On September 26, 2016, the French Data Protection Authority published the results of the Internet sweep on connected devices. The sweep was conducted in May 2016 to assess the quality of the information provided to users of connected devices, the level of security of the data flows and the degree of user empowerment.… Continue Reading
On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading
Recently, the National Privacy Commission of the Philippines published the final text of its Implementing Rules and Regulations of Republic Act No. 10173, known as the Data Privacy Act of 2012. The IRR has a promulgation date of August 24, 2016, and went into effect 15 days after the publication in the official Gazette. … Continue Reading
On September 8, 2016, Advocate General Paolo Mengozzi of the Court of Justice of the European Union issued his Opinion on the compatibility of the draft agreement between Canada and the EU on the transfer of passenger name record data with the Charter of Fundamental Rights of the European Union. … Continue Reading
On August 29, 2016, the Federal Trade Commission announced that it is seeking public comment regarding the Gramm Leach Bliley Act Safeguards Rule.… Continue Reading
Last month, the People’s Republic of China’s administrative departments jointly published the Interim Measures for the Administration of Operation and Services of E-hailing Taxis. E-hailing is an increasingly popular emerging business in China that the Measures seek to regulate. The Measures will come into effect on November 1, 2016.… Continue Reading
The Office of Management and Budget recently issued updated information management policies for the U.S. federal government. The updated policies are intended "to reflect changes in law and advances in technology, as well as to ensure consistency with Executive Orders, Presidential Directives, and other OMB policy."… Continue Reading
Recently, the People’s Republic of China’s Ministry of Public Security, the National Development and Reform Commission and six other administrative departments jointly published the Announcement on Regulating the Administration of the Use of Resident Identity Cards. The Announcement came into effect on July 15, 2016, the date of its issuance.… Continue Reading
On August 4, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.… Continue Reading
The State Administration for Industry and Commerce of the People's Republic of China published a draft of its Implementing Regulations for the P.R.C. Law on the Protection of the Rights and Interests of Consumers for public comment. The draft is open for comment until September 5, 2016.… Continue Reading
On July 29, 2016, the Federal Trade Commission announced that it had issued an opinion and final order reversing the administrative law judge’s decision by finding that LabMD failed to maintain reasonable security practices to protect consumers’ sensitive personal information in violation of Section 5 of the FTC Act.… Continue Reading
On July 25, 2016, the Article 29 Working Party and the European Data Protection Supervisor released their respective Opinions regarding the evaluation and review of Directive 2002/58/EC on privacy and electronic communications. Both the Working Party and the EDPS stressed that new rules should complement the protections available under the EU General Data Protection Regulation. … Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights recently entered into resolution agreements with two large public health centers over alleged HIPAA violations.… Continue Reading
On July 25, 2016, Lisa Sotto, partner and head of the Global Privacy and Cybersecurity practice at Hunton, discussed cybersecurity and the changing regulatory landscape on KUCI’s Privacy Piracy radio show. This blog post contains a link to the full interview. … Continue Reading
Hunton partner Lisa Sotto and associate Chris Hydak recently published an article in Law360 entitled “The EU-U.S. Privacy Shield: A How-To Guide,” detailing the Privacy Shield principles, the benefits of certification, how the Shield will be enforced, and the challenges and risks associated with the future of the Privacy Shield. This blog post contains a link to the full article. … Continue Reading
On July 20, 2016, the French Data Protection Authority announced that it issued a formal notice to Microsoft Corporation ordering the company to address several alleged violations of the French Data Protection Act concerning the Windows 10 operating system.… Continue Reading
On July 19, 2016, Advocate General Saugmandsgaard Oe published his Opinion on two cases that sought to establish whether a general obligation to retain data is compatible with the fundamental rights to privacy and data protection under EU law.… Continue Reading
On July 14, 2016, the Federal Trade Commission issued warning letters to 28 companies relating to apparent false claims of participation in the APEC Cross-Border Privacy Rules. … Continue Reading
On July 6, 2016, the UK government decided to close its controversial care.data scheme after concerns were raised about the safeguards in place to protect individuals’ health care data and issues with patient transparency.… Continue Reading
On July 5, 2016, China’s Standing Committee of the National People’s Congress published the full second draft of the Cybersecurity Law. The public may file comments on the second draft of the Cybersecurity Law until August 4, 2016.… Continue Reading
On July 6, 2016, the European Parliament adopted the Directive on Security of Network and Information Systems, which will come into force in August 2016. The NIS Directive is part of the European Commission’s cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues.… Continue Reading
On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.… Continue Reading
On June 28, 2016, the State Internet Information Office of the People’s Republic of China published the Administrative Provisions on Information Services for Mobile Internet Applications (the “App Administrative Provisions”). This is the first regulation that expressly regulates mobile apps in the People’s Republic of China. Before the App Administrative Provisions were published, the P.R.C. … Continue Reading
On June 29, 2016, the Federal Trade Commission announced that, to account for inflation, it is increasing the civil penalty maximums for certain violations of the FTC Act effective August 1, 2016. … Continue Reading
