Privacy & Information Security Law Blog

Hunton & Williams is pleased to announce the release of its newly designed and mobile-responsive Privacy and Information Security Law Blog, www.huntonprivacyblog.com.

“Our award-winning blog has served the entire privacy community — from companies and practitioners to international regulators,” said Lisa Sotto, who heads the firm’s global privacy and cybersecurity practice. “This new version of Hunton & Williams’ privacy blog offers our audience greater access to information in real time and more interactive features, which are critical in this fast-changing arena.”

As reported in Bloomberg BNA, on April 1, 2015, the White House announced that President Obama has signed a new executive order providing the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, the ability to impose sanctions on individuals and entities that engage in certain cyber-enabled activities. The signed executive order, entitled Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities (the “Executive Order”), focuses on blocking the property or interests in property located in the United States of persons engaging in cyber-enabled activities that cause a significant threat to the national security, foreign policy, economic health or financial stability of the U.S. (collectively, the “Significant Threat”).

As part of its ongoing Brazil outreach initiative, a delegation of the Centre for Information Policy Leadership at Hunton & Williams (“CIPL”) is in Brasilia and Rio de Janeiro the week of March 23, 2015. The delegation will meet with Brazilian government representatives, organizations and experts to discuss global privacy law and best practice developments and other issues of mutual interest, as well as a joint global privacy dialogue workshop in Brazil planned for later this year.

On March 23, 2015, the Federal Trade Commission announced the formation of the Office of Technology Research and Investigation (“OTRI”), which the FTC describes as “an office designed to expand the FTC’s capacity to protect consumers in an age of rapid technological innovation.”

On March 24, 2015, the CNIL announced the implementation of a new procedure that will simplify the registration formalities for French affiliates of groups that have implemented Binding Corporate Rules (“BCRs”).

On November 16, 2015, the Federal Trade Commission will host a workshop in Washington, D.C., to examine the benefits and privacy risks associated with “cross-device tracking.” The workshop intends to highlight the types of cross-device tracking techniques and how businesses and consumers can benefit from these practices. The workshop also will address related privacy and security risks, and discuss whether self-regulatory programs apply to these practices.

On March 13, 2015, the U.S. Department of Commerce Internet Policy Task Force (“IPTF”) issued a request for public comment regarding cybersecurity issues affecting the digital economy. The IPTF’s request invites all stakeholders interested in cybersecurity to “identify substantive cybersecurity issues that affect the digital ecosystem and digital economic growth where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers.” For each issue identified, the IPTF’s request for comment asks interested parties to opine on a series of questions, including (1) why the issue is suited to a multistakeholder process and (2) why a multistakeholder process would benefit the digital ecosystem.

On March 4, 2015, the House of Representatives of Washington passed a bill (HB 1078), which would amend the state’s breach notification law to require notification to the state Attorney General in the event of a breach and impose a 45-day timing requirement for notification provided to affected residents and the state regulator. The bill also mandates content requirements for notices to affected residents, including (1) the name and contact information of the reporting business; (2) a list of the types of personal information subject to the breach; and (3) the toll-free telephone numbers and address of the consumer reporting agencies. In addition, while Washington’s breach notification law currently applies only to “computerized” data, the amended law would cover hard-copy data as well.

On March 9, 2015, the Federal Trade Commission announced that it has entered into a Memorandum of Understanding (the “Memorandum”) with the Dutch Data Protection Authority (the “Dutch DPA”).

On March 4, 2015, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) announced a new multistakeholder process seeking comments on best practices concerning privacy, transparency and accountability issues related to the use of commercial and private unmanned aircraft systems (“UAS”), otherwise known as drones. The NTIA’s request was made in response to a Presidential Memorandum issued by the White House on February 15 which directed NTIA to facilitate discussion between private sector entities to develop standards for commercial UAS use.