Privacy & Information Security Law Blog : Privacy Lawyer & Attorney : Hunton & Williams Law Firm : Personal Data, Information Security

Richard Thomas (RT): Lisa, congratulations on the publication of the new treatise.  I’m sure the Privacy team has been waiting for its release.  Could you give us some background on what prompted you and the team to write the Privacy and Data Security Law Deskbook?

Lisa Sotto (LS): Thanks, Richard.  Privacy and information security are topics that have received significant attention during the last few years.  Organizations that manage personal information are under the microscope and are struggling to keep up with the many new and evolving legal requirements around the world.  In addition, there is a real uptick in enforcement actions for privacy and data security incidents.  As the former Information Commissioner of the UK, I’m sure you would agree that privacy is an issue on which nearly every global company must focus.  In 2009 alone, companies spent an average of $6.6 million to rebuild their brand image and retain customers after being involved in some type of data breach the previous year.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On July 20, 2010, Hunton & Williams announced the release of the first edition treatise Privacy and Data Security Law Deskbook (Aspen Publishers) by lead author Lisa J. Sotto, managing partner of the firm’s New York office and head of the firm’s global Privacy and Information Management practice.  The deskbook provides a detailed overview (with thousands of specific citations for the legal practitioner) of those areas of information privacy and data security law that have the greatest impact on and are most relevant to U.S. businesses operating in the global arena.  In addition, the treatise contains a collection of sample documents, charts, checklists and other compliance-enabling tools.  View the press release on the Privacy and Data Security Law Deskbook.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

“The Department of Commerce is back.”  With those words Cameron Kerry, General Counsel of the U.S. Department of Commerce, made it clear the Department intends to take a leading role in shaping domestic privacy policy and representing U.S. privacy interests in international discussions.  The announcement was made at the May 7, 2010, Department of Commerce symposium, “A Dialogue on Privacy and Innovation,” where the mostly business audience welcomed Mr. Kerry’s declaration with great enthusiasm.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Department of Commerce (“DOC”) will be holding a public meeting on May 7, 2010, in Washington, D.C., to listen to stakeholders’ views on privacy policies in the United States.  This session is part of a broader inquiry by the DOC’s newly created Internet Policy Task Force “whose mission is to identify leading public policy and operational challenges in the Internet environment.”  The DOC’s National Telecommunications and Information Administration and the International Trade Administration will issue a notice of inquiry to look at the nexus between innovation and privacy on the Internet.  The Centre for Information Policy Leadership will be participating in these processes.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Join us next week at the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C., April 19 – 21, 2010.  This year’s summit features three days of intensive programs and networking with more 1,500 privacy professionals.  We also hope you will visit our privacy professionals who are speaking on the following panels:

• The Essential Elements of Accountability and Baking Them into a Privacy Business Process
  Tuesday April 20, 1:15 – 2:15 p.m.
  Speakers include: Marty Abrams, Executive Director of the Centre for Information Policy Leadership and Scott Taylor, CIPP, Chief Privacy Officer of Hewlett-Packard Company.
   
• Revisiting the Safe Harbor a Decade Later
  Wednesday April 21, 12:15 – 1:15 p.m.
  Speakers include: Lisa J. Sotto, Partner and Head of the Privacy and Information Management Practice at Hunton & Williams LLP; Damon Greer, CIPP, Director, U.S. - EU and Swiss Safe Harbor Framework, U.S. Department of Commerce; and JoAnn Stonier, Global Privacy & Data Usage Officer of MasterCard Worldwide.
   
• Data Can Be Good: Exploring Alternatives to Data Minimization for Protecting Privacy
  Wednesday April 21, 12:15 – 1:15 p.m.
  Speakers include: Marty Abrams, Executive Director of the Centre for Information Policy Leadership; Fred Cate, Distinguished Professor of Indiana University and Senior Policy Advisor of the Centre for Information Policy Leadership; and Stan Crosley, CIPP, Co-Director of Indiana University Center for Strategic Health Information Provisioning and Principal of Crosley Law Offices, LLC. The program is moderated by Jane Horvath, CIPP, CIPP/G, Senior Privacy Counsel of Google, Inc.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Julie Brill and Edith Ramirez took their oaths of office on April 5 and 6, 2010, completing the Federal Trade Commission’s roster of five commissioners and facilitating the Commission’s new tougher stance on privacy.  As we previously reported, Ms. Brill and Ms. Ramirez were confirmed by the U.S. Senate on March 3, 2010.  There are now three Democrats and two Republicans on the Commission.

