Privacy & Information Security Law Blog

As always, the privacy team at Hunton & Williams continues to closely monitor the latest global developments in data protection, privacy and cybersecurity, including progress on the proposed EU General Data Protection Regulation. To keep you informed, we will be hosting regular, 30-minute webcasts to provide brief updates on the most pressing issues. These Hunton Global Privacy Update sessions will take place every two months. Please join us on September 19, 2013, at 11:00 a.m. EDT, for the first Hunton Global Privacy Update webcast.

On August 22, 2013, Hunton & Williams partner Paul M. Tiao was featured on CNBC’s Fast Money discussing NASDAQ’s recent crash. In the feature, “Are markets ready for cyber threats?”, Tiao talked about the steps the financial services industry has taken to protect against significant cybersecurity incidents, including “putting in best-of-breed information security policies” and “working across the industry to share information in a way that many other industries are not.”

View the video coverage now.

This week a new breach notification regulation takes effect across the EU. The Regulation on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC (the “Regulation”) specifies the technical measures of how Internet service providers, telecommunications providers and other public electronic communications service (“ECS”) providers must notify of data breaches.

On August 1, 2013, the United States District Court for the District of Minnesota denied a criminal defendant’s motion to suppress, holding that the defendant had no reasonable expectation of privacy in computer files he shared on a peer-to-peer network.

On August 15, 2013 the Federal Trade Commission announced a settlement with Certegy Check Services, Inc. (“Certegy”) stemming from allegations that Certegy violated various provisions of the Fair Credit Reporting Act (“FCRA”). The settlement agreement includes a $3.5 million civil penalty for “knowing violations ... that constituted a pattern or practice of violations.”

On August 15, 2013, the Federal Trade Commission announced that it is seeking public comment regarding a proposed mechanism to obtain verifiable parental consent in accordance with the new Children’s Online Privacy Protection Rule (the “COPPA Rule”) that came into effect July 1, 2013. The COPPA Rule requires operators of certain websites and online services to obtain a parent’s consent before collecting personal information online from a child under 13.

On August 14, 2013, the Department of Health and Human Services (“HHS”) announced a resolution agreement and $1,215,780 settlement with Affinity Health Plan (“Affinity”) stemming from a security breach that affected approximately 350,000 individuals.

On September 30, 2013, Hunton & Williams LLP will host a panel discussion with the U.S. Department of Commerce on The Latest International Data Privacy Developments. The panel will take place in Hunton & Williams’ New York office from 5:30 – 7:00 p.m. EDT, with a cocktail reception following the presentation. The Department of Commerce’s International Trade Administration (“ITA”) will brief participants on important international data privacy issues, including:

On August 12, 2013, Privacy Piracy host Mari Frank interviewed Paul M. Tiao on KUCI 88.9 FM radio in Irvine, California. Paul is a partner in the Washington, D.C. office of Hunton & Williams, and the former Senior Counselor for Cybersecurity and Technology to the Director of the Federal Bureau of Investigation. The interview included discussion of hot-button electronic surveillance issues such as the PRISM surveillance program and private sector management of government data requests.

On August 9, 2013 the UK Information Commissioner’s Office (“ICO”) published a new code of practice providing guidance to organizations on how to respond to subject access requests (the “Code”). The Code follows a public consultation on a draft code during 2012 and 2013.