On July 6, 2016, the European Parliament adopted the Directive on Security of Network and Information Systems, which will come into force in August 2016. The NIS Directive is part of the European Commission’s cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues.… Continue Reading
On June 22, 2016, the Bavarian Data Protection Authority issued a short paper on certifications under Article 42 of the General Data Protection Regulation. The GDPR will become effective on May 25, 2018.… Continue Reading
On May 17, 2016, the European Council adopted its position at first reading on the Network and Information Security Directive. The NIS Directive was proposed by the European Commission on February 7, 2013, as part of its cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues.… Continue Reading
On December 30, 2015, the Department of Defense issued a second interim rule that extends the deadline by which federal contractors must implement the new cybersecurity requirements previously issued by the agency. … Continue Reading
On October 26, 2015, the German federal and state data protection authorities published a joint position paper on Safe Harbor and potential alternatives for transfers of data to the U.S. … Continue Reading
On October 27, 2015, Hunton & Williams LLP’s Centre for Information Policy Leadership will conduct a joint workshop with Nymity on Bridging Disparate Privacy Regimes through Organizational Accountability during the 37th International Privacy Conference. The Centre for Information Policy Leadership also has released two draft white papers in a series of three on protecting privacy in a world of big data.… Continue Reading
On September 22, 2015, the Article 29 Working Party (the “Working Party”) adopted an Opinion on the Cloud Select Industry Group (“C-SIG”) Code of Conduct on data protection for Cloud Service Providers (the “Code”). In the Opinion, the Working Party analyzes the Code that was drafted by the Cloud Select Industry Group (the “C-SIG”).… Continue Reading
The Department of Defense recently issued an interim rule that streamlines the obligations for contractors to report cyber incidents and establishes DoD requirements for contracting with cloud computing service providers.… Continue Reading
On August 11, 2015, the Online Trust Alliance, a nonprofit group whose goal is to increase online trust and promote the vitality of the Internet, released a framework for best practices in privacy and data security for the Internet of Things. … Continue Reading
On March 3, 2015, Lisa Sotto, partner and chair of the Global Privacy and Cybersecurity practice at Hunton & Williams LLP was featured in the new Penn Law podcast series, Case in Point: Great Minds on Law and Life, discussing what we mean when we talk about our right to privacy. This blog entry provides a link to the podcast.… Continue Reading
The Irish government filed an amicus brief in the ongoing dispute between Microsoft and the U.S. government concerning the U.S. government’s demands for data held by Microsoft on email servers located in Ireland.… Continue Reading
On December 15, 2014, Microsoft reported the filing of 10 amicus briefs in the 2nd Circuit Court of Appeals signed by leading technology and media companies, computer scientists and trade associations and advocacy organizations, in support of Microsoft's litigation to resist a U.S. Government's search warrant purporting to compel the production of Microsoft customer emails that are stored in Ireland.… Continue Reading
In an article entitled The Rise of Accountability from Policy to Practice and Into the Cloud published by the International Association of Privacy Professionals, Bojana Bellamy, President of the Centre for Information Policy Leadership at Hunton & Williams, outlines the rapid global uptake of “accountability” as a cornerstone of effective data protection.… Continue Reading
On June 26, 2014, the European Commission issued guidelines on the standardization of service level agreements for cloud services providers. The Guidelines, which were prepared by a group of experts established by the European Commission in February 2013, provide definitions of legal and technical terms and specific service level objectives designed to achieve standardization in service level agreements.… Continue Reading
On October 21, 2013, the European Parliament approved its Compromise Text of the proposed EU General Data Protection Regulation. The passing of the vote comes after months of negotiations between the various parliamentary committees.… Continue Reading
On September 30, 2013, Hunton and Williams LLP hosted representatives from the U.S. Department of Commerce for a timely discussion of the Safe Harbor Framework, the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules System, and the Transatlantic Trade and Investment Partnership negotiations. This blog post provides a summary of the panel's remarks.… Continue Reading
On July 24, 2013, Federal and State Data Protection Commissioners in Germany issued a press release stating that foreign intelligence and security agencies threaten international data traffic between Germany and countries located outside the European Union.… Continue Reading
On July 2, 2013, the Indian government released its ambitious national cybersecurity policy. This blog post highlights some of the policy’s strategic objectives.… Continue Reading
On June 14, 2013, the French Data Protection Authority announced that last March it had created an internal working group to study the privacy issues arising from the access of the personal data of French citizens by foreign public authorities.… Continue Reading
On April 12, 2013, the Department of Commerce’s International Trade Administration issued a guidance document to clarify how the U.S.-European Union Safe Harbor Framework facilitates the transfer of personal data from the European Union to the United States in the cloud computing context. … Continue Reading
On March 8, 2013, the German government published a response to a formal inquiry from one of the German Parliament’s parties on the international security, data protection and surveillance implications of cloud computing.… Continue Reading
On February 7, 2013, the European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, launched their cybersecurity strategy for the European Union, which included a draft directive on measures to ensure a common level of network and information security across the EU.… Continue Reading
Recently, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs released “Fighting cyber crime and protecting privacy in the cloud.” This blog post outlines some of the study’s key recommendations.… Continue Reading
On November 23, 2012, the German Federal Council published comments to the European Commission’s strategy on cloud computing, which it considers inadequate in dealing with several issues unique to cloud computing. … Continue Reading
