Privacy & Information Security Law Blog

On June 9, 2016, the Belgian Privacy Commission (the “Belgian DPA”) published its Annual Activity Report for 2015 (the “Annual Report”) highlighting its main accomplishments.

On June 15, 2016, the U.S. Department of Homeland Security (“DHS”) and U.S. Department of Justice (“DOJ”) jointly issued final guidance on the Cybersecurity Information Sharing Act of 2015 (“CISA”). Enacted in December 2015, CISA includes a variety of measures designed to strengthen private and public sector cybersecurity. In particular, CISA provides protections from civil liability, regulatory action and disclosure under the Freedom of Information Act (“FOIA”) and other open government laws for “cyber threat indicators” (“CTI”) and “defensive measures” (“DM”) that are shared: (1) among businesses or (2) between businesses and the government through a DHS web portal. Congress passed CISA in order to increase the sharing of cybersecurity information among businesses and between businesses and the government, and to improve the quality and quantity of timely, actionable cybersecurity intelligence in the hands of the private sector and government information security professionals.

According to Bloomberg BNA, the EU-U.S. Privacy Shield framework could be approved by the European Commission in early July. The Privacy Shield is a successor framework to the Safe Harbor, which was invalidated by the European Court of Justice in October 2015. Certain provisions of the Privacy Shield documents, previously released by the European Commission on February 29, 2016, have been subjected to criticism by the Article 29 Working Party, the European Parliament and the European Data Protection Supervisor. According to Bloomberg BNA, the previously released draft adequacy decision, one of the Privacy Shield documents released on February 29, 2016, is expected to be modified.

On June 8, 2016, the Federal Trade Commission announced that Practice Fusion, an electronic health records company, agreed to settle FTC charges that the company misled consumers about the privacy of doctor reviews submitted to the company.

In a recent video segment, “What Do You Do with a Hacked Law Firm?”, from Mimesis Law’s Cy-Pher Executive Roundtable held in May, Lisa Sotto, chair of the firm’s Global Privacy and Cybersecurity practice, and other privacy professionals discussed the Federal Trade Commission’s jurisdiction in bringing enforcement actions against law firms in a breach event. “There’s no reason why law firms are exempt from [those actions],” says Sotto. However, if the information lost is financial information or trade secrets rather than personal information, “it’s not ...

On June 13, 2016, the U.S. government expressed its wish to join the legal proceedings brought by Max Schrems concerning the validity of international data transfers under EU Standard Contractual Clauses.

Along with the U.S. government, the Irish Business and Employers Confederation and the Business Software Alliance, an industry trade group, also informed Ireland’s High Court of their desire to be added to the case as amici curiae, or "friends of the court."

In a recent video published by Mimesis Law, Lisa Sotto, chair of the firm’s Global Privacy and Cybersecurity practice, was interviewed during Mimesis Law’s Cy-Pher Executive Roundtable in New York. Sotto, along with several other privacy professionals, discussed the risks that law firms face in protecting their clients’ confidential information, as well as their own data. “[Law firms] are seeing multiple restrictions from clients imposing safeguards on [firms] with respect to their data,” explains Sotto. “Companies that work with law firms need to understand ...

On May 19, 2016, Hunton & Williams LLP and The Advisory Board Company hosted a webinar on How to Discuss Cybersecurity with Your C-Suite and Board of Directors. Hunton partner Matthew Jenkins moderated the session, and speakers included partner Paul Tiao, member of the firm’s Global Technology and Privacy practice, and The Advisory Board Company’s Chief Information Security Officer and Senior Research Director. Together, they provided insight and advice on how to have a productive conversation about security and risk with the most senior leaders in a health care ...

On June 2, 2016, the European Union and the U.S. signed an Umbrella Agreement, which will implement a comprehensive data protection framework for criminal law enforcement cooperation. The agreement is not yet in effect and additional procedural steps are needed to finalize the agreement. The European Council will adopt a decision on the Umbrella Agreement after obtaining consent from the European Parliament.

The Federal Trade Commission announced that it will host a workshop on September 15, 2016, “Putting Disclosures to the Test,” on the efficacy and costs of consumer disclosures in advertising and privacy policies. Planned discussion topics include examining disclosures meant to avoid deception in advertising, disclosures designed to inform consumers of data tracking, and industry-specific disclosures for jewelry, environmental and fuel-saving claims. The workshop is open to the public and will take place at the FTC’s Constitution Center offices in Washington, D.C ...