Privacy & Information Security Law Blog

On April 8, 2016, the Council of the European Union (the “Council”) will adopt its position on the EU General Data Protection Regulation (“GDPR”). The General Secretariat of the Council of the EU sent a Note (the “Note”) asking the Permanent Representatives Committee to use the “written procedure” to adopt the Council's position. The adoption of the Council's position was initially planned for a vote on April 21, 2016, during the next Justice and Home Affairs Council, but the Council has decided to expedite the process for adoption by using the “written procedure,” which is an exceptional procedure that does not include public deliberation.

On March 24, 2016, Tennessee Governor Bill Haslam signed into law S.B. 2005, as amended by Amendment No. 1 to S.B. 2005 (the “Bill”), which makes a number of changes to the state’s data breach notification statute, Tenn. Code § 47-18-2107. The amendments take effect on July 1, 2016.

Chambers & Partners ranked Hunton & Williams LLP’s Global Privacy and Cybersecurity practice in Band 1 in the recently released 2016 Global guide. The firm has been recognized by Chambers Global as a Band 1 firm, global-wide, for data protection for the past nine years. As noted by Chambers Global, the team is a “[t]op-ranked firm with notable strength negotiating with regulators and advising on compliance programmes.”

On March 18, 2016, a report was released by a joint team from the North American Electric Reliability Corporation’s Electricity Information Sharing Analysis Center and SANS Industrial Control Systems. According to the report, the cyber attack against a Ukrainian electric utility in December 2015 that caused 225,000 customers to lose power for several hours was based on months of undetected reconnaissance that gave the attackers a sophisticated understanding of the utility’s supervisory control and data acquisition networks.

On March 17, 2016, Bojana Bellamy, President of the Centre for Information Policy Leadership (“CIPL”), participated on a panel of experts at a hearing in front of the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE Committee”) about the new EU-U.S. Privacy Shield for commercial transfers of EU personal data to the U.S.

On March 22, 2016, the Ministry of Commerce of the People’s Republic of China published drafts of its proposed (1) Specifications for Business Services in Mobile E-commerce (“Mobile E-commerce Specifications”) and (2) Specifications for Business Services in Cross-border E-commerce (“Cross-border E-commerce Specifications”). A public comment period on these drafts is now open. Comments will be accepted until May 31, 2016.

On March 23, 2016, the Chairwoman of the French Data Protection Authority (“CNIL”) opened proceedings that will lead to the release of a compliance pack on connected vehicles.

The CNIL announced that the compliance pack will contain guidelines regarding the responsible use of personal data for the next generation of vehicles. It will assist various stakeholders in the industry prepare for the General Data Protection Regulation.

On March 16, 2016, and March 17, 2016, respectively, the Department of Health and Human Services (“HHS”) announced resolution agreements with North Memorial Health Care of Minnesota (“North Memorial”) and The Feinstein Institute for Medical Research (“Feinstein Institute”) over potential violations of the HIPAA Privacy Rule.

On March 21, 2016, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that it has commenced Phase 2 of the HIPAA Audit Program. Phase 1 of the HIPAA Audit Program ran from 2011-2012 and produced several notable findings, including that two-thirds of covered entities had not performed a risk assessment as required by the HIPAA Security Rule.

On March 22, 2016, the UK government confirmed Elizabeth Denham as its preferred candidate to replace Christopher Graham as Information Commissioner. Subject to a pre-scrutiny hearing by the Culture, Media and Sports Select Committee and final approval from Her Majesty the Queen, Denham would begin her five-year term in mid-2016.