Privacy & Information Security Law Blog

After much debate, the final version of the EU General Data Protection Regulation (“GDPR”) is expected to be adopted by the European Parliament this week and to take effect in early 2018. The GDPR will significantly change EU data protection law in several areas, affecting all businesses in the energy, financial, health care, real estate, manufacturing, retail, technology and transportation industries, among others. To assist in-house lawyers and privacy professionals with understanding the new GDPR and planning ahead for implementation, Hunton & Williams’ Privacy and Cybersecurity practice lawyers have released The EU General Data Protection Regulation, a Guide for In-House Lawyers covering these strategic areas:

On March 30 through April 1, 2016, the 2016 Nuclear Industry Summit meetings took place in Washington D.C. In the nuclear industry, the issue of cybersecurity has grown steadily in importance over the past decade. This has been most apparent in the increasing attention and effort paid to cyber-based threats under the biennial Nuclear Industry Summit and its international meetings.

Team helps companies devise legal strategies to enhance security and mitigate threat risk.

On April 4, 2016, Hunton & Williams LLP announced the formation of a Cyber and Physical Security Task Force to assist companies in minimizing the risks and consequences of a serious security incident. The task force is being led by global privacy and cybersecurity head Lisa Sotto, cybersecurity partner Paul Tiao, and energy partner Kevin Jones, and includes lawyers from a wide range of practice groups within the firm.

On April 6, 2016, the Federal Trade Commission formally welcomed the updated Recommendation on Consumer Protection in E-commerce (the “Recommendation”) issued by the Organization for Economic Cooperation and Development (“OECD”) on March 24, 2016, endorsing the Recommendation’s broadened scope and increased consumer protections that “are designed to strengthen consumers’ trust in the expanding electronic marketplace.”

On March 24, 2016, the Grand National Assembly of Turkey approved the Law on Personal Data Protection, which is Turkey’s first comprehensive data protection legislation. The law will become effective once it is ratified by Turkey’s President and published in the Official Gazette of the Republic of Turkey.

On April 8, 2016, the Council of the European Union (the “Council”) will adopt its position on the EU General Data Protection Regulation (“GDPR”). The General Secretariat of the Council of the EU sent a Note (the “Note”) asking the Permanent Representatives Committee to use the “written procedure” to adopt the Council's position. The adoption of the Council's position was initially planned for a vote on April 21, 2016, during the next Justice and Home Affairs Council, but the Council has decided to expedite the process for adoption by using the “written procedure,” which is an exceptional procedure that does not include public deliberation.

On March 24, 2016, Tennessee Governor Bill Haslam signed into law S.B. 2005, as amended by Amendment No. 1 to S.B. 2005 (the “Bill”), which makes a number of changes to the state’s data breach notification statute, Tenn. Code § 47-18-2107. The amendments take effect on July 1, 2016.

Chambers & Partners ranked Hunton & Williams LLP’s Global Privacy and Cybersecurity practice in Band 1 in the recently released 2016 Global guide. The firm has been recognized by Chambers Global as a Band 1 firm, global-wide, for data protection for the past nine years. As noted by Chambers Global, the team is a “[t]op-ranked firm with notable strength negotiating with regulators and advising on compliance programmes.”

On March 18, 2016, a report was released by a joint team from the North American Electric Reliability Corporation’s Electricity Information Sharing Analysis Center and SANS Industrial Control Systems. According to the report, the cyber attack against a Ukrainian electric utility in December 2015 that caused 225,000 customers to lose power for several hours was based on months of undetected reconnaissance that gave the attackers a sophisticated understanding of the utility’s supervisory control and data acquisition networks.

On March 17, 2016, Bojana Bellamy, President of the Centre for Information Policy Leadership (“CIPL”), participated on a panel of experts at a hearing in front of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE Committee”) about the new EU-U.S. Privacy Shield for commercial transfers of EU personal data to the U.S.