Washington State Senate Approves Amendment to Data Breach Notification Law

On April 13, 2015, the Senate of Washington State unanimously passed legislation strengthening the state’s data breach law. The bill (HB 1078) passed the Senate by a 47-0 vote, and as we previously reported, passed the House by a 97-0 vote.

Continue Reading

Canada Joins the APEC Cross-Border Privacy Rules System

On April 15, 2015, the Asia-Pacific Economic Cooperation (“APEC”) Electronic Commerce Steering Group issued a press release announcing Canada’s participation in the APEC Cross-Border Privacy Rules (“CBPR”) System. The U.S. Department of Commerce’s International Trade Administration also released an official press statement.

Continue Reading

American Chamber of Commerce in China Publishes Policy Spotlight Report on Protecting Data Flows between China and the U.S.

On April 14, 2015, the American Chamber of Commerce in China (“AmCham”) published a report, entitled Protecting Data Flows in the US-China Bilateral Investment Treaty (the “Report”). The Report is part of AmCham’s Policy Spotlight Series. While in principle addressed to the U.S. and Chinese teams that are currently negotiating the Bilateral Investment Treaty, the Report has been made public. It thereby provides insight into the emerging issue of data localization for the benefit of a much wider audience.

Continue Reading

UN Human Rights Council Establishes Special Rapporteur on the Right to Privacy

On March 26, 2015 the United Nations Human Rights Council (the “Council”) announced that it will appoint a new position as special rapporteur on the right to privacy for a term of three years. The position, which is part of the Council’s resolution, is intended to reaffirm the right to privacy and the right to the protection of the law against any interference on a person’s privacy, family, home or correspondences, as set out in Article 12 of the Universal Declaration of Human Rights and Article 17 of the International Covenant on Civil and Political Rights.

Continue Reading

FTC Announces Settlements with Debt Brokers Who Posted Consumers’ Information Online

On April 13, 2015, the Federal Trade Commission announced that it has settled charges with two debt brokers who posted consumers’ unencrypted personal information on a public website. The settlements with Cornerstone and Company, LLC (“Cornerstone”), Bayview Solutions, LLC (“Bayview”), and the companies’ individual owners resulted from initial complaints about the debt brokers in 2014. Cornerstone and Bayview allegedly had posted the personal information of their debtors in unencrypted Excel spreadsheets on a publicly accessible website geared to buyers and sellers of consumer debt. The information included consumers’ names, addresses, credit card numbers, bank account numbers and debt amounts.

Continue Reading

FTC Proposes Settlement with Two Companies Over False Safe Harbor Certification Claims

On April 7, 2015, the FTC announced proposed settlements with TES Franchising, LLC, an organization specializing in business coaching, and American International Mailing, Inc., an alternative mail transporting company, related to charges that the companies falsely claimed they were compliant with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks.

Continue Reading

AT&T Enters into Largest Data Breach Settlement with FCC to Date

On April 8, 2015, the Federal Communications Commission announced a $25 million settlement with AT&T Services, Inc. (“AT&T”) stemming from allegations that AT&T failed to protect the confidentiality of consumers’ personal information, resulting in data breaches at AT&T call centers in Mexico, Colombia and the Philippines. The breaches, which took place over 168 days from November 2013 to April 2014, involved unauthorized access to customers’ names, full or partial Social Security numbers and certain protected account-related data, affecting almost 280,000 U.S. customers.

Continue Reading

Video: In Depth – Sotto Details Who, What, Why of Today’s Cyber Threat Landscape

From Wall Street to Main Street to Hollywood, steering clear of a data breach is challenging in a world where it is no longer a question of if but rather a matter of when your company will be hit. Hunton & Williams’ Chair of the Global Privacy and Cybersecurity practice Lisa Sotto speaks in depth with associate Brittany Bacon about three groups of attackers, how they are infiltrating IT systems, what they are looking for, and how you can prepare. Today, Sotto says, cybersecurity is a legal issue, a risk issue and a governance issue, and one that matters to shareholders, boards of directors and regulators. View the video segment.

UK Court Ruling Allows Claims Against Google for Misuse of Private Information

On March 27, 2015, the England and Wales Court of Appeal issued its judgment in Google Inc. v Vidal-Hall and Others. Google Inc. (“Google”) appealed an earlier decision by Tugendhat J. in the High Court in January 2014. The claimants were users of Apple’s Safari browser who argued that during certain months in 2011 and 2012, Google collected information about their browsing habits via cookies placed on their devices without their consent and in breach of Google’s privacy policy.

Continue Reading

The International Conference of Data Protection and Privacy Commissioners Announces Its First Permanent Website

The International Conference of Data Protection and Privacy Commissioners (the “Conference”) has launched a new permanent website. The new website fulfills the agreement made between Commissioners “to create a permanent website in particular as a common base for information and resources management” in the Montreux Declaration adopted in 2005. The Executive Committee Secretariat called the website a “one-stop-shop for permanent Conference documentation,” and will be a resource for members and the public to explore upcoming Conference events and newsfeeds.