Privacy & Information Security Law Blog

On August 11, 2017, the FTC published the fourth blog post in its “Stick with Security” series. As we previously reported, the FTC will publish an entry every Friday for the next few months focusing on each of the 10 principles outlined in its Start with Security Guide for Businesses. This week’s post, entitled Stick with Security: Require secure passwords and authentication, examines five effective security measures companies can take to safeguard their computer networks.

On August 1, 2017, a unanimous three-judge panel for the D.C. Circuit reversed the dismissal of a putative data breach class action against health insurer CareFirst, Attias v. CareFirst, Inc., No. 16-7108, slip op. (D.C. Cir. Aug. 1, 2017), finding the risk of future injury was not too speculative to establish injury in fact under Article III. 

On August 9, 2017, Nationwide Mutual Insurance Co. (“Nationwide”) agreed to a $5.5 million settlement with attorneys general from 32 states in connection with a 2012 data breach that exposed the personal information of over 1.2 million individuals. 

On August 4, 2017, the FTC published the third blog post in its “Stick with Security” series. As we previously reported, the FTC will publish an entry every Friday for the next few months focusing on each of the 10 principles outlined in its Start with Security Guide for Businesses. This week’s post, entitled “Stick with security: Control access to data sensibly,” details key security measures businesses can take to limit unauthorized access to data in their possession.

In a video roundtable series, Hunton & Williams LLP partners Lisa J. Sotto and Steven M. Haas and special counsel Allen C. Goolsby, along with Stroz Friedberg’s co-president Eric M. Friedberg and Lee Pacchia of Mimesis Law, discuss the special consideration that should be given to privacy and cybersecurity risks in corporate transactions.

On August 7, 2017, the UK Government’s Department for Culture, Media and Sport published a Statement of Intent setting out the planned reforms to be included in the forthcoming Data Protection Bill, which we previously reported is expected to be laid before the UK Parliament in early September.

Media sources have reported that the UK Department for Culture, Media & Sport has confirmed its plans to present its Data Protection Bill to Parliament when MPs return to Parliament in early September. The Bill follows commitments made in the Queen’s Speech in June, and will effectively copy the EU General Data Protection Regulation (“GDPR”) into the UK statute book. The Bill’s primary aim is to ensure that the UK retains the same data protection laws as the rest of the EU once it leaves the EU, which is likely to be in March 2019.

On July 31, 2017, the Federal Trade Commission announced that it has approved modifications to TRUSTe’s safe harbor program under the Children’s Online Privacy Protection Rule (the “COPPA Rule”).

On July 28, 2017, the FTC published the second blog post in its “Stick with Security” series. As we previously reported, the FTC will publish an entry every Friday for the next few months focusing on each of the 10 principles outlined in its Start with Security Guide for Businesses. This week’s post, entitled “Start with security – and stick with it,” looks at key security principles that apply to all businesses regardless of their size or the types of data they handle.

With less than one year to go before the EU General Data Protection Regulation (“GDPR”) comes into force, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams and AvePoint have launched the second annual GDPR Organizational Readiness Survey. Last year, over 220 predominantly multinational organizations participated in the study which focused on key areas of impact and change under the GDPR such as consent, legitimate interest, data portability, profiling, DPIAs, DPOs, data transfers and privacy management programs. This year’s study revisits these important areas of impact and further considers additional topics.