On May 30, 2013, the French Data Protection Authority (“CNIL”) launched a public consultation on the digital “right to be forgotten.”
The CNIL recalled that the principle of a digital “right to be forgotten” is established in the Proposed EU Data Protection Regulation and that this new right will have to be exercised in accordance with freedom of expression, freedom of the press and the duty of remembrance.
In this context, the CNIL decided to consult web users with a goal of defining the broad outlines of the digital right to be forgotten. The CNIL also announced that it will ...
Hunton & Williams LLP is pleased to announce the firm’s global Privacy and Data Security practice again ranked in “Band 1” in 2013 Chambers USA, Chambers Global and Chambers UK.
Global practice group leader Lisa Sotto, who was recently named among The National Law Journal’s “The 100 Most Influential Lawyers in America,” was recognized in Chambers USA as a “Star” performer, the guide’s highest ranking. Sotto was the only privacy lawyer in the U.S. to receive this distinguished ranking. In the same guide, New York partner Aaron Simpson was highlighted for his notable work in advising on global privacy and data security matters.
On May 29, 2013, a bill, accompanied by an explanatory memorandum, was proposed in the Australian Parliament that requires businesses and government agencies that experience a serious data breach to notify affected individuals and the Office of the Australian Information Commissioner (“OAIC”). The proposed legislation requires organizations to notify individuals only when they are “significantly affected” by a “serious” data breach. Breaches that merely pose a “remote risk” of harm would not require notification. The factors organizations should assess when determining whether a breach is “serious” include: (1) harm to a person’s reputation, (2) economic harm, (3) financial harm, and (4) physical and psychological harm. Additionally, the bill specifies that implementing regulations may identify other situations that would require notification even if the breach does not give rise to a risk of serious harm. Organizations should notify affected individuals through the normal method of communication they have previously used to communicate with those individuals. Absent a normal method of prior communication, organizations must take reasonable steps to notify the affected individuals via email, telephone or postal mail. If passed, the legislation would become effective in March 2014.
On May 13, 2013, the Article 29 Working Party (the “Working Party”) adopted an Advice Paper on profiling (the “Advice Paper”). The Advice Paper serves as the national data protection authorities’ contribution to the ongoing legislative debate before the European Parliament and the Council of the European Union on the proposed EU General Data Protection Regulation (the “Proposed Regulation”).
On June 3, 2013, Privacy Piracy host Mari Frank will interview Lisa J. Sotto, partner and head of the Global Privacy and Data Security practice at Hunton & Williams LLP, on KUCI 88.9 FM radio in Irvine, California. Listen to the latest developments in cybersecurity, including legal issues businesses should consider when dealing with cybersecurity threats and the types of information being targeted. The radio interview will be featured at 8:00 a.m. Pacific Time on KUCI 88.9 FM and is available via audio streaming at www.kuci.org
On May 20, 2013, the Estonian Data Protection Inspectorate issued its Annual Report 2012 (the “Report,” summary available in English). The number of inquiries, complaints and supervision proceedings have remained the same over the last few years. The main topics of complaints include employment relations, CCTV, electronic direct marketing and social media. The Inspectorate stated that its primary goal is to stop violations of the law, not to impose sanctions. According to the Report, the Inspectorate issued orders regarding compliance in 48 cases and imposed fines in 39 cases.
On May 23, 2013, the Office of the Privacy Commissioner of Canada (“OPC”) issued a position paper (the “Paper”) proposing revisions to the Personal Information Protection and Electronic Documents Act (“PIPEDA”) to better align PIPEDA with the risks facing a modern information economy. Privacy Commissioner of Canada Jennifer Stoddart addressed the release of the Paper in her remarks at the IAPP Canada Privacy Symposium, stating that “[i]t is increasingly clear that the law is not up to the task of meeting the challenges of today – and certainly not those of tomorrow.” According to the Paper, the surge in the collection, availability and use of personal data has upset the balance between the privacy rights of individuals and the legitimate needs of businesses originally struck by PIPEDA. In response, the Paper proposes four general revisions to PIPEDA:
On May 21, 2013, the Department of Health and Human Services (“HHS”) announced a resolution agreement and $400,000 settlement with Idaho State University (“ISU”) for a breach that affected 17,500 individuals.
The ISU settlement relates to servers that had their firewall protections disabled, which left the electronic protected health information (“ePHI”) of patients at ISU’s Pocatello Family Medicine Clinic unsecured for at least ten months. Following the submission of a breach report to the HHS Office for Civil Rights (“OCR”), an investigation determined that ISU allegedly had not complied with HIPAA Security Rule requirements, including by conducting an incomplete and inadequate risk analysis and by failing to “adequately implement procedures to regularly review records of information system activity to determine if any ePHI was used or disclosed in an inappropriate manner.”
On May 9, 2013, the Federal Communications Commission (“FCC”) released a declaratory ruling clarifying the liability of a seller for violations of the Telemarketing Consumer Protection Act (“TCPA”) made by third-party telemarketers and others who place calls to market the seller’s products or services.
On May 20, 2013, the Irish Office of the Data Protection Commissioner (“ODPC”) published its annual report for 2012 (the “Report”). The Report summarizes the activities of the ODPC during 2012, including its investigations and audits, policy matters, and European and international activities.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Disclosure
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition
- Facial Recognition Technology
- FACTA
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Legislature
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Online Behavioral Advertising
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Paul Tiao
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- WeProtect Global Alliance
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code