On November 10, 2012, the Conference of the German Data Protection Commissioners’ working group on technical and organizational data protection matters published guidelines on data separation requirements for automated data processing on shared IT systems.… Continue Reading
On October 26, 2012, three resolutions were adopted by the closed session of the 34th International Conference of Data Protection and Privacy Commissioners. This blog post provides an overview of these resolutions and their potential impact.… Continue Reading
On September 27, 2012, the UK Information Commissioner’s Office (“ICO”) published guidance on complying with the requirements of the UK Data Protection Act 1998 (“DPA”) in the context of cloud computing services (the “Guidance”). In its Guidance, the ICO reminds data controllers that transferring personal data to the cloud does not absolve them of their … Continue Reading
On September 27, 2012, the European Commission presented “Unleashing the Potential of Cloud Computing in Europe,” a new strategy focusing on simplifying cloud computing standards and certification, developing new model contract terms for cloud computing services and the initiative for a European Cloud Partnership.… Continue Reading
Hunton & Williams partner Lisa Sotto, head of the Global Privacy and Data Security Practice, recently gave a presentation on global privacy law issues to the Western Independent Bankers Service Corporation. This blog post provides a link to the webcast.… Continue Reading
On July 10, 2012, the Federal Financial Institutions Examination Council released a statement on outsourced cloud computing activities, discussing key risk considerations associated with using third-party vendors to implement cloud computing solutions and identifying applicable risk mitigation considerations contained in the FFIEC IT Examination Handbook. … Continue Reading
On July 1, 2012, the Article 29 Working Party adopted an Opinion providing guidance on the risks associated with cloud computing and issuing recommendations to data controllers and data processors operating in the cloud environment.… Continue Reading
On April 24, 2012, the International Working Group on Data Protection in Telecommunications issued a Working Paper that provides best practices and guidance aimed at reducing the privacy and data security risks associated with cloud computing.… Continue Reading
On April 27, 2012, the Centre for Information Policy Leadership at Hunton & Williams LLP submitted comments to the latest Singapore consultation on proposed personal data protection legislation. The Centre’s comments focus on how consent is addressed in the legislation and on assuring that the law applies only to Singapore data.… Continue Reading
The CNIL announced that it will conduct 450 on-site inspections in 2012, focusing on issues such as smart phone technology, health data security, data breaches, police records and day-to-day personal information collection by large entities such as utilities.… Continue Reading
On March 8, 2012, the German Federal Office for Information Security accepted the German Insurance Association’s application for certification of the “Trusted German Insurance Cloud,” a project that aims to establish a secure IT platform for the German insurance industry.… Continue Reading
A growing number of companies are implementing cloud computing solutions to lower IT costs and increase efficiency. Although cloud technology offers an array of advantages, organizations that rely on the cloud must compensate for the corresponding increase in risk associated with outsourcing business operations to a third party.… Continue Reading
On November 29, 2011, at the IAPP Europe Data Protection Congress, EU Commissioner Viviane Reding provided insight into some of the details of the proposals for the revised EU data protection framework. She focused on promoting Binding Corporate Rules as a solution for safeguarding international flows of data.… Continue Reading
On October 17, 2011, the CNIL launched a public consultation on cloud computing, seeking stakeholders’ opinions on legal and technical solutions to address data security concerns affecting cloud computing services for businesses.… Continue Reading
On September 29, 2011, following the 82nd annual conference of German federal and state data protection authorities, the German DPAs issued a resolution on cloud computing and compliance with data protection law. … Continue Reading
In April 2011, a technical malfunction suffered by the Amazon Elastic Compute Cloud resulted in a multi-day outage affecting hundreds of businesses. The incident offered high-profile evidence of both the widespread popularity of cloud computing and the potential consequences of storing company data in the cloud. It also drew attention to cloud service contracts, raising … Continue Reading
On June 14, 2011, the PCI Security Standards Council's Virtualization Special Interest Group published guidelines to provide context for the application of the Payment Card Industry Data Security Standard to cloud and other virtual environments.
… Continue Reading
On June 15, 2011, European Data Protection Supervisor Peter Hustinx gave a press conference to present the EDPS annual report for 2010. Hustinx's remarks focused on the current review of the EU data protection framework and his recent Opinion on the Data Retention Directive.
… Continue Reading
On June 16, 2011, the Hungarian Presidency of the Council of the European Union kicked off a high-level international data protection conference in Budapest. This post provides highlights from the first day of the conference.
… Continue Reading
A complaint submitted to the FTC on May 11, 2011, alleges that cloud-based data storage provider Dropbox made false claims about its encryption practices and the security of its users' data.
… Continue Reading