On June 20, 2014, Florida Governor Rick Scott signed a bill that repeals and replaces the state's existing breach notification statute to cover health information and online account credentials, impose a 30-day notification timing requirement and require notification to the state regulator for breaches affecting 500 or more residents. The amendment took effect on July 1, 2014. … Continue Reading
On June 3 and 4, 2014, the Article 29 Working Party held a meeting to discuss the consequences of the European Court of Justice's May 13, 2014 Costeja ruling, which has been described by many as providing a "right to be forgotten."… Continue Reading
On May 27, 2014, the Federal Trade Commission announced the release of a new report recommending that Congress consider enacting legislation that would increase transparency in the data broker industry and give consumers more control over how data brokers collect and share their personal information. … Continue Reading
On May 30, 2014, Google posted a web form that enables individuals to request the removal of URLs from the results of searches that include that individual’s name.… Continue Reading
On May 21, 2014, California Attorney General Kamala D. Harris released guidance for businesses on how to comply with recent updates to the California Online Privacy Protection Act.… Continue Reading
On April 25, 2014, a federal district court judge in New York ruled that Microsoft must release user data to U.S. law enforcement when issued a search warrant, even if the data is stored outside of the U.S.… Continue Reading
On April 10, 2014, the Governor of Kentucky signed into law a data breach notification statute requiring persons and entities conducting business in Kentucky to notify individuals whose personally identifiable information was compromised in certain circumstances. The law will take effect on July 14, 2014. … Continue Reading
In March 2014, the State Postal Bureau of the People's Republic of China formally issued three rules establishing significant requirements regarding the protection of personal information. This blog post highlights some of the key elements of the new rules, which are now in effect.… Continue Reading
On April 7, 2014, a federal court issued an opinion allowing the Federal Trade Commission to proceed with its case against the Wyndham Worldwide Corporation for unfair data security practices.… Continue Reading
On March 20, 2014, a breach notification bill was re-introduced in the Australian Senate after having lapsed at the end of the previous Parliament. If passed, the bill would impose a mandatory breach notification requirement for data breaches that pose a "real risk of serious harm" to affected individuals. … Continue Reading
The Federal Trade Commission recently acted on three industry proposals in accordance with the new Children's Online Privacy Protection Rule that came into effect July 1, 2013. Specifically, the FTC determined that it was unnecessary to rule on a proposed parental consent mechanism, approved a proposed "safe harbor" program and is seeking public comment on a separate proposed "safe harbor" program.… Continue Reading
The scale of some recent cyber events has been extraordinary and is leading companies to seek protection through both technology and financial products, such as insurance. This blog entry details the potential impact of some insurers' reluctance to remove terrorism exclusions from their policies.… Continue Reading
On January 8, 2014, Senator Patrick Leahy reintroduced comprehensive information security legislation that would establish a national standard for data breach notification and require businesses to safeguard customers' sensitive personal information from cyber threats. The bill also would establish criminal penalties for individuals who intentionally or willfully conceal security breaches, and would authorize the FTC to write and enforce rules regarding the protection of personal information and breach notification. … Continue Reading
On December 23, 2013, the Federal Trade Commission announced that it had approved Imperium, LLC's proposed mechanism for obtaining verifiable parental consent to collect personal information from children online in accordance with the Children's Online Privacy Protection Rule that came into effect July 1, 2013. … Continue Reading
On November 27, 2013, the State Postal Bureau of the People's Republic of China released five draft normative rules for solicitation of public comment. This blog entry highlights three of these rules relating to the protection of personal information. The deadline for submitting comments on the rules is December 27, 2013.… Continue Reading
On December 12, 2013, Fred H. Cate, Senior Policy Advisor in the Centre for Information Policy Leadership at Hunton and Williams LLP submitted its comments in response to the National Institute of Standards and Technology's Preliminary Cybersecurity Framework. … Continue Reading
On December 2, 2013, the FTC announced that it will host a series of seminars to examine the privacy implications of three new areas of technology used to track, market to and analyze consumers: mobile device tracking, predictive scoring and consumer-generated health data.… Continue Reading
On November 21, 2013, the Supreme People's Court of China passed the Provisions on the Online Issuance of Judgment Documents by People's Courts, which will take effect on January 1, 2014. The Provisions generally focus on improved implementation of the principles of standardizing the online issuance of judgment documents, promoting judicial justice and enhancing the public credibility of the judiciary.… Continue Reading
On November 19, 2013, the National Health and Family Planning Commission of the People's Republic of China published a draft of its proposed new Administrative Measures on Personal Health Information and solicited public comments by December 20, 2013.… Continue Reading
On November 15, 2013, the Supreme Court of Canada declared the Alberta Personal Information Protection Act invalid because the legislation interfered with the right to freedom of expression in the labor context under Section 2(b) of the Canadian Charter of Rights and Freedoms.… Continue Reading
On November 4, 2013, the China Insurance Regulatory Commission, which is the Chinese regulatory and administrative authority for the insurance sector, issued new measures that require life insurance companies and their agents to ensure the authenticity of the personal data of life insurance policy holders.… Continue Reading
On November 13, 2013, the Federal Trade Commission announced that it denied a proposal submitted in August by AssertID, Inc. for a mechanism to obtain verifiable parental consent in accordance with the new Children's Online Privacy Protection Rule.… Continue Reading
On November 13, 2013, Google entered into a $17 million settlement agreement with the attorneys general from 37 states and the District of Columbia related to allegations that the company bypassed users’ cookie-blocking settings on Apple’s Safari browser in 2011 and 2012. The settlement requires Google to refrain from bypassing cookie controls in the future … Continue Reading
Kazakhstan's new data privacy law, which was passed on May 21, 2013, is scheduled to come into effect on November 26, 2013. Kazakhstan joins the Kyrgyz Republic, becoming the second Central Asian country to enact a data privacy law.… Continue Reading
