On December 18, 2020, federal financial regulatory agencies announced a proposed rule that would require “banking organizations” to notify their primary federal regulator within 36 hours following any “computer-security incident” that rises to the level of a “notification incident.” The Proposed Rule also would require service providers to notify at least two individuals at the banking organizations they service immediately after experiencing a computer security incident that materially disrupts, degrades or impairs the services they provide.
Continue Reading Financial Regulators Announce Proposed 36-Hour Notification Requirement for Notification Incidents

On December 15, 2020, the Irish Data Protection Commission announced its fine of 450,000 Euros against Twitter International Company, following its investigation into a breach resulting from a bug in Twitter’s design. The fine is the largest issued by the Irish DPC under the GDPR to date and is also its first against a U.S.-based organization.
Continue Reading Irish DPA Issues Fine of 450,000 Euros Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

On December 10, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted its response to the European Commission’s invitation for comments on its draft implementing decision on SCCs to be used for the transfer of personal data from a controller or processor subject to the GDPR to a controller or processor not subject to the GDPR.
Continue Reading CIPL Submits Response to European Commission’s Standard Contractual Clauses for the Transfer of Personal Data to Third Countries Pursuant to the GDPR

On December 10, 2020, the Centre for Information Policy Leadership at Hunton Andrews Kurth submitted its response to the European Commission’s invitation for comments on its draft implementing decision on standard contractual clauses between controllers and processors for purposes of Article 28 of the GDPR.
Continue Reading CIPL Submits Response to European Commission’s Article 28 Standard Contractual Clauses

Sweet & Maxwell published the fifth edition of Data Protection Law and Practice written by Hunton’s Rosemary Jay. The latest edition provides a comprehensive and thorough review of the current state of data protection law in the UK, along with the background to the law.
Continue Reading Sweet & Maxwell Publishes the Fifth Edition of Data Protection Law and Practice Written by Rosemary Jay

On November 12, 2020, somewhat in the shadow of the new standard contractual clauses for data transfers to recipients outside the European Economic Area, the European Commission also adopted draft standard contractual clauses to be used between controllers and processors in the EEA.
Continue Reading European Commission Releases Draft Standard Contractual Clauses for Article 28 Data Processing Agreements

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the GDPR, along with its draft set of new standard contractual clauses. This blog entry provides key takeaways on the draft decision.
Continue Reading European Commission Publishes Draft of New Standard Contractual Clauses

On October 22, 2020, the Consumer Financial Protection Bureau issued a notice of proposed rulemaking to implement Section 1033 of the Dodd-Frank Act regarding consumers’ access to their financial information.
Continue Reading Consumer Financial Protection Bureau Issues Notice of Proposed Rulemaking Regarding Access to Financial Information

In an op-ed recently published by The Richmond Times-Dispatch, former Governor of Virginia and Global Strategy Advisor of the Centre for Information Policy Leadership at Hunton Andrews Kurth Terry McAuliffe discusses why a U.S. federal privacy law is essential to economic recovery in the wake of the COVID-19 pandemic.
Continue Reading McAuliffe Says Federal Privacy Law Is Essential to Economic Recovery