Privacy & Information Security Law Blog

On March 11, 2009, the operators of Germany's leading social networks, which include "schuelerVZ," "studiVZ,"  "lokalisten" and "wer-kennt-wen," signed a 17-page Code of Conduct by the Association for Voluntary Self-Regulation of Multimedia Service Providers (the “Code”) in order to protect children and young people. The Code of Conduct aims to improve data protection and consumer protection in social networks and, in particular, to protect young people against harassment. The Code requires that a privacy notice be displayed directly after the registration process and ...

On 2 March 2009, a Belgian Criminal court (Tribunal correctionnel de Termonde, No. DE 20.95.16/08/25) fined Yahoo! Inc., €55,000 ($71,745) for refusing to disclose to a Belgian Public Prosecutor the personal data of its e-mail users who were under criminal investigation for fraud. The Criminal court also imposed a daily penalty fee of €10,000 ($13,045) in a case of non-compliance with the judgment.  This decision was reached despite Yahoo!’s argument that Belgian law did not apply because the company does not maintain a legal entity in Belgium and does not store any customer data in Belgium.

On February 16, 2009, the US-Swiss Safe Harbor Framework, which is comparable to the EU-US Safe Harbor Framework, was adopted. The US-Swiss framework is intended to simplify the transfer of personal data by Swiss companies to American companies that are self-certified with the US Department of Commerce (DOC). Self-certified US companies are bound by the principles contained in the framework. They will automatically be considered as providing an adequate level of data protection under Swiss law.

Read more about EU data protection updates.

Former Silicon Valley entrepreneur Rod Beckstrom has tendered his resignation from the post of Director of United States National Cybersecurity Center, effective March 13, 2009.  In his resignation letter to Secretary of Homeland Security Janet Napolitano, Mr. Beckstrom complained of inadequate funding and criticized the National Security Agency’s dominant role in “most national cyber efforts.”  He characterized this arrangement as “bad strategy” because “intelligence culture is very different than a network operations or security culture,” and he argued ...

The Federal Trade Commission, the Asia-Pacific Economic Cooperation forum, and the Organisation for Economic Co-operation and Development are hosting a multinational workshop on "Securing Personal Data in the Global Economy" in Washington, D.C. on March 16-17, 2009. In anticipation of that workshop, the Centre for Information Policy Leadership at Hunton & Williams LLP is releasing this white paper with ten key recommendations for data breach and information security policy, drawn from published research and extensive experience with data breaches, breach notices, and ...

The Information Commissioner’s Office (the “ICO”) has conducted a dawn raid on a business which operated a covert database containing details of 3,213 workers in the construction industry (the “Database”). Subscribers included over 40 construction companies, publicly named by the ICO, who used the database to vet prospective employees, without their knowledge or consent.

A former computer security consultant was sentenced Wednesday to four years in federal prison for fraud stemming from his involvement with a cyber-crime ring that used botnets to infect an estimated 250,000 computers.  He has also been ordered to pay $20,000 in restitution to companies defrauded by the scheme.  The 27 year-old California man made history last year when he became the first "bot herder" in the United States to plead guilty to wiretapping charges in connection with the use of botnets.  His guilty plea included admissions of accessing protected computers to conduct fraud and disclosing illegally intercepted electronic communications, as well as wire and bank fraud.  He faced up to 60 years in prison and $1.75 million in fines.

Emerging economies developing privacy laws are confronted with two challenges: how best to protect the privacy interests of local citizens and how to put in place privacy governance that assures companies and individuals outside the economy that information that flows into the region is properly protected and secured.  The APEC Privacy Framework provides sound guidance for drafters engaged in this effort.  By recognizing that privacy reflects the mores and values of local culture, it provides an approach to privacy protection that can be adapted to reflect the needs of local citizens within a widely recognized and adopted architecture.  At the same time, it sets out requirements for strong security, compliance with rules governing the use and management of data and cross-border cooperation for dispute resolution and enforcement. 

The UK Advertising Standards Authority (“ASA”) recently upheld a complaint under the UK Committee of Advertising Practice Code (“CAP Code”) which requires UK marketers to obtain the explicit consent of consumers before disclosing their personal information to third parties for direct marketing purposes.

The Standing Committee of the National People’s Congress recently passed an amendment to the P.R.C. Criminal Law.  The amendment includes a provision imposing criminal liability on persons who misappropriate personal information during the course of performing their professional duties.  A previous Hunton & Williams Client Alert reported on the amendment that has now become effective as law.