On April 10, 2014, the Governor of Kentucky signed into law a data breach notification statute requiring persons and entities conducting business in Kentucky to notify individuals whose personally identifiable information was compromised in certain circumstances. The law will take effect on July 14, 2014. … Continue Reading
In March 2014, the State Postal Bureau of the People's Republic of China formally issued three rules establishing significant requirements regarding the protection of personal information. This blog post highlights some of the key elements of the new rules, which are now in effect.… Continue Reading
On April 7, 2014, a federal court issued an opinion allowing the Federal Trade Commission to proceed with its case against the Wyndham Worldwide Corporation for unfair data security practices.… Continue Reading
On March 20, 2014, a breach notification bill was re-introduced in the Australian Senate after having lapsed at the end of the previous Parliament. If passed, the bill would impose a mandatory breach notification requirement for data breaches that pose a "real risk of serious harm" to affected individuals. … Continue Reading
The Federal Trade Commission recently acted on three industry proposals in accordance with the new Children's Online Privacy Protection Rule that came into effect July 1, 2013. Specifically, the FTC determined that it was unnecessary to rule on a proposed parental consent mechanism, approved a proposed "safe harbor" program and is seeking public comment on a separate proposed "safe harbor" program.… Continue Reading
The scale of some recent cyber events has been extraordinary and is leading companies to seek protection through both technology and financial products, such as insurance. This blog entry details the potential impact of some insurers' reluctance to remove terrorism exclusions from their policies.… Continue Reading
On January 8, 2014, Senator Patrick Leahy reintroduced comprehensive information security legislation that would establish a national standard for data breach notification and require businesses to safeguard customers' sensitive personal information from cyber threats. The bill also would establish criminal penalties for individuals who intentionally or willfully conceal security breaches, and would authorize the FTC to write and enforce rules regarding the protection of personal information and breach notification. … Continue Reading
On December 23, 2013, the Federal Trade Commission announced that it had approved Imperium, LLC's proposed mechanism for obtaining verifiable parental consent to collect personal information from children online in accordance with the Children's Online Privacy Protection Rule that came into effect July 1, 2013. … Continue Reading
On November 27, 2013, the State Postal Bureau of the People's Republic of China released five draft normative rules for solicitation of public comment. This blog entry highlights three of these rules relating to the protection of personal information. The deadline for submitting comments on the rules is December 27, 2013.… Continue Reading
On December 12, 2013, Fred H. Cate, Senior Policy Advisor in the Centre for Information Policy Leadership at Hunton and Williams LLP submitted its comments in response to the National Institute of Standards and Technology's Preliminary Cybersecurity Framework. … Continue Reading
On December 2, 2013, the FTC announced that it will host a series of seminars to examine the privacy implications of three new areas of technology used to track, market to and analyze consumers: mobile device tracking, predictive scoring and consumer-generated health data.… Continue Reading
On November 21, 2013, the Supreme People's Court of China passed the Provisions on the Online Issuance of Judgment Documents by People's Courts, which will take effect on January 1, 2014. The Provisions generally focus on improved implementation of the principles of standardizing the online issuance of judgment documents, promoting judicial justice and enhancing the public credibility of the judiciary.… Continue Reading
On November 19, 2013, the National Health and Family Planning Commission of the People's Republic of China published a draft of its proposed new Administrative Measures on Personal Health Information and solicited public comments by December 20, 2013.… Continue Reading
On November 15, 2013, the Supreme Court of Canada declared the Alberta Personal Information Protection Act invalid because the legislation interfered with the right to freedom of expression in the labor context under Section 2(b) of the Canadian Charter of Rights and Freedoms.… Continue Reading
On November 4, 2013, the China Insurance Regulatory Commission, which is the Chinese regulatory and administrative authority for the insurance sector, issued new measures that require life insurance companies and their agents to ensure the authenticity of the personal data of life insurance policy holders.… Continue Reading
On November 13, 2013, the Federal Trade Commission announced that it denied a proposal submitted in August by AssertID, Inc. for a mechanism to obtain verifiable parental consent in accordance with the new Children's Online Privacy Protection Rule.… Continue Reading
On November 13, 2013, Google entered into a $17 million settlement agreement with the attorneys general from 37 states and the District of Columbia related to allegations that the company bypassed users’ cookie-blocking settings on Apple’s Safari browser in 2011 and 2012. The settlement requires Google to refrain from bypassing cookie controls in the future … Continue Reading
Kazakhstan's new data privacy law, which was passed on May 21, 2013, is scheduled to come into effect on November 26, 2013. Kazakhstan joins the Kyrgyz Republic, becoming the second Central Asian country to enact a data privacy law.… Continue Reading
On September 25, 2013, Senator Jay Rockefeller expanded his investigation of the data broker industry by sending letters to twelve popular health and personal finance websites requesting information about their data collection and sharing practices. Responses are due by October 11, 2013.… Continue Reading
The People's Republic of China continues to focus on strengthening the protection of personal financial information with China Banking Regulatory Commission's issuance of new guidance for the banking sector on consumer protection.… Continue Reading
For the second time in less than a month, on September 9, 2013, the Federal Trade Commission announced that it is seeking public comment on a proposed mechanism for obtaining verifiable parental consent in accordance with the new Children's Online Privacy Protection Rule. … Continue Reading
On September 5, 2013, Pew Research Center released a report detailing the results of a new survey that questioned Internet and smartphone users in the United States about anonymity, privacy and security online. This blog entry provides a brief summary of the survey results and includes a link to the full report.… Continue Reading
On August 8, 2013, the State Council of the People's Republic of China released Opinions containing high-level guidelines to encourage development of the information sector. The State Council's interest in this issue provides further evidence of the Chinese government's growing recognition of the importance of data protection.… Continue Reading
On August 29, 2013, the Federal Trade Commission announced that it filed a complaint against LabMD, Inc. for failing to protect consumers' personal data by exposing documents containing names, Social Security numbers, dates of birth, health insurance information and bank account information on a P2P file-sharing network.… Continue Reading
