On April 12, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a discussion paper on Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms which sets forth recommendations concerning the implementation of the EU GDPR’s provisions on the development and use of certification mechanisms.… Continue Reading
On February 22, 2017, the Federal Trade Commission announced that it had reached settlement agreements with three U.S. companies charged with deceiving consumers about their participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system.… Continue Reading
Pablo Palazzi, from Buenos Aires law firm Allende & Brea, reports that earlier this month, the Argentine Data Protection Agency posted the first draft of a new data protection bill on its website. The Draft Bill is heavily based on the EU GDPR and maintains the structure of Argentina’s current data protection bill.… Continue Reading
On November 17, 2016, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a white paper which sets forth guidance and recommendations concerning the interpretation and implementation of the GDPR’s provisions relating to the role of the Data Protection Officer. … Continue Reading
On October 19, 2016, the Federal Deposit Insurance Corporation, the Federal Reserve System and Office of the Comptroller of the Currency issued an advance notice of proposed rulemaking suggesting new cybersecurity regulations for banks with assets totaling more than 50 billion dollars.… Continue Reading
On October 13, 2016, Elizabeth Denham, the UK Information Commissioner, suggested at a House of Commons Public Bill Committee meeting that directors of companies who violate data protection laws should be personally liable to pay fines.… Continue Reading
Recently, the National Privacy Commission of the Philippines published the final text of its Implementing Rules and Regulations of Republic Act No. 10173, known as the Data Privacy Act of 2012. The IRR has a promulgation date of August 24, 2016, and went into effect 15 days after the publication in the official Gazette. … Continue Reading
The Office of Management and Budget recently issued updated information management policies for the U.S. federal government. The updated policies are intended "to reflect changes in law and advances in technology, as well as to ensure consistency with Executive Orders, Presidential Directives, and other OMB policy."… Continue Reading
On June 17, 2016, the National Privacy Commission of the Philippines released draft guidelines entitled, Implementing Rules and Regulations of the Data Privacy Act of 2012, for public consultation. This blog entry provides a summary of the draft guidelines.… Continue Reading
On May 24, 2016, the European Data Protection Supervisor presented its Annual Report for 2015. The annual report provides an overview of the EDPS’ primary activities in 2015 and sets forth key priorities and challenges for 2016. … Continue Reading
On May 19, 2016, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) announced that its multistakeholder process to develop best practices to address privacy, transparency and accountability issues related to private and commercial use of unmanned aircraft systems (“UAS”) had concluded with the group reaching a consensus on a best practices document. … Continue Reading
Recently, the Centre for Information Policy Leadership at Hunton & Williams LLP co-hosted a one-day workshop in Amsterdam with the Dutch Ministry of Security and Justice, as part of its kick off of CIPL’s new long-term project on the implementation of the EU General Data Protection Regulation. This blog entry provides highlights on the project and a link to its workshop report.… Continue Reading
After four years of drafting and negotiations, the long awaited EU General Data Protection Regulation has been adopted at the EU level. This blog entry highlights key aspects of the Regulation.… Continue Reading
Hunton & Williams LLP releases The EU General Data Protection Regulation, a Guide for In-House Lawyers to assist with understanding the new GDPR and planning ahead for implementation. This blog entry provides a link to download a copy of the Guide.… Continue Reading
On March 16, 2016, the Centre for Information Policy Leadership at Hunton & Williams LLP will co-host a workshop in Amsterdam, Netherlands, together with the Dutch Ministry of Security and Justice, to kick off a new long-term project on the implementation of the EU General Data Protection Regulation.… Continue Reading
On February 25, 2016, the Asia-Pacific Economic Cooperation issued a press release announcing the decision by the Joint Oversight Panel of the APEC Electronic Commerce Steering Group to approve the Japan Institute for Promotion of Digital Economy and Community as a new “Accountability Agent” under the APEC Cross-Border Privacy Rules system.… Continue Reading
On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 which, among other things, provides (1) an overview of businesses’ responsibilities regarding protecting personal information and reporting data breaches and (2) a series of recommendations for businesses and state policy makers to follow to help safeguard personal information. … Continue Reading
On January 28, 2016, the Centre for Information Policy Leadership held a special roundtable at Hunton's Brussels office to examine the "essential equivalence" requirement for protection of data transfers to non-EU countries set by the Schrems decision. … Continue Reading
On February 22, 2016, the Centre for Information Policy Leadership, together with TRUSTe, the Information Accountability Foundation and Information Integrity Solutions, will co-host a workshop on Building a Dependable Framework for Privacy, Innovation and Cross-Border Data Flows in the Asia-Pacific Region in Lima, Peru. … Continue Reading
On December 17, 2015, after three years of drafting and negotiations, the European Parliament and Council of the European Union reached an informal agreement on the final draft of the EU General Data Protection Regulation, which is backed by the Committee on Civil Liberties, Justice and Home Affairs.… Continue Reading
On November 30, 2015, Triple-S Management Corporation, an insurance holding company based in San Juan, Puerto Rico, agreed on behalf of certain of its subsidiaries to a 3.5 million dollar settlement to resolve potential violations of the HIPAA Privacy and Security Rules.… Continue Reading
On November 19, 2015, the European Data Protection Supervisor published an Opinion entitled Meeting the Challenges of Big Data. The Opinion outlines the challenges, opportunities and risks associated with big data.… Continue Reading
On November 20, 2015, Markus Heyder, Vice President of the Centre for Information Policy Leadership at Hunton & Williams LLP, discussed how “transparency is increasingly understood as a core component of addressing the challenges of the modern information economy” and a key catalyst for a productive and innovative information economy in an article entitled Transparency and the Future of Driverless Privacy published by the International Association of Privacy Professionals. … Continue Reading
On November 16, 2015, the Legislative Affairs Office of the State Council of the People's Republic of China published a draft Regulation for Couriers and requested public comment on the draft regulation, which imposes certain obligations on courier companies with respect to verifying and protecting personal information. Interested parties have until mid-December 2015 to submit comments. … Continue Reading
