The UK Supreme Court has granted VM Morrison Supermarkets PLC permission to appeal an October 2018 UK Court of Appeal ruling that Morrisons was vicariously liable for a data breach caused by a former employee. This blog entry provides an overview of the case.
Continue Reading
Information Security
Hunton Launches California Consumer Privacy Act Resource Center
Posted on
Posted in Information Security, U.S. State Law
Hunton Andrews Kurth LLP is pleased to announce the launch of a dedicated site focused on the California Consumer Privacy Act of 2018, which serves as a resource for businesses to understand and prepare to comply with the CCPA.…
Continue Reading
ICO Issues GBP 400,000 Fine for Illegal Collection and Sharing of Personal Data
Posted on
On April 9, 2019, the UK Information Commissioner’s Office levied one of its most significant fines under the Data Protection Act 1998 against Bounty (UK) Limited. …
Continue Reading
Senator Markey Introduces Privacy Bill of Rights Act
Posted on
Posted in Information Security, U.S. Federal Law
On April 12, 2019, Senator Edward J. Markey (MA) introduced the Privacy Bill of Rights Act, comprehensive privacy legislation intended to protect individuals’ “personal information,” defined as “information that directly or indirectly identifies, relates to, describes, is capable of being associated with, or could reasonably be linked to, a particular individual.”…
Continue Reading
CNIL Launches Public Consultation on Draft Standards on HR Data Processing and Whistleblowing Hotlines
Posted on
On April 11, 2019, the French Data Protection Authority launched an online public consultation regarding two new CNIL draft standards concerning the processing of personal data for (1) core HR management purposes and (2) the operation of a whistleblowing hotline.…
Continue Reading
Nigeria Issues New Data Protection Regulation
Posted on
Nigeria’s National Information Technology Development Agency recently issued the Nigeria Data Protection Regulation 2019. This blog entry provides key elements of the Regulation.…
Continue Reading
Dutch DPA Updates Policy on Administrative Fines
Posted on
On March 14, 2019, the Dutch Data Protection Authority published a press release announcing its policy for calculating administrative fines.…
Continue Reading
Thailand’s National Legislative Assembly Passes Data Protection Law
Posted on
Posted in Information Security, International
On February 28, 2019, Thailand’s National Legislative Assembly finally approved and endorsed the draft Personal Data Protection Act, which will now be submitted for royal endorsement and subsequent publication in the Government Gazette. Publication is anticipated to occur within the next few weeks.…
Continue Reading
CCPA Amendment Bill Seeks to Expand Private Right of Action and Eliminate 30-Day Cure Period for CA AG Enforcement Actions
Posted on
Posted in Information Security, U.S. State Law
On February 22, 2019, California state senator Hannah Beth-Jackson introduced a bill (SB-561) that would amend the California Consumer Privacy Act of 2018 to expand the Act’s private right of action and remove the 30-day cure period requirement for enforcement actions brought by the State Attorney General.…
Continue Reading
EDPB Reiterates the Need to Address Post-Brexit Data Transfers, Including BCRs
Posted on
At its plenary meeting today in Brussels, the European Data Protection Board adopted an Information Note on Data Transfers under the GDPR in the Event of a No-Deal Brexit and an Information Note on BCRs for Companies Which Have ICO as BCR Lead Supervisory Authority.…
Continue Reading