On September 18, 2017, the European Commission and U.S. Department of Commerce kicked off their first annual joint review of the EU-U.S. Privacy Shield. To aid in the review, the Department invited a few industry leaders, including Hunton & Williams' partner Lisa Sotto to speak about their experiences during the first year of the Privacy Shield.… Continue Reading
On September 1, 2017, the FTC published the seventh blog post in its “Stick with Security” series. This week’s post, entitled Stick with Security: Secure remote access to your network, outlines important security measures businesses should take to ensure that outside entryways to their systems are sensibly defended.… Continue Reading
On August 22, 2017, the Russian privacy regulator announced that it had issued an order, effective immediately, revising notice protocols for companies that process personal data in Russia. … Continue Reading
On August 9, 2017, the Russian privacy regulator expanded its list of nations that provide sufficient privacy protections to allow transfers of personal data from Russia.… Continue Reading
In a video roundtable series, Hunton & Williams LLP partners Lisa J. Sotto and Steven M. Haas and special counsel Allen C. Goolsby, along with Stroz Friedberg’s co-president Eric M. Friedberg and Lee Pacchia of Mimesis Law, discuss the special consideration that should be given to privacy and cybersecurity risks in corporate transactions. This blog post contains links to the first two segments of the videos. … Continue Reading
On August 7, 2017, the UK Government’s Department for Culture, Media and Sport published a Statement of Intent setting out the planned reforms to be included in the forthcoming Data Protection Bill, which we previously reported is expected to be laid before the UK Parliament in early September.… Continue Reading
On July 25, 2017, the French Data Protection Authority published their decision on the adoption of several amendments to its Single Authorization AU-004 regarding the processing of personal data in the context of whistleblowing schemes. The amendments reflect changes introduced by French law on December 9, 2016, regarding transparency, the fight against corruption and the modernization of the economy.… Continue Reading
On July 27, 2017, the French Data Protection Authority imposed a fine of 40,000 euros on a French affiliate of the rental car company, The Hertz Corporation, for failure to ensure the security of website users’ personal data.… Continue Reading
On July 26, 2017, the Court of Justice of the European Union declared that the envisaged EU-Canada agreement on the transfer of passenger name records interferes with the fundamental right to respect for private life and the right to the protection of personal data and is therefore incompatible with EU law in its current form.… Continue Reading
As reported in BNA Privacy Law Watch, on July 1, 2017, a new law took effect in Russia allowing for administrative enforcement actions and higher fines for violations of Russia’s data protection law.… Continue Reading
The Article 29 Working Party issued an Opinion on data processing at work, which complements the Working Party's previous guidance on the processing of personal data in the employment context and on the surveillance of electronic communications in the workplace. This blog entry provides highlights on the Opinion.… Continue Reading
On June 21, 2017, in the Queen’s Speech to Parliament, the UK government confirmed its intention to press ahead with the implementation of the EU General Data Protection Regulation into national law.… Continue Reading
Recently, the Belgian Privacy Commission (the “Belgian DPA”) released a Recommendation (in French and Dutch) regarding the requirement to appoint a data protection officer (“DPO”) under the EU General Data Protection Regulation (“GDPR”).… Continue Reading
On May 29, 2017, a high-level EU Commission official and Politico reported that the primary objective of the first annual joint review of the EU-U.S. Privacy Shield, to take place in September 2017, is not to obtain more concessions from the U.S. regarding Europeans’ privacy safeguards, but rather to monitor the current U.S. administration’s work and steer U.S. privacy debates to prevent privacy safeguards from deteriorating.… Continue Reading
On April 27, 2017, the German Federal Parliament adopted the new German Federal Data Protection Act to replace the existing Federal Data Protection Act of 2003. The new BDSG is intended to adapt the current German data protection law to the EU General Data Protection Regulation which will become effective on May 25, 2018. … Continue Reading
On April 4, 2017, the Article 29 Working Party adopted its draft Guidelines on Data Protection Impact Assessment and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679. The Guidelines aim to clarify when a data protection impact assessment is required under the EU GDPR.… Continue Reading
On April 4, 2017, the Article 29 Working Party adopted an Opinion on the Proposed Regulation of the European Commission for the ePrivacy Regulation. The Proposed ePrivacy Regulation is intended to replace the ePrivacy Directive and to increase harmonization of ePrivacy rules in the EU. … Continue Reading
On April 5, 2017, the Article 29 Working Party adopted the final versions of its guidelines on the right to data portability, Data Protection Officers and Lead Supervisory Authority, which were first published for comment in December 2016. The final publication of these revised guidelines follows the public consultation which ended in February 2017. … Continue Reading
Haim Ravia and Dotan Hammer of Pearl Cohen Zedek Latzer Baratz recently published an article outlining Israel’s new Protection of Privacy Regulations, passed by the Knesset on March 21, 2017. The Regulations will impose mandatory comprehensive data security and breach notification requirements on anyone who owns, manages or maintains a database containing personal data in Israel.… Continue Reading
Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data.… Continue Reading
On March 28, 2017, the French Data Protection Authority published its Annual Activity Report for 2016 and released its annual inspection program for 2017. The Report presents the main accomplishments in 2016 and highlights the diversified activity at both the national and EU level with the adoption of two major pieces of legislation.… Continue Reading
On April 5, 2017, Hunton & Williams LLP and Stroz Friedberg will host a webinar on managing privacy and data security risks before, during and after an M&A transaction. This blog post provides a link to register for the event. … Continue Reading
On March 15, 2017, the French data protection authority published a six step methodology and tools for businesses to prepare for the EU General Data Protection Regulation that will become applicable on May 25, 2018. The six steps are outlined in this entry. … Continue Reading
Hunton & Williams announces the formation of a cross-disciplinary legal team dedicated to guiding companies through the minefield of regulatory and cyber-related risks associated with high-stakes corporate mergers and acquisitions. … Continue Reading
