On October 17, 2018, the French data protection authority published a press release, detailing the rules applicable to devices that collect personal data from users’ mobile phones (media access control address) for the purposes of measuring the advertising audience and traffic in shopping malls and other public areas.
Continue Reading

At its October monthly meeting, the Federal Energy Regulatory Commission adopted new reliability standards addressing cybersecurity risks associated with the global supply chain for Bulk Electric System Cyber Systems. The new standards expand the scope of the mandatory and enforceable cybersecurity standards applicable to the electric utility sector.
Continue Reading

On October 23, 2018, the 40th International Conference of Data Protection and Privacy Commissioners released a Declaration on Ethics and Protection in Artificial Intelligence. In it, the Conference endorsed several guiding principles as “core values” to protect human rights as the development of artificial intelligence continues apace.
Continue Reading

Recently, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and record settlement of $16 million with Anthem, Inc. following Anthem’s 2015 data breach, the largest breach of protected health information in history that affected approximately 79 million individuals.
Continue Reading

On October 11, 2018, the French data protection authority announced that it adopted two referentials regarding the certification of data protection officers in France. The French Data Protection Act, as amended by on June 20, 2018 to supplement the GDPR, allows the CNIL to draft certification criteria and approve certification bodies for the purpose of certifying individuals as DPOs.
Continue Reading

On October 5, 2018, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP hosted a workshop on how to implement, demonstrate and incentivize accountability under the EU General Data Protection Regulation, in collaboration with AXA in Paris, France. In addition to the workshop, on October 4, 2018, CIPL hosted a Roundtable on the Role of the Data Protection Office under the GDPR at Mastercard Incorporated, and a pre-workshop dinner at the Chanel School of Fashion, sponsored by Nymity.
Continue Reading

On September 26, 2018, the SEC announced a settlement with Voya Financial Advisers, Inc., a registered investment advisor and broker-dealer, for violating Regulation S-ID, as well as Regulation S-P. Together, Regulations S-ID and S-P are designed to require covered entities to help protect customers from the risk of identity theft and to safeguard confidential customer information. The settlement represents the first SEC enforcement action brought under Regulation S-ID.
Continue Reading