Privacy & Information Security Law Blog

On December 12, 2013, Fred H. Cate, Senior Policy Advisor in the Centre for Information Policy Leadership at Hunton & Williams LLP (the “Centre”), submitted comments in response to the National Institute of Standards and Technology’s (“NIST’s”) Preliminary Cybersecurity Framework (the “Preliminary Framework”). On October 22, NIST issued the Preliminary Framework, as required by the Obama Administration’s February 2013 executive order, Improving Critical Infrastructure Cybersecurity (“Executive Order”), and solicited comments on the Framework. The Preliminary Framework includes standards, methodologies, procedures and processes that align policy, business and technological approaches to address cyber risks.

As we previously reported, on October 21, 2013, the European Parliament approved its Compromise Text of the proposed EU General Data Protection Regulation (the “Proposed Regulation”). Hunton & Williams has now published an analysis of these proposals.

On November 15, 2013, the People’s Bank of China (the “PBOC”) issued its Administrative Measures for Credit Reference Agencies (the “Measures”) – eight months after the Administrative Regulations on the Credit Information Collection Sector (the “Regulations”) became effective on March 15, 2013. The Measures, which will take effect on December 20, 2013, were formulated to enhance the supervision and regulation of credit reference agencies and to promote positive developments in the credit information services sector.

On November 21, 2013, the Supreme People’s Court of China passed the Provisions on the Online Issuance of Judgment Documents by People’s Courts (the “Provisions”), which will take effect on January 1, 2014. The Provisions replace earlier rules (of the same title) enacted by the Supreme People’s Court on November 8, 2010, and generally focus on improved implementation of the principles of standardizing the online issuance of judgment documents, promoting judicial justice and enhancing the public credibility of the judiciary.

On December 2, 2013, the Federal Trade Commission announced that it will host a series of seminars to examine the privacy implications of three new areas of technology used to track, market to and analyze consumers: mobile device tracking, predictive scoring and consumer-generated health data. The seminars will address (1) businesses tracking consumers using signals from the consumers’ mobile devices, (2) the use of predictive scoring to determine consumers’ access to products and offers, and (3) consumer-generated information provided to non-HIPAA covered websites and apps. The FTC stated that the intention of the seminars is to bring attention to new trends in big data and their impact on consumer privacy.

On December 5, 2013, the Federal Trade Commission announced a proposed settlement with mobile app developer Goldenshores Technologies, LLC (“Goldenshores”) following allegations that Goldenshores’ privacy policy for its popular Brightest Flashlight Free app deceived consumers regarding how the app collects information, including geolocation information, and how that information may be shared with third parties. Brightest Flashlight Free, developed for the Android operating system, allows its users to use their cell phones as flashlights.

On November 28, 2013, the UK government published a paper in response to its March 2013 consultation on cybersecurity standards (“Response Paper”), and announced that it will create a new cybersecurity standard. The original consultation concluded in October 2013.

On December 5, 2013, Lisa J. Sotto, partner and head of the Global Privacy and Cybersecurity practice at Hunton & Williams LLP, was featured in Law360’s “Female Powerbrokers” Q&A series. The series focuses on female lawyers and their personal experiences as they have grown into leadership positions within their respective firms. Here is an excerpt from Sotto’s interview:

On December 3, 2013, Lawrence Strickling, Department of Commerce Assistant Secretary for Communications and Information, spoke at the American European Community Association Conference in Brussels on Data Protection: The Challenges and Opportunities for Individuals and Businesses. Strickling discussed the Obama Administration’s commitment to “preserving the dynamism and openness of the Internet, enhancing the free flow of information, and strengthening our Internet economy.” He addressed the issues surrounding U.S. surveillance operations and the European Commission’s recent report on Safe Harbor. Strickling also provided a progress report on improvements to consumer privacy protection since the White House released its Consumer Privacy Bill of Rights in February 2012, including an update on the National Telecommunications and Information Administration’s (“NTIA’s”) multistakeholder process to develop industry codes of conduct.

On December 3, 2013, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) announced a new multistakeholder process to develop a code of conduct regarding the commercial use of facial recognition technology. The first meeting is set for February 6, 2014 in Washington, D.C., and will provide stakeholders with background on the privacy issues associated with facial recognition technology, including how facial recognition technology currently is being used by businesses and how it may be used in the near future. The February meeting is open to all interested stakeholders and will be available for viewing via webcast. Additional meetings are planned for the spring and summer of 2014.