On May 26, 2017, the Belgian Privacy Commission published its Annual Activity Report for 2016 highlighting its main accomplishments from the past year.… Continue Reading
Pablo Palazzi, from Buenos Aires law firm Allende & Brea, reports that earlier this month, the Argentine Data Protection Agency posted the first draft of a new data protection bill on its website. The Draft Bill is heavily based on the EU GDPR and maintains the structure of Argentina’s current data protection bill.… Continue Reading
Recently, the Ministry of Industry and Information Technology of the People’s Republic of China published a draft of the new Notice on Regulating Business Behaviors in the Cloud Service Market for public comment. The draft is open for comment until December 24, 2016.… Continue Reading
Earlier this month, the Department of Health and Human Services’ Office for Civil Rights issued guidance for HIPAA-covered entities that use cloud computing services involving electronic protected health information. … Continue Reading
On September 27, 2016, Cloud Infrastructure Services Providers in Europe published its Data Protection Code of Conduct. CISPE, a relatively new coalition of more than 20 cloud infrastructure providers with operations in Europe, has focused the Code on transparency and compliance with EU data protection laws. … Continue Reading
On July 6, 2016, the European Parliament adopted the Directive on Security of Network and Information Systems, which will come into force in August 2016. The NIS Directive is part of the European Commission’s cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues.… Continue Reading
On June 22, 2016, the Bavarian Data Protection Authority issued a short paper on certifications under Article 42 of the General Data Protection Regulation. The GDPR will become effective on May 25, 2018.… Continue Reading
On May 17, 2016, the European Council adopted its position at first reading on the Network and Information Security Directive. The NIS Directive was proposed by the European Commission on February 7, 2013, as part of its cybersecurity strategy for the European Union, and is designed to increase cooperation between EU Member States on cybersecurity issues.… Continue Reading
On December 30, 2015, the Department of Defense issued a second interim rule that extends the deadline by which federal contractors must implement the new cybersecurity requirements previously issued by the agency. … Continue Reading
On October 26, 2015, the German federal and state data protection authorities published a joint position paper on Safe Harbor and potential alternatives for transfers of data to the U.S. … Continue Reading
On October 27, 2015, Hunton & Williams LLP’s Centre for Information Policy Leadership will conduct a joint workshop with Nymity on Bridging Disparate Privacy Regimes through Organizational Accountability during the 37th International Privacy Conference. The Centre for Information Policy Leadership also has released two draft white papers in a series of three on protecting privacy in a world of big data.… Continue Reading
On September 22, 2015, the Article 29 Working Party (the “Working Party”) adopted an Opinion on the Cloud Select Industry Group (“C-SIG”) Code of Conduct on data protection for Cloud Service Providers (the “Code”). In the Opinion, the Working Party analyzes the Code that was drafted by the Cloud Select Industry Group (the “C-SIG”).… Continue Reading
The Department of Defense recently issued an interim rule that streamlines the obligations for contractors to report cyber incidents and establishes DoD requirements for contracting with cloud computing service providers.… Continue Reading
On August 11, 2015, the Online Trust Alliance, a nonprofit group whose goal is to increase online trust and promote the vitality of the Internet, released a framework for best practices in privacy and data security for the Internet of Things. … Continue Reading
On March 3, 2015, Lisa Sotto, partner and chair of the Global Privacy and Cybersecurity practice at Hunton & Williams LLP was featured in the new Penn Law podcast series, Case in Point: Great Minds on Law and Life, discussing what we mean when we talk about our right to privacy. This blog entry provides a link to the podcast.… Continue Reading
The Irish government filed an amicus brief in the ongoing dispute between Microsoft and the U.S. government concerning the U.S. government’s demands for data held by Microsoft on email servers located in Ireland.… Continue Reading
On December 15, 2014, Microsoft reported the filing of 10 amicus briefs in the 2nd Circuit Court of Appeals signed by leading technology and media companies, computer scientists and trade associations and advocacy organizations, in support of Microsoft's litigation to resist a U.S. Government's search warrant purporting to compel the production of Microsoft customer emails that are stored in Ireland.… Continue Reading
In an article entitled The Rise of Accountability from Policy to Practice and Into the Cloud published by the International Association of Privacy Professionals, Bojana Bellamy, President of the Centre for Information Policy Leadership at Hunton & Williams, outlines the rapid global uptake of “accountability” as a cornerstone of effective data protection.… Continue Reading
On June 26, 2014, the European Commission issued guidelines on the standardization of service level agreements for cloud services providers. The Guidelines, which were prepared by a group of experts established by the European Commission in February 2013, provide definitions of legal and technical terms and specific service level objectives designed to achieve standardization in service level agreements.… Continue Reading
On October 21, 2013, the European Parliament approved its Compromise Text of the proposed EU General Data Protection Regulation. The passing of the vote comes after months of negotiations between the various parliamentary committees.… Continue Reading
On September 30, 2013, Hunton and Williams LLP hosted representatives from the U.S. Department of Commerce for a timely discussion of the Safe Harbor Framework, the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules System, and the Transatlantic Trade and Investment Partnership negotiations. This blog post provides a summary of the panel's remarks.… Continue Reading
On July 24, 2013, Federal and State Data Protection Commissioners in Germany issued a press release stating that foreign intelligence and security agencies threaten international data traffic between Germany and countries located outside the European Union.… Continue Reading
On July 2, 2013, the Indian government released its ambitious national cybersecurity policy. This blog post highlights some of the policy’s strategic objectives.… Continue Reading
On June 14, 2013, the French Data Protection Authority announced that last March it had created an internal working group to study the privacy issues arising from the access of the personal data of French citizens by foreign public authorities.… Continue Reading