Last year, when the Commission was comprised of one Democrat, two Republicans, an independent and a vacant seat, FTC Chairman Jon Leibowitz announced an aggressive agenda for the Commission, including a “privacy re-think.”  The new Democratic majority will make it easier to advance that agenda through recommendations to Congress, responses to market requests for greater self regulation and the approach taken with respect to enforcement cases.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Justice Michael Kirby was invited by the Organization for Economic Cooperation and Development (the “OECD”) to open the celebration of the 30th anniversary of the adoption of the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.  Justice Kirby led the group of experts who worked from 1978-1980 to develop the Guidelines, which have formed the basis of modern privacy and data protection law.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On March 17, 2010, the Federal Trade Commission convened the last of its three-part series of roundtable discussions entitled “Exploring Privacy.”  In her opening remarks, outgoing Commissioner Pamela Jones Harbour emphasized the critical importance of privacy to consumers, stating that “consumer privacy cannot be run in beta,” and that companies often inappropriately expose consumer data during new product rollout.  David Vladeck, Director of the FTC’s Bureau of Consumer Protection, then set the stage by invoking the “notice is broken” theme that recurred during the first two roundtables on December 7, 2009, and January 28, 2010, and was echoed by participants in the March 17 event.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On March 3, 2010, the Senate unanimously confirmed the nominations of Julie Brill and Edith Ramirez to serve as FTC Commissioners for seven-year terms.  Most recently, Ms. Brill has served as Deputy Attorney General for Consumer Protection and Antitrust for the State of North Carolina.  She was formerly Assistant Attorney General for Consumer Protection and Antitrust for the State of Vermont and has served as Chair of the Committee on Privacy for the National Association of Attorneys General.  Edith Ramirez is a partner at Quinn Emanuel Urquhart Oliver & Hedges, LLP in Los Angeles, where she handles complex business litigation matters.  In addition to the appointment of Jon Leibowitz as Chairman of the FTC by President Obama, these new appointments will give control of the FTC to the Democrats.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Federal Trade Commission’s second “Exploring Privacy” roundtable concluded Thursday, January 28, 2010.  The roundtable did not provide many firm conclusions, but it did help further refine some hard issues facing privacy protection.

Although Thursday’s hearing was intended to be devoted to technology issues, the role of regulation appeared to dominate the discussions.  “Everyone is dying to talk about regulation,” said Jessica Rich, Deputy Director of the Bureau of Consumer Protection, moderating a panel on Technology and Policy.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On January 19, 2010, Information and Privacy Commissioner David Loukidelis resigned to accept the post of Deputy Attorney General of British Columbia.  Mr. Paul Fraser, the Conflict of Interest Commissioner, has been named interim Commissioner.  The appointment of a permanent successor is expected in the spring when the British Columbia legislature reconvenes.  
 
View the Commissioner Loukidelis' letter of resignation. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Lisa Sotto, head of the Privacy and Information Management practice of Hunton & Williams LLP, has been appointed to the Board of Directors of the International Association of Privacy Professionals (“IAPP”). The IAPP is the world’s largest association of privacy professionals and works to define, promote and improve the privacy profession through networking, education and certification.

Sotto also serves as a member and is a former vice chair of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. She is co-chair of the International Privacy Law Committee of the New York State Bar Association and chair of the New York Privacy Officers Forum.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On January 18, 2010, the Privacy Commissioner of Canada, Jennifer Stoddart, announced a public consultation to examine the privacy issues associated with online tracking, profiling and targeting of consumers.  The Commissioner noted that the consultation will “provide a forum for the exploration of the privacy implications related to this modern industry practice, and the protections that Canadians expect.”  The consultation marks the first in a series to review emerging technologies that are likely to have a considerable impact on consumer privacy.  The announcement of a second consultation on cloud computing is anticipated in the near future.

