Richard Thomas Interviews Lisa Sotto, Author of the Privacy and Data Security Law Deskbook Published by Aspen Publishers

Posted on August 10, 2010 by Hunton & Williams LLP

Richard Thomas (RT): Lisa, congratulations on the publication of the new treatise.  I’m sure the Privacy team has been waiting for its release.  Could you give us some background on what prompted you and the team to write the Privacy and Data Security Law Deskbook?

Lisa Sotto (LS): Thanks, Richard.  Privacy and information security are topics that have received significant attention during the last few years.  Organizations that manage personal information are under the microscope and are struggling to keep up with the many new and evolving legal requirements around the world.  In addition, there is a real uptick in enforcement actions for privacy and data security incidents.  As the former Information Commissioner of the UK, I’m sure you would agree that privacy is an issue on which nearly every global company must focus.  In 2009 alone, companies spent an average of $6.6 million to rebuild their brand image and retain customers after being involved in some type of data breach the previous year.

RT: $6.6 million!  That’s quite an investment.

LS: Yes, an investment that could have been better directed considering the current economic crisis.  So many of these incidents could have been prevented.  That’s why our treatise is important.  It provides thorough, practical and sector-specific guidance that will help organizations avoid these types of events.

RT: Why do you believe there are so many privacy and data security incidents?

LS: Honestly, I think there are a number of companies that still are not spending the types of resources necessary to fully understand their legal and practical obligations in this area.

RT: What information do you provide in your treatise to help companies better understand the rules?

LS: Not only is the book thorough, but it’s also filled with sample documents, checklists and other compliance-enabling tools.  With these resources, readers are better able to navigate the complex maze of U.S. privacy law, understand breach notification requirements, comply with global data protection requirements, and keep current with emerging legal trends.

RT: Can you tell me some of the areas covered by the book?

LS: There are chapters on financial privacy, social networking, privacy torts, surveillance, health information (more specifically, HIPAA compliance), privacy in the workplace and cyber terrorism to name a few.

RT: Is there information in the treatise that you think would be specifically helpful to me considering I’m in London?

LS: Yes, we have included information on international privacy and data protection laws as well.

RT: Who should be reading this deskbook?  Does the book target a specific audience?

LS: The treatise targets privacy officers and attorneys involved in managing global privacy and data security issues.

RT: How can I get a copy of the treatise?

LS: You can order a copy online at www.aspenpublishers.com or by calling toll-free to 1-800-638-8437.  We also have a link to order the book on our blog at www.huntonprivacyblog.com.

RT: Lisa, it has been a pleasure.  All the best with your new project.  I’m optimistic that total dollars spent to rebuilt brand image in 2010 will be significantly decreased once companies get a hold of your treatise.

LS: Thanks, Richard, that’s my goal!
Tags: , , , , , , , , , , , , ,

Compliance and Ethics Fundamentals: Trends in Privacy and Data Security Compliance

Posted on August 2, 2010 by Hunton & Williams LLP

As scrutiny and enforcement escalate in corporate privacy and data security, has your organization developed policies that meet local and global compliance requirements?
 
Lisa J. Sotto, head of the Global Privacy and Information Management practice at Hunton & Williams and a member of the SAI Global Law & Ethics Advisors, along with Jeff Kaplan, Kaplan & Walker, LLC and Chair of the SAI Global Law & Ethics Advisors, deliver an informative podcast reviewing the drivers for privacy and data security policy compliance, and they discuss the keys to a successful compliance program.
 

With foreign and domestic privacy compliance enforcement at an all-time high, thorough privacy and data security measures are imperative to mitigate potential risk and enforcement actions, especially with global companies that may have to comply with different local standards.  In order to implement an effective compliance program, it is critical to identify accountabilities, clearly communicate corporate policies, and deliver effective training and awareness to all parties involved in an organization, including employees, contractors and third-party representatives.
 
Join our esteemed panelists as they explore the corporate privacy and data security landscape and deliver insight into effective policy design.
 
Tags: , , , ,

Hunton & Williams' Privacy Team Releases Privacy and Data Security Law Deskbook

Posted on July 27, 2010 by Hunton & Williams LLP

On July 20, 2010, Hunton & Williams announced the release of the first edition treatise Privacy and Data Security Law Deskbook (Aspen Publishers) by lead author Lisa J. Sotto, managing partner of the firm’s New York office and head of the firm’s global Privacy and Information Management practice.  The deskbook provides a detailed overview (with thousands of specific citations for the legal practitioner) of those areas of information privacy and data security law that have the greatest impact on and are most relevant to U.S. businesses operating in the global arena.  In addition, the treatise contains a collection of sample documents, charts, checklists and other compliance-enabling tools.  View the press release on the Privacy and Data Security Law Deskbook.

