employers who utilize consumer credit reports in making personnel decisions should proceed cautiously. Employers must evaluate the need for these reports in making personnel decisions, review and modify their policies to ensure compliance with the myriad of regulations in this area, and monitor any new developments to ensure continued compliance.

Continue reading…

Tags: , , , , , , , ,

SEC Issues Disclosure Guidance on Cybersecurity Matters and Cyber Incidents

Posted on October 20, 2011 by Hunton & Williams LLP

On October 13, 2011, the Securities and Exchange Commission Division of Corporation Finance issued disclosure guidance (“Guidance”) regarding cybersecurity matters and cyber incidents. While the Guidance does not change existing disclosure requirements, it does add specificity to existing requirements. In some respects, that specificity is helpful, but the Guidance fails to take into account the uncertainty that inevitably accompanies efforts to assess and disclose cybersecurity matters and incidents.

Read a detailed summary of the Guidance and analysis regarding its effects, including its impact on disclosures both before and after a cyber incident, enforcement-related proceedings and potential litigation.

Tags: , ,

New Jersey Courts Issue Conflicting Rulings in ZIP Code Collection Cases

Posted on October 18, 2011 by Hunton & Williams LLP

Last month, two New Jersey judges issued opposing decisions in class action lawsuits regarding merchants’ point-of-sale ZIP code collection practices. The conflicting orders leave unanswered the question of whether New Jersey retailers are prohibited from requiring and recording customers’ ZIP codes at the point of sale during credit card transactions.

Continue reading…

Tags: , , , , ,

Council of Europe Considers Proposal to Amend Convention 108 Rules on Transborder Data Flows

Posted on October 17, 2011 by Hunton & Williams LLP

On October 10-12, 2011, the Council of Europe’s Bureau of the Consultative Committee of the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (known as the “T-PD-Bureau”) met in Strasbourg, France, to discuss, among other things, amending the Council of Europe’s Convention 108 and Additional Protocol. Convention 108 (together with the Protocol), which underlies the European Union’s legal framework for data protection, is the only legally-binding international convention that addresses data protection. Amendment of the Convention is also closely linked to the current review of the EU data protection framework.

Continue reading…

Tags: , , , ,

French Data Protection Authority Launches Public Consultation on Cloud Computing

Posted on October 17, 2011 by Hunton & Williams LLP

On October 17, 2011, the French Data Protection Authority (the “CNIL”) launched a public consultation on cloud computing (the “Consultation”). The Consultation seeks to gather opinions from stakeholders (clients, providers, consultants) regarding cloud computing services for businesses, to identify legal and technical solutions that address data protection concerns while taking into account the economic interests involved.

Continue reading…

Tags: , , , , , ,