On October 27, 2015, Hunton & Williams LLP’s Centre for Information Policy Leadership (“CIPL”) will conduct a joint workshop with Nymity on Bridging Disparate Privacy Regimes through Organizational Accountability. As a side event to the 37th International Privacy Conference in Amsterdam during the week of October 26, the workshop is specifically designed to support and further explore the theme of global “Privacy Bridges” that will be discussed at the International Privacy Conference. Organizational accountability is one of the proposed bridges in the Privacy Bridges Report which the international expert group released earlier this week.

Continue Reading CIPL Supports Theme of “Privacy Bridges” at 37th International Privacy Conference in Amsterdam

On September 22, 2015, the Article 29 Working Party (the “Working Party”) adopted an Opinion on the Cloud Select Industry Group (“C-SIG”) Code of Conduct on data protection for Cloud Service Providers (the “Code”). In the Opinion, the Working Party analyzes the Code that was drafted by the Cloud Select Industry Group (the “C-SIG”).

Continue Reading Article 29 Working Party Issues Opinion on C-SIG Code of Conduct on Cloud Computing

On August 26, 2015, the U.S. Department of Defense (“DoD”) published an interim rule entitled Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013–D018) (the “Interim Rule”), that streamlines the obligations for contractors to report network penetrations and establishes DoD requirements for contracting with cloud computing service providers. The Interim Rule amends the information security contracting framework set forth in the Defense Federal Acquisition Regulation Supplement (“DFARS”) to implement section 941 of the National Defense Authorization Act (“NDAA”) for Fiscal Year (“FY”) 2013 and section 1632 of the NDAA for FY 2015, both of which impose cyber incident reporting obligations on contractors.

Continue Reading Department of Defense Issues New Cyber Incident Reporting and Cloud Computing Requirements for Contractors

On August 11, 2015, the Online Trust Alliance, a nonprofit group whose goal is to increase online trust and promote the vitality of the Internet, released a framework (the “Framework”) for best practices in privacy and data security for the Internet of Things. The Framework was developed by the Internet of Things Trustworthy Working Group, which the Online Trust Alliance created in January 2015 to address “the mounting concerns and collective impact of connected devices.”

Continue Reading Online Trust Alliance Releases Privacy and Data Security Framework for Internet of Things

On March 3, 2015, Steven Barnes, the host of the new Penn Law podcast series, Case in Point: Great Minds on Law and Life, interviewed Lisa Sotto, partner and chair of the Global Privacy and Cybersecurity practice at Hunton & Williams LLP, and Anita Allen, professor of law and philosophy at the University of Pennsylvania Law School and vice provost for faculty on trends in privacy and cybersecurity, discussing what we mean when we talk about our right to privacy.

Continue Reading Sotto Featured on Penn Law’s “Great Minds on Law and Life” Podcast on New Threats to Digital Privacy and Cybersecurity

In December 2014, we reported that various technology companies, academics and trade associations filed amicus briefs in support of Microsoft’s attempts to resist a U.S. government search warrant seeking to compel it to disclose the contents of customer emails that are stored on servers in Ireland. On December 23, 2014, the Irish government also filed an amicus brief in the 2nd Circuit Court of Appeals.

Continue Reading Irish Government Files Amicus Brief in Microsoft Case

On December 15, 2014, Microsoft reported the filing of 10 amicus briefs in the 2nd Circuit Court of Appeals signed by 28 leading technology and media companies, 35 leading computer scientists, and 23 trade associations and advocacy organizations, in support of Microsoft’s litigation to resist a U.S. Government’s search warrant purporting to compel the production of Microsoft customer emails that are stored in Ireland. In opposing the Government’s assertion of extraterritorial jurisdiction in this case, Microsoft and its supporters have argued that their stance seeks to promote privacy and trust in cross-border commerce and advance a “broad policy issue” that is “fundamental to the future of global technology.”

Continue Reading Industry, Privacy Advocates Join Microsoft to Protect Customer Emails in Foreign Servers

In an article entitled The Rise of Accountability from Policy to Practice and Into the Cloud published by the International Association of Privacy Professinals, Bojana Bellamy, President of the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”), outlines the rapid global uptake of “accountability” as a cornerstone of effective data protection and points to the recent ISO 27018 data privacy cloud standard as one of the latest examples.

Continue Reading Centre for Information Policy Leadership Points to New ISO Cloud Privacy Standard as “Accountability” Milestone

On June 26, 2014, the European Commission issued guidelines on the standardization of service level agreements for cloud services providers (the “Guidelines”). In the context of the European Cloud Computing Strategy, launched by the European Commission in September 2012, the Guidelines focus on security and data protection in the cloud. They are based on the understanding that standardization will improve the clarity of service level agreements (“SLAs”) for cloud services in the European Union.

Continue Reading European Commission Issues Cloud Service Level Agreement Standardization Guidelines

On October 21, 2013, the European Parliament approved its Compromise Text of the proposed EU General Data Protection Regulation (the “Proposed Regulation”). The approval follows months of negotiations between the various parliamentary committees. The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) has been in charge of working toward an agreement on the Compromise Text in the European Parliament.

Continue Reading European Parliament Approves Compromise Text on Regulation