On May 26, 2012, the United States government submitted its request to participate in the APEC Cross-Border Privacy Rules (“CBPRs”) system. The CBPRs system was endorsed by APEC leaders in November 2011. The protocol requires a participating economy to submit:
- A letter of intent to participate;
- Confirmation that a privacy enforcement agency in the economy is a participant in the Cross-Border Privacy Enforcement Arrangement;
- Notice that the economy intends to make use of at least one APEC-recognized accountability agency; and
- A description of the domestic laws and other legal mechanisms to give effect to the enforcement activities related to the activities of the accountability agent, which also must include an enforcement map.
On May 16, 2012, the PCI Security Standards Council’s (“PCI SSC’s”) Mobile Working Group published its “At a Glance: Mobile Payment Acceptance Security” fact sheet (the “Guidance”), which outlines best practices for securely accepting payments via mobile devices. The Guidance offers merchants practical advice for partnering with a Point-to-Point Encryption (“P2PE”) solution provider and satisfying their PCI Data Security Standard compliance requirements in the context of mobile payment acceptance. The Guidance includes recommendations for maintaining data security throughout the payment lifecycle, including securing account data at the point of capture and using an approved hardware accessory in combination with a validated P2PE solution.
On May 25, 2012, the UK Information Commissioner’s Office posted updated guidance on how to comply with amendments to EU data protection law requiring businesses to obtain consent from website visitors to store information on their computers and retrieve that information in the form of cookies. Last year, the ICO gave organizations a grace period expiring on May 26, 2012, to comply with the new cookie rules.
On May 24, 2012, Hunton & Williams LLP and Jordan Lawrence Group are pleased to present a 45-minute webcast on “Preparing for a New U.S. Privacy Landscape: An Overview of the FTC and White House Frameworks.” Presenters Lisa J. Sotto, partner and head of the Global Privacy and Data Security practice at Hunton & Williams, Aaron P. Simpson, partner at Hunton & Williams, and Rebecca Perry, Executive Vice President of Professional Services of Jordan Lawrence Group, will highlight the key privacy and information security issues contained in these new frameworks and the impact they will ...
On May 4, 2012, Marty Abrams, President of the Centre for Information Policy Leadership at Hunton & Williams LLP (“the Centre”), interviewed British Columbia’s Information and Privacy Commissioner Elizabeth Denham during the Centre’s First Friday call. Commissioner Denham discussed the April 2012 release of “Getting Accountability Right with a Privacy Management Program,” new guidance issued by the Office of the Privacy Commissioner of Canada and the Offices of the Information and Privacy Commissioners of Alberta and British Columbia. The guidance addresses the Commissioners’ expectations for accountable privacy programs as required by Canadian law. Commissioner Denham described the guidance as “a tool to help organizations comply with the law,” providing “a roadmap to sound data governance,” with clear, practical terms for organizations to achieve accountability.
As reported in BNA’s Privacy & Security Law Report, on May 4, 2012, the United States District Court for the Southern District of California granted plaintiffs’ motion for class certification in an action against IKEA U.S. West, Inc. (“IKEA”) under the Song-Beverly Credit Card Act of 1971 (the “Song-Beverly Act”). The suit alleges that IKEA violated the Song-Beverly Act by requesting that cardholders provide their ZIP codes during credit card transactions, and then recording that information in an electronic database. The Court found that the class definition was not overbroad and that IKEA’s practice of requesting ZIP codes demonstrated common questions of law best resolved through a class action.
Hunton & Williams is pleased to announce that Chambers and Partners has ranked the firm in “Band 2” in its 2012 Chambers Europe guide for TMT: Information Technology: Belgium. Brussels managing partner Wim Nauwelaerts was recognized for his “very straightforward” and “no-nonsense approach.”
The Uruguayan Personal Data Control and Regulatory Unit has released the preliminary agenda for the 34th International Conference of Data Protection and Privacy Commissioners to take place October 23-24, 2012 in Punta del Este, Uruguay, at the Conrad Hotel. The conference theme is “Privacy and Technology in Balance.” The preliminary agenda with session descriptions and other information is available on the conference website at www.privacyconference2012.org.
As we previously reported, on May 3-4, 2012, the European data protection authorities’ (“DPAs’”) Spring Conference was held in Luxembourg, and the Data Protection Commissioners closed the conference by issuing a resolution on European data protection reform. In their resolution, the Data Protection Commissioners expressed general satisfaction with the ongoing modernization of the data protection frameworks of the European Union, the Council of Europe and the Organization for Economic Cooperation and Development.
On May 8, 2012, the Federal Trade Commission announced a settlement agreement with the social networking service Myspace LLC (“Myspace”). The FTC alleged that Myspace’s practice of sharing users’ personal information with unaffiliated third-party advertisers conflicted with representations the company made in its privacy policy, and could allow those advertisers to obtain users’ names, publicly available information and information about their online browsing habits.
Following a meeting in Sopot, Poland, on April 24, 2012, the International Working Group on Data Protection in Telecommunications (the “Working Group”), led by the Berlin Commissioner for Data Protection and Freedom of Information, issued a Working Paper that focuses on privacy and data protection issues related to the use of cloud computing in the international context. The Working Paper aims to reduce uncertainty regarding the definition of cloud computing and how the technology intersects with privacy, data protection and other legal issues.
On May 2, 2012, Australia’s Attorney General Nicola Roxon announced that the Australian government will introduce a bill to the Australian Parliament that will enact a number of the recommendations from the 2008 Law Reform Commission Report (ALRC Report 108) and reform privacy law in Australia. Discussion drafts of segments of the bill were considered by a Senate Committee in 2011. On May 4, Australian Privacy Commissioner Timothy Pilgrim presented an overview of the draft legislation at an event held during the iappANZ Privacy Awareness Week. Commissioner Pilgrim noted that the legislative package includes:
On May 3, 2012, Viviane Reding, Justice Commissioner and European Commission Vice-President, delivered a speech during the European data protection authorities’ (“DPAs’”) Spring Conference, which was held in closed sessions in Luxembourg. In her speech, Commissioner Reding discussed how the proposed EU Data Protection Regulation aimed to empower the DPAs and addressed some of the DPAs’ primary concerns with the reform.
On April 27, 2012, the Centre for Information Policy Leadership at Hunton & Williams LLP (the “Centre”) submitted comments to the latest Singapore consultation on proposed personal data protection legislation, the Personal Data Protection Act 2012. The consultation is being conducted by the Ministry of Information, Communications and the Arts and expired on April 30, 2012.
On April 26, 2012, the U.S. House of Representatives approved the Cyber Intelligence Sharing and Protection Act (“CISPA” or H.R. 3523), which is aimed at facilitating the exchange of cyber threat intelligence information between the government and certain private entities. In addition, the House approved the Federal Information Security Amendments Act of 2012 (H.R. 4257), which modifies the Federal Information Security Management Act of 2002 to provide for automated and continuous monitoring of the security of government information systems.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- Iowa
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Regulation
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott H. Kimpel
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code