On October 23, 2018, the 40th International Conference of Data Protection and Privacy Commissioners released a Declaration on Ethics and Protection in Artificial Intelligence. In it, the Conference endorsed several guiding principles as “core values” to protect human rights as the development of artificial intelligence continues apace.
Continue Reading

Recently, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and record settlement of $16 million with Anthem, Inc. following Anthem’s 2015 data breach, the largest breach of protected health information in history that affected approximately 79 million individuals.
Continue Reading

On October 11, 2018, the French data protection authority announced that it adopted two referentials regarding the certification of data protection officers in France. The French Data Protection Act, as amended by on June 20, 2018 to supplement the GDPR, allows the CNIL to draft certification criteria and approve certification bodies for the purpose of certifying individuals as DPOs.
Continue Reading

On October 5, 2018, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP hosted a workshop on how to implement, demonstrate and incentivize accountability under the EU General Data Protection Regulation, in collaboration with AXA in Paris, France. In addition to the workshop, on October 4, 2018, CIPL hosted a Roundtable on the Role of the Data Protection Office under the GDPR at Mastercard Incorporated, and a pre-workshop dinner at the Chanel School of Fashion, sponsored by Nymity.
Continue Reading

On September 26, 2018, the SEC announced a settlement with Voya Financial Advisers, Inc., a registered investment advisor and broker-dealer, for violating Regulation S-ID, as well as Regulation S-P. Together, Regulations S-ID and S-P are designed to require covered entities to help protect customers from the risk of identity theft and to safeguard confidential customer information. The settlement represents the first SEC enforcement action brought under Regulation S-ID.
Continue Reading

The U.S. Department of Commerce’s National Institute of Standards and Technology recently announced that it is seeking public comment on Draft NISTIR 8228, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks. The document is to be the first in a planned series of publications that will examine specific aspects of the IoT topic.
Continue Reading

On September 27, 2018, the Federal Trade Commission announced a settlement agreement with four companies – IDmission, LLC, mResource LLC, SmartStart Employment Screening, Inc., and VenPath, Inc. – over allegations that each company had falsely claimed to have valid certifications under the EU-U.S. Privacy Shield framework.
Continue Reading