On February 28, 2013, the Centre for Information Policy Leadership at Hunton & Williams LLP (the “Centre”) announced the release of “Big Data and Analytics: Seeking Foundations for Effective Privacy Guidance,” a paper intended to help organizations and policymakers develop a governance framework for using analytics in a way that protects privacy and promotes innovation. The paper, which is the product of an industry-sponsored initiative led by the Centre, suggests a two-phase approach that separates how organizations discover what data can reveal from how those insights are applied to knowledge development and decisionmaking. This approach lays the foundation for workable, effective governance.
On February 26, 2013, the United States Supreme Court decided in Clapper v. Amnesty International that U.S. persons who engage in communications with individuals who may be potential targets of surveillance under the Foreign Intelligence Surveillance Act (“FISA”) lack standing to challenge the statute’s constitutionality. The Supreme Court determined that the plaintiffs’ alleged injuries were not “certainly impending” and that the measures they claimed to have taken to avoid surveillance were not “fairly traceable” to the challenged statute. Although this 5-4 decision would not be considered a “privacy” or “data breach” case, the Court’s analysis will have a significant impact on such cases going forward, and may thwart the ability of individuals affected by data breaches to assert standing based on possible future harm.
On February 28, 2013, a White House official confirmed that President Obama will nominate Edith Ramirez as Chair of the Federal Trade Commission. Ramirez, who has served as an FTC Commissioner since April 2010, will replace outgoing Chairman Jon Leibowitz, who announced his departure earlier this month.
Prior to being nominated to the FTC in 2010, Ramirez worked as an attorney in private practice, focusing on litigation and antitrust issues. Ramirez has been an active participant in the Asia-Pacific Economic Cooperation Data Privacy Subgroup and the development of the APEC ...
Following up on its February 5, 2013 consultation paper, Singapore’s Personal Data Protection Commission has issued two additional public consultation papers concerning the guidelines the Commission is empowered to issue under the new data protection law. The first proposed set of advisory guidelines examines key concepts in the Personal Data Protection Act (“PDPA”), with thorough discussions of definitions as well as data protection obligations set forth in the PDPA. The second paper addresses selected topics: analytics and research, anonymization, employment, use of national ID numbers and online activities. In addition, the Commission has produced a cover note on how to submit comments on these public consultations.
On February 22, 2013, the Federal Trade Commission announced that it had settled charges against HTC America, Inc. (“HTC”) alleging that the mobile device manufacturer “failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.” This settlement marks the FTC’s first case against a mobile device manufacturer.
On February 26, 2013, the National Institute of Standards and Technology (“NIST”) issued a Request for Information (“RFI”) to gather comments regarding the development of a framework to reduce cybersecurity risks to critical infrastructure. As we previously reported, the Obama Administration’s executive order, Improving Critical Infrastructure Cybersecurity (the “Executive Order”), released on February 12, 2013, directs NIST to coordinate development of this framework. Under the Executive Order, NIST is charged with collaborating with industry partners and identifying existing international standards and practices that have proven effective.
On February 20, 2013, Hunton & Williams LLP hosted a webinar on cybersecurity risks and the Obama Administration’s recently-issued Executive Order on cybersecurity issues related to critical infrastructure. The webinar, entitled “The Cybersecurity Executive Order: Understanding Its Impact on Your Business,” covered issues such as the current threat landscape, U.S. and EU regulatory initiatives related to cybersecurity, and guidelines to help businesses prevent and manage cyber events.
The Executive Order, “Improving Critical Infrastructure Cybersecurity,” and the Presidential Policy Directive (“PPD”), “Critical Infrastructure Security and Resilience,” signed by President Obama on February 12, 2013, raise the stakes in the national debate over cybersecurity requirements and seem likely, if not designed, to provoke a legislative response. Industry has good reason to pay attention.
On February 8, 2013, during the Centre for Information Policy Leadership’s First Friday call, Hunton & Williams partner Frederick Eames offered insights on how key U.S. government players are likely to approach privacy and data security initiatives this session. Eames discussed upcoming privacy legislation and outlined his predictions regarding how several Congressional committees, including the House of Representatives Energy & Commerce Committee and the Senate Committee on Commerce, Science, & Transportation, will address privacy-related issues.
On February 12, 2013, the Obama Administration released its highly-anticipated Executive Order on cybersecurity. Evolving cyber threats and increased government attention to these issues will affect companies in every industry, and businesses must consider a proactive approach to protecting against risks to critical business systems, company personal data, intellectual property and other proprietary information.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- Age Appropriate Design Code
- Age Verification
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Audit
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Consumer Rights
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cross-Border Data Transfer
- Cyber Attack
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Protection Officer
- Data Transfer
- David Dumont
- David Vladeck
- Deceptive Trade Practices
- Delaware
- Denmark
- Department of Commerce
- Department of Defense
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Design
- Digital Markets Act
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DORA
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Electronic Protected Health Information
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- Financial Data
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Geolocation Data
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- HIPAA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- Iowa
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Large Language Model
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Louisiana
- Madrid Resolution
- Maine
- Malaysia
- Maryland
- Massachusetts
- Meta
- Mexico
- Michigan
- Microsoft
- Minnesota
- Missouri
- Mobile
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- North Dakota
- North Korea
- Norway
- Obama Administration
- OCPA
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Online Behavioral Advertising
- Online Privacy
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Poland
- PRISM
- Privacy By Design
- Privacy Notice
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Profiling
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk Assessment
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Salesforce
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Sensitive Data
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- States Attorney General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code