Privacy & Information Security Law Blog : Privacy Lawyer & Attorney : Hunton & Williams Law Firm : Personal Data, Information Security

Richard Thomas (RT): Lisa, congratulations on the publication of the new treatise.  I’m sure the Privacy team has been waiting for its release.  Could you give us some background on what prompted you and the team to write the Privacy and Data Security Law Deskbook?

Lisa Sotto (LS): Thanks, Richard.  Privacy and information security are topics that have received significant attention during the last few years.  Organizations that manage personal information are under the microscope and are struggling to keep up with the many new and evolving legal requirements around the world.  In addition, there is a real uptick in enforcement actions for privacy and data security incidents.  As the former Information Commissioner of the UK, I’m sure you would agree that privacy is an issue on which nearly every global company must focus.  In 2009 alone, companies spent an average of $6.6 million to rebuild their brand image and retain customers after being involved in some type of data breach the previous year.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On July 20, 2010, Hunton & Williams announced the release of the first edition treatise Privacy and Data Security Law Deskbook (Aspen Publishers) by lead author Lisa J. Sotto, managing partner of the firm’s New York office and head of the firm’s global Privacy and Information Management practice.  The deskbook provides a detailed overview (with thousands of specific citations for the legal practitioner) of those areas of information privacy and data security law that have the greatest impact on and are most relevant to U.S. businesses operating in the global arena.  In addition, the treatise contains a collection of sample documents, charts, checklists and other compliance-enabling tools.  View the press release on the Privacy and Data Security Law Deskbook.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Hunton & Williams is pleased to announce its 2010 rankings from Chambers and Partners and The Legal 500 United States.  The firm was ranked #1 in both surveys for its Privacy and Information Management practice.

Once again, the firm was ranked in "Band 1" for Privacy and Data Security by both the Chambers USA and Chambers Global guides.  Chambers notes, "the team is particularly praised for its international expertise, especially in matters involving the European Union, such as cross-border data transfers."  Clients note that the firm "is a major competitor, especially on data breaches."  In addition, Lisa J. Sotto, partner and head of the firm's Privacy and Information Management practice, was ranked in "Band 1."  Clients note that she is "doing top-quality work and has a superb level of knowledge."  Read the full news release.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Hunton & Williams LLP announces the expansion of its leading Global Privacy and Information Management practice with the addition on August 1, 2010, of Wim Nauwelaerts as Counsel in the Brussels office.  Formerly counsel in Hogan Lovells' Brussels office, Mr. Nauwelaerts brings 15 years of experience in international privacy, data protection and information security law.  He has a broad range of experience in the area of European data protection, and focuses specifically on data privacy issues for healthcare and life sciences clients.  Read the press release.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Julie Brill and Edith Ramirez took their oaths of office on April 5 and 6, 2010, completing the Federal Trade Commission’s roster of five commissioners and facilitating the Commission’s new tougher stance on privacy.  As we previously reported, Ms. Brill and Ms. Ramirez were confirmed by the U.S. Senate on March 3, 2010.  There are now three Democrats and two Republicans on the Commission.

Last year, when the Commission was comprised of one Democrat, two Republicans, an independent and a vacant seat, FTC Chairman Jon Leibowitz announced an aggressive agenda for the Commission, including a “privacy re-think.”  The new Democratic majority will make it easier to advance that agenda through recommendations to Congress, responses to market requests for greater self regulation and the approach taken with respect to enforcement cases.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

According to BNA’s Privacy Law Watch, on March 8, 2010, Senator Patrick Leahy asked President Obama to nominate members for the dormant Privacy and Civil Liberties Oversight Board.  The Board, which was created in 2004 upon the recommendation of the 9/11 Commission, focuses on ensuring that privacy and civil liberties concerns are incorporated into anti-terrorism laws and regulations.  Although President Obama had pledged in May 2009 to reconstitute the board, which has had no members since January 2008, privacy advocates say that his focus on cybersecurity issues has delayed the nomination process.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On March 9, 2010, the European Court of Justice ruled that the Federal Republic of Germany’s practice of “state supervision” over data protection authorities violates EU Data Protection Directive 95/46/EC.  The case, brought by the EU Commission, is a milestone which will force Germany to change the structure of its DPA system and could have ramifications in other countries as well.

