Tag Archives: Compliance

Webinar Recording Available on China’s New Cybersecurity Law

On March 7, 2017, Hunton & Williams LLP hosted a webinar with Beijing partner Bing Maisog on China’s new Cybersecurity Law. China’s new Cybersecurity Law will impose new restrictions on information flows from operators of key information infrastructure, and will become effective in June 2017.… Continue Reading

Webinar Recording Available on the NYDFS Regulations

On March 9, 2017, AllClear ID hosted a webinar with Hunton & Williams partner Lisa J. Sotto on the new cybersecurity regulations from the New York State Department of Financial Services. This blog post provides a link to the recording and presentation materials. … Continue Reading

ICO Publishes Guidance on Consent under the EU GDPR

Recently, the UK Information Commissioner’s Office published draft guidance regarding the consent requirements of the EU General Data Protection Regulation that sets forth how the ICO interprets the GDPR’s consent requirements, and its recommended approach to compliance and good practice. … Continue Reading

FCC Stays Implementation of Data Security Rules

On March 1, 2017, the Federal Communications Commission, under the new leadership of Chairman Ajit Pai, voted 2-1 to issue a temporary stay of the data security obligations of the FCC’s Broadband Consumer Privacy Rules, which were to go into effect March 2, 2017. The temporary stay will remain in place until the FCC is able to act on pending petitions for reconsideration. … Continue Reading

Webinar on China’s New Cybersecurity Law

Hunton & Williams LLP will host a webinar on China’s New Cybersecurity Law on March 7, 2017. This blog entry provides additional information on the event and a link to register for the complimentary program.… Continue Reading

OCR Settlement Emphasizes Importance of Audit Controls

On February 16, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Memorial Healthcare System that emphasized the importance of audit controls in preventing breaches of protected health information. The 5.5 million dollar settlement with Memorial is the fourth enforcement action taken by OCR in 2017, and matches the largest civil monetary ever imposed against a single covered entity.… Continue Reading

OCR Settlement Emphasizes Importance of Implementing Safeguards to Protect PHI

On January 18, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with MAPFRE Life Insurance Company of Puerto Rico relating to a breach of protected health information contained on a portable storage device. This is the second enforcement action taken by OCR in 2017, following the action taken against Presence Health earlier this month for failing to make timely breach notifications.… Continue Reading

NERC Releases Draft Standard for Cybersecurity Supply Chain Risk Management

On January 19, 2017, the North American Electric Reliability Corporation released a draft Reliability Standard CIP-013-1 – Cyber Security – Supply Chain Risk Management which addresses “supply chain risk management for industrial control system hardware, software, and computing and networking services associated with bulk electric system operations.”… Continue Reading

OCR Settles First Enforcement Action for Untimely Reporting of a Breach

On January 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Presence Health stemming from the entity’s failure to notify affected individuals, the media and OCR within 60 days of discovering a breach. This marks the first OCR settlement of 2017 and the first enforcement action relating to untimely breach reporting by a HIPAA covered entity.… Continue Reading

Chile Expected to Consider New Data Protection Legislation

On January 3, 2017, as reported in Bloomberg Law: Privacy and Data Security, Chilean legislators are soon expected to consider a new data protection law which would impose new privacy compliance standards and certain enforcement provisions on companies doing business in Chile. … Continue Reading

NIST Releases Privacy Engineering and Risk Management Guidance for Federal Agencies

On January 4, 2017, the National Institute of Standards and Technology announced the final release of NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems. NISTIR 8062 describes the concept of applying systems engineering practices to privacy and sets forth a model for conducting privacy risk assessments on federal systems. … Continue Reading

CIPL Issues White Paper on High Risk and DPIAs under the GDPR

On December 21, 2016, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a white paper on Risk, High Risk, Risk Assessments and Data Protection Impact Assessments under the GDPR. The White Paper sets forth guidance and recommendations concerning the interpretation and implementation of the GDPR’s provisions relating to risk and risk assessment.… Continue Reading

France Adopts Class Action Regime for Data Protection Violations

On November 19, 2016, the French government enacted a bill creating a legal basis for class actions against data controllers and processors resulting from data protection violations. The bill establishes a general class action regime and includes specific provisions regarding data protection violations.… Continue Reading

CIPL Issues White Paper on the DPO’s Role under the GDPR

On November 17, 2016, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a white paper which sets forth guidance and recommendations concerning the interpretation and implementation of the GDPR’s provisions relating to the role of the Data Protection Officer. … Continue Reading

FINRA Fines Brokerage Firm $650,000 After Cyber Attack

On November 14, 2016, Lincoln Financial Securities Corp., a subsidiary of Lincoln Financial Group, entered into a settlement with the Financial Industry Regulatory Authority, requiring LFS to pay a 650,000 dollar fine and implement stronger cybersecurity protocols following a 2012 hack into its cloud-based server.… Continue Reading

CIPL and AvePoint Release Global GDPR Readiness Report

On November 9, 2016, the Centre for Information Policy Leadership at Hunton & Williams LLP and AvePoint released the results of a joint global survey launched in May 2016 concerning organizational preparedness for implementing the EU General Data Protection Regulation. … Continue Reading

FinCEN Issues Advisory on SAR Reporting Obligations Involving Cyber Crime

Recently, the U.S. Department of Treasury’s Financial Crimes Enforcement Network issued an advisory entitled Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime, to help financial institutions understand how to fulfill their Bank Secrecy Act obligations with regard to cyber events and cyber-enabled crime.… Continue Reading
LexBlog