On February 16, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP held a virtual roundtable to discuss the role of age assurance and age verification tools as part of its Children’s Data Privacy Project.
Continue Reading CIPL Publishes Key Takeaways from Age Assurance and Age Verification Tools Roundtable

On January 10, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP and Cisco’s Privacy Center of Excellence published a joint report on “Business Benefits of Investing in Data Privacy Management Programs.”
Continue Reading CIPL & Cisco Publish Joint Report on Business Benefits and ROI of Accountable Privacy Programs

On November 30, 2022, the UK government confirmed that the Network and Information Systems Regulations 2018 will be strengthened to protect essential and digital services against cyber attacks.
Continue Reading UK Cyber Laws Extended to Bring Outsourcers and Managed Service Providers into Scope to Strengthen UK’s Resilience Against Online Cyber Attacks

On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

On June 10, 2022, CIPL published a white paper entitled “Local Law Assessments and Online Services – Refining the Approach to Beneficial and Privacy-Protective Cross-Border Data Flows A: Case Study from British Columbia.”
Continue Reading CIPL Publishes New White Paper on the Approach of British Columbia, Canada to Cross-Border Data Transfers by Public Sector Bodies

On December 20, 2021, the UK Information Commissioner’s Office (“ICO”) launched a public consultation on its regulatory approach. The consultation involves three separate documents – the ICO’s Regulatory Action Policy (“RAP”), Statutory Guidance on the ICO’s Regulatory Action, and Statutory Guidance on the ICO’s PECR Powers. The RAP sets forth the ICO’s risk-based approach to regulatory action and explains the factors the ICO considers before taking regulatory action, how the ICO works with other regulators, and enforces the legislation for which it is responsible. Together, the three documents illustrate how the ICO aims to enforce information rights for data subjects in the UK.

Continue Reading UK ICO Consults on Regulatory Action Policy