Privacy & Information Security Law Blog

On March 22, 2016, the Ministry of Commerce of the People’s Republic of China published drafts of its proposed (1) Specifications for Business Services in Mobile E-commerce (“Mobile E-commerce Specifications”) and (2) Specifications for Business Services in Cross-border E-commerce (“Cross-border E-commerce Specifications”). A public comment period on these drafts is now open. Comments will be accepted until May 31, 2016.

On March 23, 2016, the Chairwoman of the French Data Protection Authority (“CNIL”) opened proceedings that will lead to the release of a compliance pack on connected vehicles.

The CNIL announced that the compliance pack will contain guidelines regarding the responsible use of personal data for the next generation of vehicles. It will assist various stakeholders in the industry prepare for the General Data Protection Regulation.

On March 16, 2016, and March 17, 2016, respectively, the Department of Health and Human Services (“HHS”) announced resolution agreements with North Memorial Health Care of Minnesota (“North Memorial”) and The Feinstein Institute for Medical Research (“Feinstein Institute”) over potential violations of the HIPAA Privacy Rule.

On March 21, 2016, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that it has commenced Phase 2 of the HIPAA Audit Program. Phase 1 of the HIPAA Audit Program ran from 2011-2012 and produced several notable findings, including that two-thirds of covered entities had not performed a risk assessment as required by the HIPAA Security Rule.

On March 22, 2016, the UK government confirmed Elizabeth Denham as its preferred candidate to replace Christopher Graham as Information Commissioner. Subject to a pre-scrutiny hearing by the Culture, Media and Sports Select Committee and final approval from Her Majesty the Queen, Denham would begin her five-year term in mid-2016.

On March 17, 2016, the Council of the European Union (the “Council”) published a Draft Statement (the “Statement”) regarding the Council’s position at first reading with respect to the adoption of the EU General Data Protection Regulation (“GDPR”). The Statement follows a political agreement on the draft GDPR reached by the Council on February 12, 2016.

On March 14, 2016, the UK Information Commissioner’s Office (“ICO”) published a guide, Preparing for the General Data Protection Regulation (GDPR) – 12 Steps to Take Now. The guide, which is a high-level checklist with accompanying commentary, sets out a number of points that should inform organizations’ data privacy and governance programs ahead of the anticipated mid-2018 entry into force of the GDPR.

On March 9, 2016, Hunton & Williams LLP hosted a webinar regarding the impact of the EU General Data Protection Regulation (“GDPR”) on global companies. Partner Aaron Simpson moderated the session, and speakers included partner and head of the Global Privacy and Cybersecurity practice Lisa Sotto and partner Wim Nauwelaerts. Together, they explored the key components of the GDPR and discussed a roadmap toward compliance.

The webinar was the first segment in a two-part series, and Part 2 will be held in April.

On March 16, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP will co-host a one-day workshop in Amsterdam, Netherlands, together with the Dutch Ministry of Security and Justice, to kick off a new long-term CIPL project on the implementation of the EU General Data Protection Regulation (“GDPR”).

On March 9, 2016, Hunton & Williams’ Global Privacy and Cybersecurity practice lawyers released a management guide on the EU General Data Protection Regulation (“GDPR”), entitled “Overview of the EU General Data Protection Regulation,” addressing the key impacts the new law will have on businesses. This high-level management guide is intended to provide companies with a roadmap to the Regulation, focusing on topics such as expanded territorial scope, data breach notification rules, the One-Stop Shop concept and the right to be forgotten.