Privacy & Information Security Law Blog

As reported in the Hunton Employment & Labor Perspectives Blog:

Illinois recently joined a growing number of states and municipalities that have passed “ban the box” laws regulating when employers can inquire into an applicant’s criminal history.

On July 30, 2014, the European Commission announced two new EU standards to help users of Radio Frequency Identification (“RFID”) smart chips and systems comply with both EU data protection requirements and the European Commission’s 2009 Recommendation on RFID. Among other suggestions, the Recommendation discussed the development of a common European symbol or logo to indicate whether a product uses a smart chip. One of the new standards will provide companies with a framework for the design and display of such a logo. The logo will inform consumers of the presence of RFID chips (for example, when using electronic travel passes or purchasing items with RFID tags). The Commission reiterated that such smart chips should be deactivated by default immediately, and free of charge, at the point of sale.

On July 31, 2014, the Federal Trade Commission published a notice in the Federal Register indicating that it is seeking public comment on its Telemarketing Sales Rule (“TSR”) as “part of the FTC’s systematic review of all current Commission regulations and guides.” In the press release accompanying the Federal Register notice, the FTC stated that its questions for the public focus on (1) the use and sharing of pre-acquired account information in telemarketing, and (2) issues raised by the use of negative-option and free-trial offers in combination with general media ads designed to generate inbound telemarketing calls from consumers. The FTC’s review process comes less than a year after the Federal Communications Commission’s revisions to its Telephone Consumer Protection Act rules became effective.

On July 1, 2014, Delaware Governor Jack Markell signed into law a bill that creates new safe destruction requirements for the disposal of business records containing consumer personal information. The new law requires commercial entities conducting business in Delaware to take reasonable steps to destroy their consumers’ “personal identifying information” prior to the disposal of electronic or paper records. The law will take effect on January 1, 2015.

Once again, the American Bar Association Journal is compiling its annual list of the 100 best legal blogs, and readers are invited to nominate blawgs they “read regularly and think other lawyers should know about.” We would appreciate you showing your support by submitting a nomination for Hunton & Williams’ Privacy and Information Security Law Blog. PR News named Hunton & Williams’ Privacy Blog the Best Legal PR Blog of 2011.

Submissions will be accepted through Friday, August 8.

The EU Sub-Committee on Home Affairs, Health and Education of the UK House of Lords has published its Second Report for 2013-14, entitled EU Data Protection Law: A 'Right to Be Forgotten'? (the “Report”). The Report summarizes the findings of the Sub-Committee’s investigation into the right to be forgotten, and was triggered in large part by the European Court of Justice’s (“ECJ’s”) decision in Google v. Costeja (Case C-131/12, “Costeja”). In Costeja, the ECJ held that individuals have a right to request that their personal data no longer be displayed by online search engines in the results for searches made on the basis of the individual’s name, particularly if the information is inadequate, irrelevant or excessive (commonly referred to as the “right to be forgotten”).

On July 22, 2014, the Data Security Council of India (“DSCI”) announced that it has deemed Vodafone India Limited (“Vodafone”) a “DSCI Privacy Certified” organization. The certification, which is designed to help companies “demonstrate the privacy practices to relevant stakeholders and enhance trust,” is the first for a telecommunications company in India.

On July 15, 2014, Hunton & Williams’ Global Privacy and Cybersecurity practice group hosted the latest webcast in its Hunton Global Privacy Update series. The program covered a number of privacy and data protection topics, including the recent judgment in the Costeja case, the Centre for Information Policy Leadership’s work on a risk-based approach to privacy, the new Canadian anti-spam legislation that went into effect on July 1, and other developments in the U.S. and EU.

On July 16, 2014, the Federal Trade Commission posted revisions to its Frequently Asked Questions that provide guidance on complying with the Children’s Online Privacy Protection Rule (the “COPPA Rule”). The revisions, which are in Section H of the FAQs, address the COPPA Rule requirement that operators of certain websites and online services obtain a parent’s consent before collecting personal information online from a child under the age of 13.

On July 17, 2014, the Belgian government announced that it has finalized its Royal Decree on the establishment of a Cybersecurity Center (Centrum Cyber Security België or Centre Cyber Security Belgique). The Cybersecurity Center’s tasks would be to monitor the country’s cybersecurity and manage cyber incidents. It also would oversee various cybersecurity projects, formulate legislative proposals relating to cybersecurity, and issue standards and guidelines for securing public sector IT systems. The Cybersecurity Center is expected to be operational by the end of ...