The Arc of a Data Breach: A 3-Part Series to Make Sure You’re Prepared

Episode 2: Response

In the second segment of our 3-part series with Lawline, Lisa J. Sotto, head of our Global Privacy and Cybersecurity practice at Hunton & Williams LLP, discusses data breach notification obligations and actions to take to manage the regulatory onslaught in the aftermath of a breach. Sotto notes that “these investigations are challenging because the threat actors are enormously sophisticated, and in some circumstances we can never figure out what happened.”

View the second segment and the presentation materials.

CNIL Publishes Internet Sweep Results on Connected Devices

On September 23, 2016, the French Data Protection Authority (“CNIL”) published the results of the Internet sweep on connected devices. The sweep was conducted in May 2016 to assess the quality of the information provided to users of connected devices, the level of security of the data flows and the degree of user empowerment (e.g., user’s consent and ability to exercise data protection rights). Continue Reading

Belgian Privacy Commission Issues Priorities and Thematic Dossier to Prepare for GDPR

On September 16, 2016, the Belgian Data Protection Authority (the “Privacy Commission”) published a 13-step guidance document (in French and Dutch) to help organizations prepare for the EU General Data Protection Regulation (“GDPR”).

The 13 steps recommended by the Privacy Commission are summarized below. Continue Reading

The Arc of a Data Breach: A 3-Part Series to Make Sure You’re Prepared

Episode 1: Identify & Mobilize

In the first segment of our 3-part series with Lawline, Lisa J. Sotto, head of our Global Privacy and Cybersecurity practice at Hunton & Williams LLP, explains how to identify a cyber incident, mobilize your incident response team, coordinate with law enforcement and conduct an investigation.

View the first segment and the presentation materials.

New Jersey Moves Forward With Shopper Privacy Bill

On September 15, 2016, the New Jersey Senate unanimously approved a bill that seeks to limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly. Continue Reading

Final Rules for the Data Privacy Act Published in the Philippines

Recently, the National Privacy Commission (the “Commission”) of the Philippines published the final text of its Implementing Rules and Regulations of Republic Act No. 10173, known as the Data Privacy Act of 2012 (the “IRR”). The IRR has a promulgation date of August 24, 2016, and went into effect 15 days after the publication in the official Gazette. Continue Reading

Advocate General Advises Revision of PNR Agreement between EU and Canada

On September 8, 2016, Advocate General Paolo Mengozzi of the Court of Justice of the European Union (“CJEU”) issued his Opinion on the compatibility of the draft agreement between Canada and the European Union on the transfer of passenger name record data (“PNR Agreement”) with the Charter of Fundamental Rights of the European Union (“EU Charter”). This is the first time that the CJEU has been called upon to issue a ruling on the compatibility of a draft international agreement with the EU Charter. Continue Reading

Lisa Sotto Speaks on Cybersecurity: Supply and Demand (Part 3)

In Part 3 of Lisa J. Sotto’s discussion at Bloomberg Law’s Second Annual Big Law Business Summit, she speaks on supply and demand in the privacy and cybersecurity fields. Lisa, partner and head of Hunton & Williams LLP’s Global Privacy and Cybersecurity practice group, points out that “demand very much outweighs supply.” To be a successful lawyer in this field, Lisa emphasizes the need for experience, recognizing that, “there is so much nuance, [and data privacy is] culturally based so you cannot just open a book and understand what to do.” In the next 10 years, Lisa hopes to see more lawyers in the field who are trained to “manage a breach that implicates [global] data breach notification laws.”

View the third segment.

Access Part 1 and Part 2 of the cybersecurity videos from the Big Law Business Summit.

FTC Seeks Input on GLB Safeguards Rule

On August 29, 2016, the Federal Trade Commission announced that it is seeking public comment on the Gramm-Leach-Bliley Act (“GLB”) Safeguards Rule. The GLB Safeguards Rule, which became effective in 2003, requires financial institutions to develop, implement and maintain a comprehensive information security program to safeguard customer information. Continue Reading