The Office of the Privacy Commissioner has put out a call for participation and written submissions by interested parties are due by March 15, 2010.  For further information on the consultation process, view the Office of the Privacy Commissioner's news release.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On January 12, 2010, Ms. Viviane Reding, Commissioner-designate for Justice, Fundamental Rights and Citizenship, was questioned during a public hearing before the European Parliament.  During this hearing, Ms. Reding revealed her priorities in the field of privacy and data protection.  “Fundamental rights and data protection will be top of the line” said Ms. Reding, who explained that she intends to incorporate the EU’s data protection rules into a modern and comprehensive legal instrument.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On December 7, 2009, the Business Forum for Consumer Privacy released “A Use and Obligations Approach to Protecting Privacy: A Discussion Document" at the Federal Trade Commission’s roundtable entitled “Exploring Privacy.”  The roundtable was a first step in the FTC’s effort to re-examine privacy protection in light of rapid, dynamic changes in technology, advances in data analytics and increasingly ubiquitous data collection and use.  The paper is the product of a three year effort on the part of the Forum to develop an approach to protecting data that meets the needs of businesses and consumers in this emerging environment.  The paper may be found at www.informationpolicycentre.com.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On Monday, December 7, the Federal Trade Commission began a three-part series of roundtables collectively entitled "Exploring Privacy."  The conference opened with a presentation by Richard M. Smith featuring data flow charts he developed with FTC staff to illustrate the current “personal data ecosystem” and how personal information moves in various online and offline contexts.  The charts that served as the basis for his discussion (available here) offer a sense of the FTC’s understanding of today’s information marketplace.  Other panels covered topics such as consumer expectations, information brokers and online behavioral advertising.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Senior staff changes at the Federal Trade Commission have enhanced privacy’s profile within the agency.  Jessica Rich is the new Deputy Director of Consumer Protection.  Ms. Rich has been the Acting Associate Director responsible for the Division of Privacy and Identity Protection following nearly a decade as Assistant Director for the Division.  Rich has long been seen as the FTC’s staff’s privacy thought leader.  The new Privacy Division Associate Director is Maneesha Mithal.  Ms. Mithal brings a strong international background to the position.  The new Assistant Director is Mark Eichorn, a long time attorney advisor to the Chairman Jon Leibowitz.  The Associate Director in charge of the Division of Financial Practices, Joel Winston, had led the Division of Privacy and Identity Protection, and brings a great deal of privacy experience to the financial practices position. 

The FTC begins a major privacy initiative on Monday, December 7, when it will hold the first of three roundtables exploring future directions for privacy oversight.  The second roundtable will be in Berkeley on January 28, 2010 with the third in Washington the second half of March.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In a closed session on November 5, 2009, the 31st International Conference of Data Protection and Privacy Commissioners adopted the International Standards on the Protection of Personal Data and Privacy (the “Standards”).  Although the document is advisory in nature and is not legally binding, it offers guidance to States that have not yet adopted comprehensive data protection laws.  The Spanish Data Protection Agency, which acted as the secretariat for drafting the Standards, held two meetings that included more than fifty privacy enforcement agencies, privacy advocates and businesses before hosting a final drafting session that was reserved for recognized data protection authorities.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Every year since 2005, the United States, the European Commission and the Article 29 Working Party on Data Protection meet to review the latest developments in the U.S.-EU Safe Harbor Framework, as well as changes in privacy compliance, information security and data protection.  This year’s  International Conference on Cross Border Data Flows, Data Protection and Privacy occurs November 16 - 18 and features leading experts who will examine these issues and others, as well as changes made to the approval process for binding corporate rules.  Join our privacy professionals, Martin Abrams and Fred Cate, who are speaking at this global event.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Janet Napolitano, Secretary of the Department of Homeland Security, and Alfredo Perez Rubalcaba, the Spanish Minister of the Interior, spoke in contrasting tones today of the difficulties of finding the right balance between security and privacy.  The theme "Striving for a Balance Between Security and Privacy" was debated during the first plenary session of the 31st International Conference of Data Protection and Privacy Commissioners in Madrid.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On November 4, join our privacy professionals at the 31st International Conference of Data Protection and Privacy Commissioners in Madrid, Spain.  Participate in various presentations on ways to manage the most challenging data protection issues in today’s global environment.  In addition, the International Association of Privacy Professionals (“IAPP”) will host a Data Protection and Privacy Workshop in conjunction with the conference.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On September 15, 2009, the Federal Trade Commission unveiled a series of public roundtables that will focus on the effect of modern technology and business practices on the privacy of consumer information.  The goal of the panels is to explore how to best balance the concerns for consumer privacy, beneficial use of consumer information and technological innovation.  The discussions will address myriad technologies and practices, such as social networking, cloud computing, behavioral marketing, mobile marketing and, generally, the collection of consumer information for various purposes.  The roundtables will also consider the adequacy of existing legal and self-regulatory frameworks.  Participants will include academics, privacy experts, consumer advocates, industry representatives, technology experts, legislators, and experts from outside the United States.  The Commission has asked individuals and organizations to submit requests to participate as panelists and suggest discussion topics.  The Commission also has asked interested parties to submit written comments and research on the issues of (i) risks, concerns and benefits associated with the collection and use of consumer information, (ii) consumer expectations of how their information is used, and (iii) the adequacy of existing legal requirements and self-regulatory regimes in protecting consumer privacy interests.