Tags: , , , , , , , , , , , , ,

FTC's David Vladeck Opposes Bankruptcy Transfer of Personal Information

Posted on July 15, 2010 by Hunton & Williams LLP

David Vladeck, Director of the FTC’s Bureau of Consumer Protection, recently sent a letter to creditors of XY Magazine, warning that the creditors’ acquisition of personal information about the debtor’s subscribers and readers in contravention of the debtor’s privacy promises could violate the Federal Trade Commission Act (“FTC Act”).

Vladeck’s letter explained that, since its inception, the debtor’s website “Sign-up Confirmation Page” told potential members/subscribers: “Please note our amazing privacy policy. We never give your info to anybody.”  Another representation, which appeared on the website and was directed to magazine subscribers, stated: “[O]ur privacy policy is simple: we never share your information with anybody.”  Those submitting online profile information were told that such information “will not be published. [W]e keep it secret.”  The magazine catered to a young gay audience, including individuals whose sexual orientation was a secret.  The creditors have been seeking to acquire the magazine’s subscriber information, among other assets.  Under these circumstances, Vladeck argues, a transfer of the information to the creditors would contradict the privacy statements made to the subscribers, in possible violation of the FTC Act’s prohibition against “unfair or deceptive acts or practices.”

This incident is a reminder of the legal significance of privacy promises made outside the context of an actual privacy policy, and it highlights the need to anticipate changes in business circumstances (such as mergers or sales of assets) when making any privacy representations.  Inappropriate commitments may prove damaging to the company, its investors and creditors.  Read more about emerging privacy issues in bankruptcy in an article published by GC New York by Lisa J. Sotto, Scott H. Bernstein and Boris Segalis.
Tags: , , , , , , ,

Hunton & Williams Tops Privacy Rankings

Posted on July 13, 2010 by Hunton & Williams LLP

Hunton & Williams is pleased to announce its 2010 rankings from Chambers and Partners and The Legal 500 United States.  The firm was ranked #1 in both surveys for its Privacy and Information Management practice.

Once again, the firm was ranked in "Band 1" for Privacy and Data Security by both the Chambers USA and Chambers Global guides.  Chambers notes, "the team is particularly praised for its international expertise, especially in matters involving the European Union, such as cross-border data transfers."  Clients note that the firm "is a major competitor, especially on data breaches."  In addition, Lisa J. Sotto, partner and head of the firm's Privacy and Information Management practice, was ranked in "Band 1."  Clients note that she is "doing top-quality work and has a superb level of knowledge."  Read the full news release.

Tags: , , , ,

Emerging Privacy Issues in Bankruptcy

Posted on June 16, 2010 by Hunton & Williams LLP

The emergence of information privacy issues over the last decade has led to increased scrutiny of public representations that companies make regarding their information practices.  As a result of consumer privacy expectations and legal requirements, these representations are typically found in a company's website privacy notice.  Too often, however, companies make commitments regarding their information practices that are difficult to meet and fail to anticipate changes in business circumstances (such as mergers or sales of assets).  Such commitments may prove damaging to the company, its investors and creditors.  Read more in an article published by GC New York on June 10, 2010, by Lisa J. Sotto, Scott H. Bernstein and Boris Segalis.

Tags: , , , , , , , ,

Hunton & Williams LLP Expands Global Privacy Practice Adding Counsel Wim Nauwelaerts in Brussels

Posted on June 14, 2010 by Hunton & Williams LLP

Hunton & Williams LLP announces the expansion of its leading Global Privacy and Information Management practice with the addition on August 1, 2010, of Wim Nauwelaerts as Counsel in the Brussels office.  Formerly counsel in Hogan Lovells' Brussels office, Mr. Nauwelaerts brings 15 years of experience in international privacy, data protection and information security law.  He has a broad range of experience in the area of European data protection, and focuses specifically on data privacy issues for healthcare and life sciences clients.  Read the press release.

Tags: , , ,

2010 IAPP Global Privacy Summit

Posted on April 15, 2010 by Hunton & Williams LLP

Join us next week at the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C., April 19 – 21, 2010.  This year’s summit features three days of intensive programs and networking with more 1,500 privacy professionals.  We also hope you will visit our privacy professionals who are speaking on the following panels:

  • The Essential Elements of Accountability and Baking Them into a Privacy Business Process
    Tuesday April 20, 1:15 – 2:15 p.m.
    Speakers include: Marty Abrams, Executive Director of the Centre for Information Policy Leadership and Scott Taylor, CIPP, Chief Privacy Officer of Hewlett-Packard Company.
     
  • Revisiting the Safe Harbor a Decade Later
    Wednesday April 21, 12:15 – 1:15 p.m.
    Speakers include: Lisa J. Sotto, Partner and Head of the Privacy and Information Management Practice at Hunton & Williams LLP; Damon Greer, CIPP, Director, U.S. - EU and Swiss Safe Harbor Framework, U.S. Department of Commerce; and JoAnn Stonier, Global Privacy & Data Usage Officer of MasterCard Worldwide.
     
