Tag Archives: Legislation

Senators Introduce Cybersecurity Act of 2012

Posted on February 22, 2012 by Hunton & Williams LLP

On February 14, 2012, a joint U.S. congressional committee, including Senators Joseph Lieberman (I-CT), Susan Collins (R-ME), Jay Rockefeller (D-WV) and Dianne Feinstein (D-CA), introduced the Cybersecurity Act of 2012 (the “Act”). Although the legislation appears to have strong bipartisan support, during a February 15 hearing before the Homeland Security and Governmental Affairs Committee, Senator John McCain (R-AZ) indicated that he and six Republican colleagues would propose their own cybersecurity legislation in March.

Continue reading…

Tags: , , , , ,

Bill to Amend Hong Kong Privacy Ordinance Still Under Discussion

Posted on February 9, 2012 by Hunton & Williams LLP

On July 13, 2011, Hong Kong’s Personal Data (Privacy) (Amendment) Bill 2011 (the “Bill”), was introduced in the Legislative Council. Although the Bill has not yet been subject to an official vote, there have been several noteworthy developments.

Continue reading…

Tags: ,

Concerns over Independence of Hungary’s DPA Prompt Infringement Proceedings

Posted on January 24, 2012 by Hunton & Williams LLP

On January 17, 2012, the European Commission initiated expedited infringement proceedings against Hungary over recent changes to its Constitution which are considered incompatible with EU law. The proceedings follow a number of changes made to the Hungarian Constitution that came into effect on January 1, 2012. Of particular concern to the Commission are amendments affecting the independence of the national data protection authority. The Hungarian government has one month to comply, or face enforcement proceedings in the European Court of Justice.

Continue reading…

Tags: , , , , ,

EU Commission Postpones Publication of Proposal for Revised Data Protection Directive

Posted on January 12, 2012 by Hunton & Williams LLP

According to a spokesperson at the European Commission, the publication of the proposal for the review of the EU Data Protection Directive (95/46/EC) has been postponed until late February or March 2012. The draft proposal was scheduled to be officially released in late January after it was leaked in December 2011. According to various sources, the proposal received negative responses from several Directorates-General over the course of the “inter-service consultation,” some of whom have voiced their concern that the proposed new framework would be stricter than the current legal framework and thus may have a negative impact on businesses. For example, parts of the proposal, such as the right to be forgotten, are viewed by some as potentially too burdensome for companies.

Continue reading…

Tags: , , , ,

Netflix Litigation Ordered to Mediation as House Passes VPPA Amendment

Posted on December 15, 2011 by Hunton & Williams LLP

On December 1, 2011, a consolidated litigation against Netflix was ordered to private mediation pursuant to an agreement between the parties. As we previously reported, the plaintiffs allege that Netflix’s practice of maintaining customer movie rental history and recommendations after their subscriptions are cancelled violates the federal Video Privacy Protection Act (“VPPA”). In August 2011, several similar cases against Netflix were consolidated by a federal court in California.

News of the mediation order comes as a significant amendment to the VPPA awaits Senate approval. On December 6, 2011, the House of Representatives passed House Bill 2471 (“H.B. 2471”), which would allow video tape service providers to obtain consumers’ informed, written consent to disclose their personally identifiable information “[i]n advance for a set period of time or until consent is withdrawn.” H.B. 2471 also provides that “informed written consent” may be obtained electronically over the Internet. As we reported earlier this year, concerns regarding potential VPPA violations prompted Netflix to delay the U.S. launch of an integrated service with Facebook that would allow subscribers to share their television and movie viewing information. In July 2011, Netflix’s CEO criticized the VPPA as being “ambiguous” and “poorly drafted.” Discussing H.B. 2471 on the Netflix Blog, the company called on its customers to email Congress “to urge them to pass this modernizing legislation.”

Tags: , , , , , , , ,

California Passes Law Prohibiting Discrimination Based on Genetic Information

Posted on October 24, 2011 by Hunton & Williams LLP

As reported in the Hunton Employment & Labor Perspectives Blog:

California Governor Jerry Brown recently signed into law Senate Bill No. 559 (SB 559), which prohibits discrimination based on an individual’s genetic information. While SB 559 significantly expands the protections from genetic discrimination provided under the federal Genetic Information Nondiscrimination Act of 2008 (GINA), at this time, its impact on most California employers is thought to be limited to the potential for greater damages to be awarded under it than under its federal counterpart.

