Tag Archives: Compliance

New Jersey Shopper Privacy Bill Signed into Law

On July 21, 2017, New Jersey Governor Chris Christie signed a bill that places new restrictions on the collection and use of personal information by retail establishments for certain purposes. The statute, which is called the Personal Information and Privacy Protection Act, permits retail establishments in New Jersey to scan a person’s driver’s license or other state-issued identification card only for eight purposes. … Continue Reading

Record Data Breach Settlement in Anthem Class Action

On June 23, 2017, Anthem Inc., the nation’s second largest health insurer, reached a record 115 million dollar settlement in a class action lawsuit arising out of a 2015 data breach that exposed the personal information of more than 78 million people. Among other things, the settlement creates a pool of funds to provide credit monitoring and reimbursement for out-of-pocket costs for customers. … Continue Reading

Implementation of the EU GDPR: 30-Minute Guidance Review

As companies in the EU and the U.S. prepare for the application of the EU General Data Protection Regulation in May 2018, Hunton & Williams’ Global Privacy and Cybersecurity partner Aaron Simpson discusses the key, significant changes from the EU Directive that companies must comply with before next year. This blog entry contains a link to the full 30-minute webinar. … Continue Reading

FTC Releases Guidance on COPPA Compliance

On June 21, 2017, the Federal Trade Commission updated its guidance for complying with the Children’s Online Privacy Protection Act. The FTC enforces the COPPA Rule, which sets requirements regarding children’s privacy and safety online.… Continue Reading

Cybersecurity Law Goes Into Effect in China

On June 1, 2017, the new Cybersecurity Law went into effect in China. This post takes stock of (1) which measures have been passed so far, (2) which ones go into effect on June 1 and (3) which ones are in progress but have yet to be promulgated.… Continue Reading

Amended Oregon Law Reinforces Importance of Adhering to Privacy Policies

On May 25, 2017, Oregon Governor Kate Brown signed into law H.B. 2090, which updates Oregon’s Unlawful Trade Practices Act by holding companies liable for making misrepresentations on their websites or in their consumer agreements about how they will use, disclose, collect, maintain, delete or dispose of consumer information.… Continue Reading

Global Ransomware Attacks Raise Key Legal Considerations

On May 12, 2017, a massive ransomware attack, known as “WannaCry,” began affecting tens of thousands of computer systems in over 100 countries. These types of incidents can have significant legal implications for affected entities and industries for whom data access and continuity is critical. As affected entities work to understand and respond to the threat of ransomware, we address some of the key legal considerations.… Continue Reading

Wireless Provider Reaches $2.5 Million Settlement with OCR

On April 24, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with CardioNet, Inc., stemming from gaps in policies and procedures uncovered after CardioNet reported breaches of unsecured electronic protected health information.… Continue Reading

Privacy Compliance Company Agrees to a Settlement with the New York Attorney General

On April 6, 2017, New York Attorney General Eric T. Schneiderman announced that privacy compliance company TRUSTe, Inc., agreed to settle allegations that it failed to properly verify that customer websites aimed at children did not run third-party software to track users. According to Attorney General Schneiderman, the enforcement action taken by the NY AG is the first to target a privacy compliance company over children’s privacy.… Continue Reading

CIPL Issues Discussion Paper on GDPR Certifications

On April 12, 2017, the Centre for Information Policy Leadership at Hunton & Williams LLP issued a discussion paper on Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms which sets forth recommendations concerning the implementation of the EU GDPR’s provisions on the development and use of certification mechanisms.… Continue Reading

Working Party Adopts Opinion on Proposed ePrivacy Regulation

On April 4, 2017, the Article 29 Working Party adopted an Opinion on the Proposed Regulation of the European Commission for the ePrivacy Regulation. The Proposed ePrivacy Regulation is intended to replace the ePrivacy Directive and to increase harmonization of ePrivacy rules in the EU. … Continue Reading

Israel Passes Comprehensive Data Security and Breach Notification Regulations

Haim Ravia and Dotan Hammer of Pearl Cohen Zedek Latzer Baratz recently published an article outlining Israel’s new Protection of Privacy Regulations, passed by the Knesset on March 21, 2017. The Regulations will impose mandatory comprehensive data security and breach notification requirements on anyone who owns, manages or maintains a database containing personal data in Israel.… Continue Reading

Webinar Recording Available on China’s New Cybersecurity Law

On March 7, 2017, Hunton & Williams LLP hosted a webinar with Beijing partner Bing Maisog on China’s new Cybersecurity Law. China’s new Cybersecurity Law will impose new restrictions on information flows from operators of key information infrastructure, and will become effective in June 2017.… Continue Reading
LexBlog