Privacy & Information Security Law Blog

On April 25, 2014, a judge in the U.S. District Court for the Southern District of New York ruled that Microsoft must release user data to U.S. law enforcement when issued a search warrant, even if the data is stored outside of the U.S.

On April 23, 2014, the Department of Health and Human Services (“HHS”) announced settlements with two health care companies stemming from allegations of inadequate information security practices in the wake of investigations involving stolen laptop computers. Concentra Health Services (“Concentra”) and QCA Health Plan Inc. (“QCA”) will collectively pay nearly $2 million to settle the claims.

On April 20, 2014, Hunton & Williams partner Paul M. Tiao was featured on Platts Energy Week discussing the importance of the homeland security partnership between electric utility companies and the U.S. government. In the feature, “U.S. Utilities Wary of Sharing Grid Risks,” Tiao talked about the recent leak to The Wall Street Journal of a sensitive internal memo at the Federal Energy Regulatory Commission that revealed potential vulnerabilities in the electricity grid. Tiao said that many utility companies want to work with federal agencies to protect homeland security ...

On April 16, 2014, the Article 29 Working Party (the “Working Party”) sent a letter (the “Letter”) to Lilian Mitrou, Chair of the Working Group on Information Exchange and Data Protection (the “DAPIX”) of the Council of the European Union, to support a compromise position on the one-stop-shop mechanism within the proposed EU General Data Protection Regulation (the “Proposed Regulation”).

On April 23, 2014, Brazilian President Dilma Rousseff enacted the Marco Civil da Internet (“Marco Civil”), Brazil’s first set of Internet regulations. The Marco Civil was approved by the Brazilian Senate on April 22, 2014. President Rousseff signed the law at the NETMundial Internet Governance conference in São Paulo, a global multistakeholder event on the future of Internet governance.

On April 9, 2014, the Article 29 Working Party (the “Working Party”) issued an Opinion on using the “legitimate interests” ground listed in Article 7 of the EU Data Protection Directive 95/46/EC as the basis for lawful processing of personal data. Citing “legitimate interests” as a ground for data processing requires a balancing test, and it may be relied on only if (1) the data processing is necessary for the legitimate interests of the controller (or third parties), and (2) such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. With the Opinion, the Working Party aims to ensure a common understanding of this concept.

On April 10, 2014, Kentucky Governor Steve Beshear signed into law a data breach notification statute requiring persons and entities conducting business in Kentucky to notify individuals whose personally identifiable information was compromised in certain circumstances. The law will take effect on July 14, 2014.

On April 10, 2014, the Article 29 Working Party (the “Working Party”) adopted Opinion 04/2014. The Opinion analyzes the implications of electronic surveillance programs on the right to privacy and provides several recommendations for protecting EU personal data in the surveillance context.

On April 9, 2014, the Federal Trade Commission announced settlements with two data brokers, Instant Checkmate, Inc. (“Instant Checkmate”) and InfoTrack Information Services, Inc. (“InfoTrack”), which sell public record information about consumers. The settlements stem from allegations that Instant Checkmate and InfoTrack violated various provisions of the Fair Credit Reporting Act (“FCRA”). According to the press release, the FTC asserts that the companies violated the FCRA by “providing reports about consumers to users such as prospective employers and landlords without taking reasonable steps to make sure that they were accurate, or without making sure their users had a permissible reason to have them.”

On April 10, 2014, the Article 29 Working Party (the “Working Party”) issued a letter (the “Letter”) to Viviane Reding, Vice-President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, expressing its views on the European Commission’s ongoing revision of the EU-U.S. Safe Harbor Framework.