On September 16, 2016, the Belgian Data Protection Authority published a 13-step guidance document to help organizations prepare for the EU General Data Protection Regulation.… Continue Reading
In the first segment of our 3-part series with Lawline, Lisa Sotto explains how to identify a cyber incident, mobilize your incident response team, coordinate with law enforcement and conduct an investigation. This blog post contains a link to the video and presentation materials. … Continue Reading
On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading
Recently, the National Privacy Commission of the Philippines published the final text of its Implementing Rules and Regulations of Republic Act No. 10173, known as the Data Privacy Act of 2012. The IRR has a promulgation date of August 24, 2016, and went into effect 15 days after the publication in the official Gazette. … Continue Reading
In this third segment from Bloomberg Law’s Second Annual Big Law Business Summit, Hunton partner Lisa Sotto outlines the supply and demand in the privacy industries. View the video recording now.… Continue Reading
On August 29, 2016, the Federal Trade Commission announced that it is seeking public comment regarding the Gramm Leach Bliley Act Safeguards Rule.… Continue Reading
In this first segment from Bloomberg Law’s Second Annual Big Law Business Summit, Hunton partner Lisa Sotto describes the dramatic changes in the legal landscape of privacy over the last 10 to 15 years. View the video recording now. … Continue Reading
Insurance-giant American International Group announced that it will be the first insurer to offer standalone primary coverage for property damage, bodily injury, business interruption and product liability that results from cyber attacks and other cyber-related risks.… Continue Reading
On August 4, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.… Continue Reading
The State Administration for Industry and Commerce of the People's Republic of China published a draft of its Implementing Regulations for the P.R.C. Law on the Protection of the Rights and Interests of Consumers for public comment. The draft is open for comment until September 5, 2016.… Continue Reading
The U.S. Department of Health and Human Services’ Office for Civil Rights recently entered into resolution agreements with two large public health centers over alleged HIPAA violations.… Continue Reading
On July 26, 2016, the White House unveiled Presidential Policy Directive PPD-41, which sets forth principles for federal responses to cyber incidents approved by the National Security Council. PPD-41 first focuses on incident response to cyber attacks on government assets, but also outlines federal incident responses to cyber attacks on certain critical infrastructure within the private sector.… Continue Reading
On July 25, 2016, Lisa Sotto, partner and head of the Global Privacy and Cybersecurity practice at Hunton, discussed cybersecurity and the changing regulatory landscape on KUCI’s Privacy Piracy radio show. This blog post contains a link to the full interview. … Continue Reading
On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.… Continue Reading
On June 28, 2016, the UK Information Commissioner's Office released its Annual Report for 2015 - 2016. This blog post provides a summary of the report.… Continue Reading
On June 17, 2016, the National Privacy Commission of the Philippines released draft guidelines entitled, Implementing Rules and Regulations of the Data Privacy Act of 2012, for public consultation. This blog entry provides a summary of the draft guidelines.… Continue Reading
In a recent video segment from Mimesis Law’s Cy-Pher Executive Roundtable, Lisa Sotto and other privacy professionals discussed the Federal Trade Commission’s jurisdiction in bringing enforcement actions against law firms in a breach event.… Continue Reading
On April 13, 2016, Nebraska Governor Pete Ricketts signed into law LB 835, which among other things, adds a regulator notification requirement and broadens the definition of “personal information” in the state’s data breach notification statute. The amendments take effect on July 20, 2016. … Continue Reading
In its third simulated test of the security of the power grid, the North American Reliability Corporation (“NERC”) reported general progress across the electric utility industry in defending against physical and cyber threats, while also identifying several areas for further improvement. The NERC exercise, dubbed GridEx III, took place over two days in November 2015 … Continue Reading
On April 12, 2016, the French Data Protection Authority announced that it will participate in a coordinated online audit to analyze the impact of everyday connected devices on privacy. The audit will be coordinated by the Global Privacy Enforcement Network, a global network of approximately 50 data protection authorities from around the world.… Continue Reading
Recently, U.S. District Judge R. Gary Klausner approved a settlement in Corona v. Sony Pictures Entertainment, Inc. The litigation centered on a data breach involving the stolen personal information of at least 15,000 former and current employees.… Continue Reading
A panel of the Fourth Circuit confirmed that general liability insurance policies can afford coverage for cyber-related liabilities, and ruled that an insurer had to pay attorneys’ fees to defend the policyholder in class action litigation in Travelers Indemnity Company v. Portal Healthcare Solutions, No. 14-1944.… Continue Reading
After four years of drafting and negotiations, the long awaited EU General Data Protection Regulation has been adopted at the EU level. This blog entry highlights key aspects of the Regulation.… Continue Reading
On March 30 through April 1, 2016, the 2016 Nuclear Industry Summit meetings took place in Washington D.C. In the nuclear industry, the issue of cybersecurity has grown steadily in importance over the past decade. This has been most apparent in the increasing attention and effort paid to cyber-based threats under the biennial Nuclear Industry Summit and its international meetings.… Continue Reading
