Stephen Mathias of the law firm Kochhar & Co. reports from India that in a landmark judgment delivered in August 2017, the Supreme Court of India unanimously held that the right to privacy is a fundamental right under the Constitution of India. … Continue Reading
On September 18, 2017, the European Commission and U.S. Department of Commerce kicked off their first annual joint review of the EU-U.S. Privacy Shield. To aid in the review, the Department invited a few industry leaders, including Hunton & Williams' partner Lisa Sotto to speak about their experiences during the first year of the Privacy Shield.… Continue Reading
In the latest blog post in the FTC's "Stick with Security" series, the FTC discusses how companies should ensure that the service providers they engage with implement reasonable security measures.… Continue Reading
In last week's FTC "Stick with Security" series, the FTC provided details on the importance of building security into product development from the start.… Continue Reading
On September 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights issued an announcement containing disaster preparedness and recovery guidance in advance of Hurricane Irma. The announcement underscores key privacy and security issues for entities covered by HIPAA to help them protect individuals’ health information before, during and after emergency situations.… Continue Reading
On September 8, 2017, the FTC announced that it had settled charges against three companies for misleading consumers about their participation in the Privacy Shield framework. This marks the first enforcement action brought by the FTC pursuant to the Privacy Shield.… Continue Reading
On August 31, 2017, the National Information Security Standardization Technical Committee of China published four draft voluntary guidelines in relation to the Cybersecurity Law of China. The Draft Guidelines are open for comment from the general public until October 13, 2017.… Continue Reading
On September 1, 2017, the FTC published the seventh blog post in its “Stick with Security” series. This week’s post, entitled Stick with Security: Secure remote access to your network, outlines important security measures businesses should take to ensure that outside entryways to their systems are sensibly defended.… Continue Reading
Recently, the National Information Security Standardization Technical Committee of China published a draft document entitled Information Security Technology – Guidelines for De-Identifying Personal Information. The Draft Guidelines are open for comment from the general public until October 9, 2017.… Continue Reading
On August 22, 2017, the Russian privacy regulator announced that it had issued an order, effective immediately, revising notice protocols for companies that process personal data in Russia. … Continue Reading
On August 25, 2017, the FTC published the sixth blog post in its “Stick with Security” series. This week’s post, entitled Stick with Security: Segment your network and monitor who’s trying to get in and out, illustrates the benefits of segmenting networks and monitoring the size and frequency of data transfers.… Continue Reading
On August 22, 2017, the National Infrastructure Advisory Council issued a report entitled Securing Cyber Assets: Addressing Urgent Cyber Threats to Critical Infrastructure. The NIAC Report notes that sophisticated and readily available malicious cyber tools and exploits have lowered the barrier to cost and increased the potential for successful cyber attacks. … Continue Reading
On August 17, 2017, as reported in BNA Privacy Law Watch, Delaware amended its data breach notification law, effective April 14, 2018. The amendments include expansion of the definition of personal information, timing of notification, changes to the harm threshold and credit monitoring service changes. … Continue Reading
On August 15, 2017, the FTC announced that it had reached a settlement with Uber, Inc., over allegations that the ride-sharing company had made deceptive data privacy and security representations to its consumers. Under the terms of the settlement, Uber has agreed to implement a comprehensive privacy program and to undergo regular, independent privacy audits for the next 20 years.… Continue Reading
On August 18, 2017, the FTC published the fifth blog post in its "Stick with Security" series, which outlines steps businesses can take to secure sensitive data, including when it is in transit. … Continue Reading
On August 9, 2017, the Russian privacy regulator expanded its list of nations that provide sufficient privacy protections to allow transfers of personal data from Russia.… Continue Reading
Hunton & Williams' Global Privacy and Cybersecurity lawyers prepared several chapters in the recently released The International Comparative Legal Guide to: Data Protection 2017, including the opening chapter on “All Change for Data Protection: The European Data Protection Regulation." This blog entry provides a link to access the relevant chapters.… Continue Reading
On August 14, 2017, the Colombian Superintendence of Industry and Commerce announced that it was adding the United States to its list of nations that provide an adequate level of protection for the transfer of personal information. This development should help facilitate the transfer of personal information from Colombia to the United States.… Continue Reading
On August 11, 2017, the Federal Trade Commission published the fourth blog post in its "Stick with Security" series, which examines five effective security measures companies can take to safeguard their computer networks.… Continue Reading
On August 9, 2017, Nationwide Mutual Insurance Co. agreed to a 5.5 million dollar settlement with attorneys general from 32 states in connection with a 2012 data breach that exposed the personal information of over 1.2 million individuals. … Continue Reading
On August 4, 2017, the FTC published the third blog post in its Stick with Security series. This week’s post, entitled "Stick with security: Control access to data sensibly," details key security measures businesses can take to limit unauthorized access to data in their possession.… Continue Reading
In a video roundtable series, Hunton & Williams LLP partners Lisa J. Sotto and Steven M. Haas and special counsel Allen C. Goolsby, along with Stroz Friedberg’s co-president Eric M. Friedberg and Lee Pacchia of Mimesis Law, discuss the special consideration that should be given to privacy and cybersecurity risks in corporate transactions. This blog post contains links to the first two segments of the videos. … Continue Reading
On August 7, 2017, the UK Government’s Department for Culture, Media and Sport published a Statement of Intent setting out the planned reforms to be included in the forthcoming Data Protection Bill, which we previously reported is expected to be laid before the UK Parliament in early September.… Continue Reading
On July 28, 2017, the FTC published the second blog post in its "Stick with Security" series. This week’s post, entitled "Start with security – and stick with it," looks at key security principles that apply to all businesses regardless of their size or the types of data they handle. The guidance offers five steps companies can take to ensure the security of the data they hold.… Continue Reading