Continue reading…

Tags: , ,

California Joins the Growing List of States Restricting Employers’ Use of Consumer Credit Reports

Posted on October 21, 2011 by Hunton & Williams LLP

As reported in the Hunton Employment & Labor Perspectives Blog, on October 10, 2011, California became the seventh state to enact legislation restricting public and private employers alike from using consumer credit reports in making hiring and other personnel decisions. Assembly Bill No. 22 both adds a new provision to the California Labor Code — Section 1024.5 — and amends California’s Consumer Credit Reporting Agencies Act (“CCRAA”). Effective January 1, 2012, California employers will be prohibited from requesting a consumer credit report for employment purposes unless they meet one of the limited statutory exceptions, and those employers meeting an exception, will be subjected to increased disclosure requirements. Connecticut, Illinois, Hawaii, Oregon, Maryland and Washington already have similar laws on the books, and many other states, as well as the federal government, are contemplating similar legislation. This trend creates a potential “credit-centric” minefield for employers that do business in any one or more of these states. In light of the multiple laws affecting their use, employers who utilize consumer credit reports in making personnel decisions should proceed cautiously. Employers must evaluate the need for these reports in making personnel decisions, review and modify their policies to ensure compliance with the myriad of regulations in this area, and monitor any new developments to ensure continued compliance.

Continue reading…

Tags: , , , , , , , ,

Colombian Data Protection Law Approved by Constitutional Court

Posted on October 10, 2011 by Hunton & Williams LLP

On October 7, 2011, the Constitutional Court of Colombia approved a landmark omnibus data protection law.  According to its press release, the Court approved almost all provisions in the legislation, known as Ley estatutaria No. 184/ 10 Senado, 046/10 Cámara, but it took issue with Article 27 (which addresses the government’s processing of certain data), Article 29 (which addresses the expunging of certain criminal records) and Articles 30 and 31 (which both address intelligence and counterintelligence databases).  Many of the remaining provisions reflect a strong European influence.  Some highlights include:

  • With certain exceptions, the law prohibits the processing of personal data without the data subject’s prior consent.  When the personal data are sensitive data (e.g., health data), the consent must take the form of an explicit authorization.
  • The law permits cross-border transfers of personal data to countries that lack adequate data protection laws only in specified circumstances, such as (1) when the data subject has given express and unequivocal consent for the transfer (2) the transfer is necessary for the performance of a contract between the data subject and the data controller, or (3) with the approval of the Superintendence of Industry and Commerce.
  • The processing of children’s personal data is generally prohibited.
  • Data subjects have access rights.

Continue reading…

Tags: , , , , ,

OnStar Announces Reversal of Controversial Vehicle Data Collection Proposals

Posted on September 30, 2011 by Hunton & Williams LLP

On September 27, 2011, OnStar announced it was reversing proposed changes to its Terms and Conditions that would have allowed the company to continue to receive data from former subscribers’ vehicles unless they specifically opted out.  OnStar’s current Privacy Statement indicates that the GM subsidiary collects information regarding its customers’ vehicle operation, location, approximate speed, collision data and safety belt usage in connection with OnStar’s in-vehicle GPS navigation and emergency response services, and that the company “may share or sell” any of this data in anonymized form with third parties.  OnStar recently notified customers by email that it would continue to collect data from former subscribers, and that it reserved the right to distribute such data to third parties.  The announcement prompted a swift and strong reaction from members of Congress skeptical of the proposed policy changes.

Continue reading…

Tags: , , , ,

Data Breach Bills Clear Senate Judiciary Committee

Posted on September 23, 2011 by Hunton & Williams LLP

On September 22, 2011, the Senate Judiciary Committee approved three separate bills that would establish a national data breach notification standard.  Because the bills were approved on a party-line vote, and several other data breach bills currently are under consideration by other Senate committees, the prospects for these three bills in the full Senate are uncertain.

Continue reading…

Tags: , , , , , ,