  • Data Can Be Good: Exploring Alternatives to Data Minimization for Protecting Privacy
    Wednesday April 21, 12:15 – 1:15 p.m.
    Speakers include: Marty Abrams, Executive Director of the Centre for Information Policy Leadership; Fred Cate, Distinguished Professor of Indiana University and Senior Policy Advisor of the Centre for Information Policy Leadership; and Stan Crosley, CIPP, Co-Director of Indiana University Center for Strategic Health Information Provisioning and Principal of Crosley Law Offices, LLC. The program is moderated by Jane Horvath, CIPP, CIPP/G, Senior Privacy Counsel of Google, Inc.

In addition to these panels, stop by Booths 5 and 6 in the Exhibit Hall to learn more about our Privacy and Information Management practice, as well as meet our newest team member, Richard Thomas, former UK Information Commissioner and Global Strategy Advisor of the Centre for Information Policy Leadership.  Visit the IAPP’s website for more information and the full conference schedule.
Tags: , , , , , ,

Privacy and Data Security Risks in Cloud Computing

Posted on February 5, 2010 by Hunton & Williams LLP

Cloud computing raises complex legal issues related to privacy and information security.  As legislators and regulators around the world grapple with the privacy and data security implications of cloud computing, companies seeking to implement cloud-based solutions should closely monitor this rapidly evolving legal landscape for developments.  In an article published on February 3, 2010, Lisa Sotto, Bridget Treacy and Melinda McLellan explore U.S. and EU legal requirements applicable to data stored by cloud providers, and highlight some of the risks associated with the use of cloud computing.

Tags: , , , , , , , , , , , , , , ,

Hunton & Williams LLP Privacy Head Appointed to IAPP Board of Directors

Posted on January 21, 2010 by Hunton & Williams LLP

Lisa Sotto, head of the Privacy and Information Management practice of Hunton & Williams LLP, has been appointed to the Board of Directors of the International Association of Privacy Professionals (“IAPP”). The IAPP is the world’s largest association of privacy professionals and works to define, promote and improve the privacy profession through networking, education and certification.

Sotto also serves as a member and is a former vice chair of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. She is co-chair of the International Privacy Law Committee of the New York State Bar Association and chair of the New York Privacy Officers Forum.

Tags: , ,

End to End Trust and the Need for Widespread Collaboration

Posted on October 8, 2009 by Hunton & Williams LLP

Lisa J. Sotto, Partner and Chair of Hunton & Williams' Privacy and Information Management practice, discusses the roles individuals, companies, service providers and governments play in helping to create a safer, more trusted Internet.   End to End Trust is Microsoft's broad and all encompassing vision for creating a "safer, more trusted Internet," which is achieved by focusing on three areas: security and privacy fundamentals, technology innovations and social, economic, political and IT alignment.  Microsoft believes these combined elements will help people make better choices and have more control about whom and what to trust online.

Tags: , , , , ,

Hunton & Williams LLP Voted Top Privacy Advisers for Third Year in Computerworld Poll

Posted on December 10, 2008 by Hunton & Williams LLP

For the third year in a row, Hunton & Williams LLP has been named the top firm for privacy by Computerworld magazine. In its third annual report on top privacy advisers, the poll surveyed corporate privacy leaders in North America and Europe. The firm was ranked #1 by the respondents overall and by those in the Fortune 1000. When respondents were broken out by industry, Hunton & Williams topped the list as “providing the best privacy advice” in every industry category, including the financial, technology, consumer products and retail, healthcare, media and entertainment, and manufacturing sectors.

In addition to the practice listing, seven privacy professionals at the firm are listed as “top global experts on data privacy and protection.” Lisa Sotto, head of Hunton & Williams’ Privacy and Information Management practice, and Christopher Kuner, who heads the firm’s privacy practice in Europe, were ranked first and second, respectively, by the Fortune 1000 respondents. Sotto also received the top ranking by respondents overall. Marty Abrams of the firm’s Centre for Information Policy Leadership and Bridget Treacy of the firm’s London office are both ranked in the top 10 by overall respondents. Fred Cate, Aaron Simpson and Elizabeth Johnson are also listed among the top privacy professionals.

“Our privacy practice is known throughout the world for its deep experience, breadth of knowledge and outstanding client service,” said Wally Martinez, managing partner of Hunton & Williams. “It is particularly rewarding to see this reinforced by being recognized as a leader for three years in a row and to see so many of our attorneys listed.”

Overbrook Research, an independent public opinion consulting firm, conducted the survey this year, sending it to more than 2,000 corporate leaders around the world responsible for data protection in their organizations. The criteria used to rank firms included a firm’s experience, practical advice, global staff, timely and thorough work, and interdisciplinary perspective.

“We’ve made a clean sweep three years in a row,” said Sotto. “We rank at the top in the U.S., Europe and Asia and across most subject categories. This is due to our superb team of privacy attorneys and professionals, and it is gratifying that our clients have honored us this way.”

To view the article, please click here

Tags: , , , , ,