Privacy & Information Security Law Blog

In a recent video segment, “What Do You Do with a Hacked Law Firm?”, from Mimesis Law’s Cy-Pher Executive Roundtable held in May, Lisa Sotto, chair of the firm’s Global Privacy and Cybersecurity practice, and other privacy professionals discussed the Federal Trade Commission’s jurisdiction in bringing enforcement actions against law firms in a breach event. “There’s no reason why law firms are exempt from [those actions],” says Sotto. However, if the information lost is financial information or trade secrets rather than personal information, “it’s not ...

On June 13, 2016, the U.S. government expressed its wish to join the legal proceedings brought by Max Schrems concerning the validity of international data transfers under EU Standard Contractual Clauses.

Along with the U.S. government, the Irish Business and Employers Confederation and the Business Software Alliance, an industry trade group, also informed Ireland’s High Court of their desire to be added to the case as amici curiae, or "friends of the court."

In a recent video published by Mimesis Law, Lisa Sotto, chair of the firm’s Global Privacy and Cybersecurity practice, was interviewed during Mimesis Law’s Cy-Pher Executive Roundtable in New York. Sotto, along with several other privacy professionals, discussed the risks that law firms face in protecting their clients’ confidential information, as well as their own data. “[Law firms] are seeing multiple restrictions from clients imposing safeguards on [firms] with respect to their data,” explains Sotto. “Companies that work with law firms need to understand ...

On May 19, 2016, Hunton & Williams LLP and The Advisory Board Company hosted a webinar on How to Discuss Cybersecurity with Your C-Suite and Board of Directors. Hunton partner Matthew Jenkins moderated the session, and speakers included partner Paul Tiao, member of the firm’s Global Technology and Privacy practice, and The Advisory Board Company’s Chief Information Security Officer and Senior Research Director. Together, they provided insight and advice on how to have a productive conversation about security and risk with the most senior leaders in a health care ...

On June 2, 2016, the European Union and the U.S. signed an Umbrella Agreement, which will implement a comprehensive data protection framework for criminal law enforcement cooperation. The agreement is not yet in effect and additional procedural steps are needed to finalize the agreement. The European Council will adopt a decision on the Umbrella Agreement after obtaining consent from the European Parliament.

The Federal Trade Commission announced that it will host a workshop on September 15, 2016, “Putting Disclosures to the Test,” on the efficacy and costs of consumer disclosures in advertising and privacy policies. Planned discussion topics include examining disclosures meant to avoid deception in advertising, disclosures designed to inform consumers of data tracking, and industry-specific disclosures for jewelry, environmental and fuel-saving claims. The workshop is open to the public and will take place at the FTC’s Constitution Center offices in Washington, D.C ...

On June 1, 2016, a new do-not-call list (the “BLOCTEL list”) was implemented in France. French residents who do not wish to receive marketing phone calls may register their landline or mobile phone number online at www.bloctel.gouv.fr.

In a recently published decision, the Belgian Court of Cassation confirmed the broad interpretation given to the “right to be forgotten” by a Belgian Court of Appeal (i.e., Cour d’Appel de Liège, 2013/RG/393, September 25, 2014).

The judgment was rendered in a case initiated by an individual against a Belgian newspaper for not complying with a request to remove from its online archives an article from 1994 regarding a car accident causing the death of two persons in which the individual was involved.

On May 30, 2016, the European Data Protection Supervisor (“EDPS”) released its Opinion (the “Opinion”) on the EU-U.S. Privacy Shield (the “Privacy Shield”) draft adequacy decision. The Privacy Shield was created to replace the previous Safe Harbor framework invalidated by the Court of Justice of the European Union (“CJEU”) in the Schrems decision.

On May 26, 2016, the European Parliament approved a resolution calling for the European Commission to reopen negotiations with U.S. authorities on the EU-U.S. Privacy Shield (“Privacy Shield”), and to implement the recommendations of the Article 29 Working Party (“Working Party”) on the draft Privacy Shield adequacy decision.

The Working Party had previously published its recommendations in an Opinion regarding the draft decision issued by the European Commission on adequacy of the protection provided by the Privacy Shield. In the Opinion, the Working Party highlighted a number of key issues concerning access to European personal data by law enforcement and government agencies, and also recommended a number of changes to ensure that European citizens’ data are adequately protected.