Privacy & Information Security Law Blog

On November 5, 2015, the Enforcement Bureau of the Federal Communications Commission (“FCC”) entered into a Consent Decree with cable operator Cox Communications to settle allegations that the company failed to properly protect customer information when the company’s electronic data systems were breached in August 2014 by a hacker. The FCC alleged that Cox failed to properly protect the confidentiality of its customers’ proprietary network information (“CPNI”) and personally identifiable information, and failed to promptly notify law enforcement authorities of security breaches involving CPNI in violation of the Communications Act of 1934 and FCC’s rules.

On November 13, 2015, Chief Administrative Law Judge D. Michael Chappell dismissed the FTC’s complaint against LabMD Inc. (“LabMD”) for failing to show that LabMD’s allegedly unreasonable data security practices caused, or were likely to cause, substantial consumer injury. The law judge did not address LabMD’s claim that the FTC does not have jurisdiction to enforce data security standards under the unfairness prong of Section 5 of the FTC Act, and LabMD has reserved its jurisdictional challenge for an anticipated appeal to the federal court. The action is In the Matter of LabMD Inc., Docket No. 9357.

On November 13, 2015, the French Data Protection Authority (“CNIL”) announced its decision in a case against Optical Center, imposing a fine of €50,000 on the company for violations related to the security and confidentiality of its customers’ personal data.

Hunton & Williams LLP announces the firm’s Global Privacy and Cybersecurity practice was again recognized by Chambers UK 2016 and The Legal 500 UK 2015 guides, earning Tier 1 rankings. Chambers UK noted that the practice has a “superbly strong bench of highly experienced counsel adept at advising on the most complex of information law concerns. Particularly accomplished in guiding clients through the privacy implications of new technologies, international data transfers, and BCR applications and implementations.” Additionally, the firm’s European data protection practice leaders are recognized in the “Star” and “Senior Statesman” categories by Chambers UK, the highest categories of rankings. Bridget Treacy, head of the firm’s UK Privacy and Cybersecurity practice, and senior attorney consultant Rosemary Jay, received the top honors of “Star” individuals for data protection. Richard Thomas, formerly the UK Information Commissioner and the firm’s global strategy advisor, was again recognized as a “Senior Statesman.”

As reported in the Hunton Employment & Labor Law Perspectives Blog:

On October 27, 2015, the Ninth Circuit held in EEOC v. McLane Co., Inc. that the EEOC has broad subpoena powers to obtain nationwide private personnel information, including Social Security numbers (“SSNs”), in connection with its investigation of a sex discrimination charge.

In late October, the Brazilian Ministry of Justice (the “Ministry”) issued its revised Draft Bill for the Protection of Personal Data (“Draft Bill”). The Ministry released its preliminary draft in January 2015, and the Centre for Information Policy Leadership at Hunton & Williams LLP (“CIPL”) filed public comments to the draft on May 5, 2015.

On November 5, 2015, the White House released the proposed text of the Trans-Pacific Partnership Agreement (the “TPP”) containing a chapter on cross-border data transfers in the context of electronic commerce. In the chapter on Electronic Commerce, Chapter 14, the TPP includes commitments from participating parties to adopt and maintain a legal framework to protect personal information, and encourages cross-border data transfers to help facilitate business and trade.

On November 2, 2015, Federal Communications Commission (“FCC”) Chairman, Tom Wheeler, indicated in an interview that the agency would take on the issue of broadband privacy within the next several months, most likely in the form of a notice of proposed rulemaking. Chairman Wheeler said that the FCC’s inquiry would look at the privacy practices of “those who provide the networks” (i.e., Internet service providers (“ISPs”)) and how such businesses are protecting their customers’ information.

On November 9, 2015, U.S. District Judge Richard J. Leon issued a preliminary injunction ordering the National Security Agency to stop its bulk telephony metadata program. The preliminary injunction was issued in favor of subscribers of Verizon Wireless Business Network and comes 20 days before the program was set to expire under the USA Freedom Act. The case is Klayman v. Obama et al. (1:13-cv-00851) in the U.S. District Court for the District of Columbia.

On November 6, 2015, the European Commission published a communication and a Q&A document addressed to the European Parliament and European Council on the transfer of personal data from the EU to the U.S. under EU Data Protection Directive 95/46/EC (the “Directive”), following the decision by the Court of Justice of the European Union invalidating the European Commission’s Safe Harbor Decision.