Privacy & Information Security Law Blog

On November 20, 2012, the UK Information Commissioner’s Office (“ICO”) published “Anonymisation: Managing Data Protection Risk Code of Practice” (the “Code”). The purpose of the Code is to provide organizations with a framework for assessing the risks of anonymization. It also sets forth good practice recommendations that may be adopted by organizations to provide a “reasonable degree of confidence” that the publication and sharing of anonymized data will not lead to an “inappropriate disclosure of personal data.” The published Code follows a consultation on the same topic earlier this year. The ICO also announced the creation of the UK Anonymisation Network, which will promote the sharing of good practices related to anonymization across the public and private sectors.

On November 9, 2012, a federal District Court in Washington certified a national class and a Washington state sub-class in an action alleging that Papa John’s International, Inc. (“Papa John’s”) violated the Telephone Consumer Protection Act (“TCPA”) by sending unsolicited text messages advertising its pizza products. The court determined that plaintiffs had standing and satisfied all other requirements for class certification.

On December 5, 2012, at 1:00 p.m. EST, the U.S. Department of Commerce’s International Trade Administration (“ITA”) will be hosting a webinar to discuss data privacy issues. Webinar participants will hear from Commerce privacy experts on the Obama Administration’s privacy blueprint. There also will be an update on significant international data privacy developments such as the Asia-Pacific Economic Cooperation (“APEC”) forum’s work to implement the Cross-Border Privacy Rules (“CBPRs”) system and the U.S.-European Union and U.S.-Swiss Safe Harbor ...

In a joint-agency media conference and press release with the Federal Trade Commission today, the Consumer Financial Protection Bureau (“CFPB”) used the “rulemaking-through-enforcement” method of regulation to create several de-facto guidelines for what is “unfair, deceptive, or abusive” in mortgage advertising. Bypassing the more arduous rulemaking process, the CFPB published “sample warning letters” that effectively made the following advertising practices illegal:

Following the launch of Hunton & Williams’ Data Protection Executive Briefing Paper on the proposed EU Data Protection Regulation, we are pleased to announce that on November 29, 2012, we will host a further workshop to explore the challenges facing processors under the draft Regulation. In this workshop, attendees will:

• Explore how obligations on processers are likely to expand significantly;
• Learn how these new obligations will affect both processors and controllers; and
• Create a checklist for preparing for the changes ahead.

On November 13-15, 2012, delegates at the IAPP Europe Data Protection Congress in Brussels were given insight into how discussions with key policymakers are progressing. As European Parliament rapporteur and Member of the European Parliament Jan Philipp Albrecht aims to finalize the reform of the EU Data Protection Directive by the end of the current European Parliament’s mandate in 2014, this ambitious goal faces numerous hurdles.

In partnership with SC Magazine, we are pleased to announce that on November 22-23, 2012, SC Magazine will host its 2012 Virtual Summit “Tackling the Big 3: Clouds, Consumerisation, Cybercrime,” featuring Hunton & Williams partner Bridget Treacy. Following a year of sharp increases in data breaches and regulatory fines, the SC Summit will explore and focus on cybercrime, mobile devices and cloud security – three key priorities for 2013. Bridget Treacy and Paul Swarbrick, Chief Information Security Officer and Head of Cybersecurity for National Air Traffic Services, will open the Summit with their keynote presentation, “Where’s the Danger? From Cybercrime to Consumerisation to the Cloud, Today’s Most Potent Threats Unmasked.” Paul will discuss the data security issues that keep him awake at night and Bridget will offer vital, current perspective on the ever-changing legal landscape.

On November 8, 2012, the 84th Conference of the German Data Protection Commissioners concluded in Frankfurt (Oder). This bi-annual conference provides a private forum for the 16 German state data protection authorities (“DPAs”) and the Federal Commissioner for Data Protection and Freedom of Information Peter Schaar to share their views on current issues, discuss relevant cases and adopt Resolutions aimed at harmonizing how data protection law is applied across Germany.

On November 10, 2012, the German working group on technical and organizational data protection matters published guidelines (in German) on the technical and organizational separation requirements for automated data processing on shared IT systems (the “Guidelines”). The working group is part of the Conference of the German Data Protection Commissioners, which recently concluded its 84th Conference in Frankfurt (Oder).

The UK Information Commissioner’s Office (“ICO”) recently published a questionnaire to gather feedback on how privacy seals might be used to improve data protection compliance and customer privacy awareness. The questionnaire is available online until November 30, 2012.