On March 1, 2017, Hunton & Williams senior consultant attorney Rosemary Jay presented evidence on the data protection reform package and the impact of Brexit to the UK Parliament’s House of Lords EU Home Affairs Sub-Committee meeting. … Continue Reading
On February 15, 2017, the European Data Protection Supervisor published its Priorities for 2017. The EDPS Priorities consist of a note listing the strategic priorities and a color-coded table listing the European Commission’s proposals that require the EDPS’ attention, sorted by level of priority.… Continue Reading
On February 1, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a 3.2 million dollar civil monetary penalty against Children’s Medical Center of Dallas for alleged ongoing violations of the HIPAA Privacy and Security Rules, following two consecutive breaches of patient ePHI.… Continue Reading
On February 1, 2017, Matt Hancock, the UK Government Minister responsible for data protection, was questioned by the House of Lords committee on the UK’s implementation plan of the EU General Data Protection Regulation in the context of Brexit. In responding to the questioning, Hancock revealed further details into the UK Government’s position on implementing the GDPR into UK law.… Continue Reading
On February 2, 2017, the UK government published a white paper entitled The United Kingdom’s exit from and new partnership with the European Union, which makes clear that the UK intends to maintain close ties with the European Union and its 27 remaining Member States after Brexit. … Continue Reading
On January 19, 2017, the North American Electric Reliability Corporation released a draft Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management which addresses “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.”… Continue Reading
On January 10, 2017, the National Institute of Standards and Technology released proposed updates to the Framework for Improving Critical Infrastructure Cybersecurity, which include a new section on cybersecurity measurement and refinements to better account for authentication, authorization and identity proofing. … Continue Reading
On January 10, 2017, the European Commission published a communication addressed to the European Parliament and European Council on Exchanging and Protecting Personal Data in a Globalized World. The communication aims to facilitate commercial data flows and to foster law enforcement cooperation.… Continue Reading
On December 21, 2016, a judgment by the Court of Justice for the European Union that clarifies EU surveillance laws has called into question the legality of the UK’s Investigatory Powers Act 2016. The decision could have significant implications on the UK’s chances of securing “adequacy” status for its data protection regime post-Brexit.… Continue Reading
On November 18, 2016, the Argentina Data Protection Agency (“DPA”) announced that it had issued DNPDP Disposition 60 – a new regulation on international transfers of personal data (the “Regulation”). … Continue Reading
A recent update on the Court of Justice of the European Union’s website has revealed that Digital Rights Ireland, an Irish privacy advocacy group, has filed an action for annulment against the European Commission’s adequacy decision on the EU-U.S. Privacy Shield. … Continue Reading
Recently, at a meeting of the Article 31 Committee, the European Commission unveiled two draft Commission Implementing Decisions that propose amendments to the existing adequacy decisions and decisions on EU Model Clauses. … Continue Reading
On September 8, 2016, Advocate General Paolo Mengozzi of the Court of Justice of the European Union issued his Opinion on the compatibility of the draft agreement between Canada and the EU on the transfer of passenger name record data with the Charter of Fundamental Rights of the European Union. … Continue Reading
On July 26, 2016, Isabelle Falque-Pierrotin, the Chairwoman of the Article 29 Working Party of data protection regulators announced that EU data protection regulators will not challenge the adequacy of the EU-U.S. Privacy Shield for at least one year. … Continue Reading
On July 12, 2016, the EU Commissioner for Justice, Consumers and Gender Equality Vera Jourova and U.S. Secretary of Commerce Penny Pritzker announced the formal adoption of the EU-U.S. Privacy Shield framework, which is composed of an Adequacy Decision and accompanying Annexes. … Continue Reading
On July 8, 2016, EU representatives on the Article 31 Committee approved the final version of the EU-U.S. Privacy Shield to permit transatlantic transfers of personal data from the EU to the U.S.… Continue Reading
According to Bloomberg BNA, the EU-U.S. Privacy Shield framework could be approved by the European Commission in early July and the previously released draft adequacy decision is expected to be modified.… Continue Reading
On May 26, 2016, the European Parliament approved a resolution calling for the European Commission to reopen negotiations with U.S. authorities regarding the EU-U.S. Privacy Shield, and to implement the recommendations of the Article 29 Working Party’s draft adequacy decision on Privacy Shield.… Continue Reading
On February 29, 2016, the European Commission issued the legal texts that will implement the EU-U.S. Privacy Shield, including a draft adequacy decision of the European Commission, Frequently Asked Questions and a Communication summarizing the steps that have been taken over the last few years to restore trust in transatlantic data flows.… Continue Reading
According to news reports, a new EU-U.S. Safe Harbor agreement has been reached. Vera Jourova, European Commissioner for Justice, Consumers and Gender Equality, will present the new agreement to the European Commission today.… Continue Reading
On January 5, 2016, the Federal Trade Commission announced that dental office management software provider, Henry Schein Practice Solutions, Inc., agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data.… Continue Reading
On January 7, 2016, the European Data Protection Supervisor published his Priorities for 2016. The EDPS Priorities include the GDPR and transatlantic data flows. … Continue Reading
On December 21, 2015, the Federal Trade Commission announced software company Oracle Corporation has agreed to settle FTC charges that accused the company of misrepresenting the security of its software updates. … Continue Reading
On December 17, 2015, after three years of drafting and negotiations, the European Parliament and Council of the European Union reached an informal agreement on the final draft of the EU General Data Protection Regulation, which is backed by the Committee on Civil Liberties, Justice and Home Affairs.… Continue Reading