Click here for more information on the Commission’s news release.

• Email This
• Print
• Trackbacks
• Share Link

Don’t miss the 2009 International Association of Privacy Professionals’ (“IAPP”) Privacy Academy in Boston, MA, September 16-18th. The Academy provides various program topics on operational privacy and technology, as well as advanced breakout sessions focusing on today’s cutting edge privacy issues. We hope you will visit our privacy attorneys who are speaking on the following panels:

• Suggestions From the States: Designing a Workable Breach Notice Requirement, Thursday, September 17, 11 a.m. – 12 p.m., Aaron Simpson, Hunton & Williams, moderates, and speakers include Rosa Barcelo, Senior Lawyer, European Data Protection Supervisor’s Office; Christopher Pierson, CIPP, CIPP/G, Chief Privacy Officer, Senior Vice President, Citizens Financial Group, Inc.; and James Shreve, CIPP, Attorney, Goodwin Procter, LLP
• Federal Breach Notification Laws, Friday, September 18, 2:15 – 3:15 p.m., speakers include Bo Holland, Founder and CEO, Debix, Inc. and Rachel St. John, Hunton & Williams

• Email This
• Print
• Trackbacks
• Share Link

On May 19 and 20 the European Commission held a conference which was perhaps the most important data protection event in Brussels since the Commission conference on evaluation of the EU Data Protection Directive 95/46/EC held in 2002. The conference was part of the Commission's current evaluation of the Directive, and was designed to explore both the current status of data protection in the EU and where it is headed in the coming years. Speakers included Jacques Barrot, the European Commissioner in charge of justice, freedom and security; Alex Türk, chairman of the CNIL (French Data Protection Authority) and the Article 29 Working Party; European Data Protection Supervisor Peter Hustinx; and representatives of European academia, business and non-governmental organizations. Christopher Kuner of Hunton & Williams was among the speakers. The entire event was webcast live; video coverage will shortly be available here.

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

Wednesday, January 28, 2009, marks the second annual international Data Privacy Day, which brings together a broad coalition of privacy professionals from both the private and public sectors, as well as corporations, academics and policymakers, with the goal of promoting awareness and collaboration on a variety of data privacy issues.

A wide variety of events celebrating Data Privacy Day has been scheduled throughout the week across the United States, Canada and the European Union. The Triangle Center on Terrorism and Homeland Security and Intel Corporation are sponsoring a panel discussion on the future of privacy and national security, which will include leading experts from the U.S. State Department, Justice Department and Department of Homeland Security and the European Commission, as well as professionals from both the private sector and academia. The discussion will be followed by a reception hosted by Hunton & Williams LLP. This event is open to the public and will take place January 27 from 4 - 6 p.m. at the Sanford Institute of Public Policy at Duke University.

In addition, on Wednesday the 28th, representatives from Hunton & Williams Centre for Information Policy Leadership, TRUSTe, CDT and various industry groups including the ITAA will join Congressman David Price and Member of the European Parliament Alexander Alvaro to participate in an event focused on government's role in increasing privacy awareness and trust, from 4:30 - 6:30 p.m. on the Hill at the Rayburn Building. That same day, the European Privacy Officers Forum and the International Association of Privacy Professionals will host a cocktail reception following a panel discussion on the future of data protection featuring top EU privacy experts. The reception will take place from 5:30 - 7:30 p.m. in the Brussels offices of Hunton & Williams LLP.

More information about Data Privacy Day can be found here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link