The Court’s decision is based on Article 28(1) of the Directive, which requires that data protection authorities (“DPAs”) act with “complete independence.” German law makes a distinction with regard to DPA supervision depending on whether the data processing is carried out by public or non-public bodies.  There are therefore different authorities responsible for monitoring public entities’ compliance with data protection provisions versus those that monitor compliance by private parties and undertakings governed by public law which compete on the market (öffentlich-rechtliche Wettbewerbsunternehmen) outside the public sector (such as transportation and utility companies).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On March 3, 2010, the Senate unanimously confirmed the nominations of Julie Brill and Edith Ramirez to serve as FTC Commissioners for seven-year terms.  Most recently, Ms. Brill has served as Deputy Attorney General for Consumer Protection and Antitrust for the State of North Carolina.  She was formerly Assistant Attorney General for Consumer Protection and Antitrust for the State of Vermont and has served as Chair of the Committee on Privacy for the National Association of Attorneys General.  Edith Ramirez is a partner at Quinn Emanuel Urquhart Oliver & Hedges, LLP in Los Angeles, where she handles complex business litigation matters.  In addition to the appointment of Jon Leibowitz as Chairman of the FTC by President Obama, these new appointments will give control of the FTC to the Democrats.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On December 7, 2009, the Business Forum for Consumer Privacy released “A Use and Obligations Approach to Protecting Privacy: A Discussion Document" at the Federal Trade Commission’s roundtable entitled “Exploring Privacy.”  The roundtable was a first step in the FTC’s effort to re-examine privacy protection in light of rapid, dynamic changes in technology, advances in data analytics and increasingly ubiquitous data collection and use.  The paper is the product of a three year effort on the part of the Forum to develop an approach to protecting data that meets the needs of businesses and consumers in this emerging environment.  The paper may be found at www.informationpolicycentre.com.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Senior staff changes at the Federal Trade Commission have enhanced privacy’s profile within the agency.  Jessica Rich is the new Deputy Director of Consumer Protection.  Ms. Rich has been the Acting Associate Director responsible for the Division of Privacy and Identity Protection following nearly a decade as Assistant Director for the Division.  Rich has long been seen as the FTC’s staff’s privacy thought leader.  The new Privacy Division Associate Director is Maneesha Mithal.  Ms. Mithal brings a strong international background to the position.  The new Assistant Director is Mark Eichorn, a long time attorney advisor to the Chairman Jon Leibowitz.  The Associate Director in charge of the Division of Financial Practices, Joel Winston, had led the Division of Privacy and Identity Protection, and brings a great deal of privacy experience to the financial practices position. 

The FTC begins a major privacy initiative on Monday, December 7, when it will hold the first of three roundtables exploring future directions for privacy oversight.  The second roundtable will be in Berkeley on January 28, 2010 with the third in Washington the second half of March.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In 1980, the Organization for Economic Cooperation and Development (“OECD”) first published privacy guidelines that included an accountability principle.  Since that time, little work has been done to define accountability or to describe what it means for organizations to be accountable for the responsible use and protection of data.  In an effort to fill that gap, The Centre for Information Policy Leadership has authored “Data Protection Accountability: The Essential Elements” which articulates the conditions organizations would have to meet to be accountable.  The Accountability paper is the result of the Galway Accountability Project, an initiative facilitated by Ireland’s Office of the Data Protection Commissioner and co-sponsored by the OECD.  As the project’s secretariat, the Centre served as principal drafter of the Accountability paper, which considers the concept of accountability as it applies in the current data environment where data collection and use is ubiquitous, data flows are difficult or impossible to track, and jurisdictional issues abound as data crosses national borders.  The Galway Project enlisted specialists from twelve countries, and the participation of privacy protection agencies from Europe, Asia and North America.  Consumer advocates and business representatives also took part.  The Accountability paper will bring a critical international perspective to the dialogue on changing privacy law in Europe, the United States and Canada.

• Email This
• Print
• Trackbacks
• Share Link

Federal Trade Commission Chairman Jon Leibowitz has appointed six senior staff members with extensive experience in the private sector, in the public interest community, in academia, and in government.

“We’re delighted to attract such a talented and creative group of people,” Leibowitz said. “Their leadership and expertise will help ensure that the Commission’s work on behalf of American consumers will continue to be effective. We’re very fortunate.”

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Centre for Information Policy Leadership provides the following thoughts on the Obama Adminstration's views on privacy:
 
The themes of President Obama’s inaugural address not only conveyed a strong message to the nation, but reflected current concerns about data governance shared by privacy professionals and policymakers as well.  His speech captured the importance of individual responsibility in public and personal life as America faces challenging economic times.  In demanding accountability from government, he required that the nation’s work be conducted “in the light of day -- because only then can we restore the vital trust between a people and their government.”  Obama’s remarks about the potent values of responsibility and accountability apply in the information-intensive world of business. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link