CIPL to Host APEC Cross-Border Privacy Rules Workshop in the Philippines

On August 29, 2015, the Centre for Information Policy Leadership at Hunton & Williams (“CIPL”) will host a half-day workshop in Cebu, Philippines, on the APEC Cross-Border Privacy Rules (“CBPR”) and their role in enabling legal compliance and international data transfers. The CBPR are a privacy code of conduct developed by the 21 APEC member economies for cross-border data flows in the Asia-Pacific region.

Continue Reading

EDPS Issues Opinion and Launches Regulation App for Mobile Devices

On July 27, 2015, Giovanni Buttarelli, the European Data Protection Supervisor (“EDPS”), published Opinion 3/2015 on the reform of Europe’s data protection laws, intended to “assist the participants in the trilogue in reaching the right consensus on time.” The Opinion sets out the EDPS’ vision for the regulation of data protection, re-stating the case for a framework that strengthens the rights of individuals and noting that “the time is now to safeguard individuals’ fundamental rights and freedoms in the data-driven society of the future.”

Continue Reading

States Writing Biometric-Capture Laws May Look to Illinois

Recent class actions filed against Facebook and Shutterfly are the first cases to test an Illinois law that requires consent before biometric information may be captured for commercial purposes. Although the cases focus on biometric capture activities primarily in the social-media realm, these cases and the Illinois law at issue have ramifications for any business that employs biometric-capture technology, including those who use it for security or sale-and-marketing purposes. In a recent article published in Law360, Hunton & Williams partner, Torsten M. Kracht, and associate, Rachel E. Mossman, discuss how businesses already using these technologies need to keep abreast of new legislation that might affect the legality of their practices, and how businesses considering the implementation of these technologies should consult local rules and statutes before implementing biometric imaging.

Continue Reading

Federal Court: Seventh Circuit States Data Breach Class’ Allegations Against Neiman Marcus Satisfy Article III Standing

On July 20, 2015, the United States Court of Appeals for the Seventh Circuit reversed a previous decision that dismissed a putative data breach class action against Neiman Marcus for lack of Article III standing. Remijas et al. v. Neiman Marcus Group, LLC, No. 14-3122.

Continue Reading

Hunton Publishes Several Chapters in International Comparative Legal Guide to Data Protection

Hunton & Williams is pleased to announce its participation with the Global Legal Group in the publication of the second edition of the book The International Comparative Legal Guide to: Data Protection 2015. Members of the Hunton & Williams Global Privacy and Cybersecurity team prepared several chapters in the guide, including the opening chapter on “Legislative Change: Assessing the European Commission’s Proposal for a Data Protection Regulation,” and chapters on Belgium, China, France, Germany, the United Kingdom and the United States.

Continue Reading

Connecticut Passes New Data Protection Measures into Law

On July 1, 2015, Connecticut’s governor signed into law Public Act No. 15-142, An Act Improving Data Security and Agency Effectiveness (the “Act”), that (1) amends the state’s data breach notification law to require notice to affected individuals and the Connecticut Attorney General within 90 days of a security breach and expands the definition of personal information to include biometric data such as fingerprints, retina scans and voice prints; (2) affirmatively requires all businesses, including health insurers, who experience data breaches to offer one year of identity theft prevention services to affected individuals at no cost to them; and (3) requires health insurers and contractors who receive personal information from state agencies to implement and maintain minimum data security safeguards. With the passing of the Act, Connecticut becomes the first state to affirmatively require businesses to provide these security services to consumers.

Continue Reading

FERC Proposes to Accept Updated CIP Standards and Calls for New Cybersecurity Controls

On July 16, 2015, the Federal Energy Regulatory Commission (“FERC”) issued a new Notice of Proposed Rulemaking (“NOPR”) addressing the critical infrastructure protection (“CIP”) reliability standards. The NOPR proposes to accept with limited modifications seven updated CIP cybersecurity standards. The NOPR also proposes that new requirements be added to the CIP standards to protect supply chain vendors against evolving malware threats and addresses risks to utility communications networks.

Continue Reading

FCC Issues Clarifications Regarding the Telephone Consumer Protection Act

On July 10, 2015, the Federal Communications Commission (“FCC”) released a Declaratory Ruling and Order that provides guidance with respect to several sections of the Telephone Consumer Protection Act (“TCPA”). The Declaratory Ruling and Order responds to 21 separate requests from industry, government and others seeking clarifications regarding the TCPA and related FCC rules.

Continue Reading

Indonesia Publishes Proposed Data Protection Rule

On July 14, 2015, pursuant to an implementation requirement of Government Regulation 82 of 2012, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (“Proposed Regulation”). The Proposed Regulation addresses the protection of personal data collected by a variety of government agencies, enumerates the rights of those whose personal data is collected and the obligations of users of Information Communication Technology. Agencies to which the Proposed Regulation would apply include: the Directorate General of Immigration, which manages passport data; the Financial Services Authority, which regulates financial sector data; the Bank Indonesia, which regulates banking data; the Indonesian Consumers Foundation, which regulates protection of consumer data; the National Archives; and the Ministry of Health, which regulates health data and archives. The government provided a 10-day comment period for the proposal.

Continue Reading

House of Representatives Passes Bill to Permit Broader Use and Disclosure of Protected Health Information for Research Purposes

On July 10, 2015, the United States House of Representatives passed the 21st Century Cures Act (the “Act”), which is intended to ease restrictions on the use and disclosure of protected health information (“PHI”) for research purposes.

Continue Reading

LexBlog