Privacy & Information Security Law Blog

On July 10, 2015, the United States House of Representatives passed the 21st Century Cures Act (the “Act”), which is intended to ease restrictions on the use and disclosure of protected health information (“PHI”) for research purposes.

On July 14, 2015, pursuant to an implementation requirement of Government Regulation 82 of 2012, the Indonesian government published the Draft Regulation of the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems (“Proposed Regulation”). The Proposed Regulation addresses the protection of personal data collected by a variety of government agencies, enumerates the rights of those whose personal data is collected and the obligations of users of Information Communication Technology. Agencies to which the Proposed Regulation would apply include: the Directorate General of Immigration, which manages passport data; the Financial Services Authority, which regulates financial sector data; the Bank Indonesia, which regulates banking data; the Indonesian Consumers Foundation, which regulates protection of consumer data; the National Archives; and the Ministry of Health, which regulates health data and archives. The government provided a 10-day comment period for the proposal.

On July 6, 2015, the Standing Committee of the National People’s Congress of the People’s Republic of China published a draft of the country’s proposed Network Security Law (the “Draft Cybersecurity Law”). A public comment period on the Draft Cybersecurity Law is now open until August 5, 2015.

On July 9, 2015, Hunton & Williams LLP hosted a webinar on the Proposed EU General Data Protection Regulation: Preparing for Change (Part 1). Hunton & Williams partner and head of the Global Privacy and Cybersecurity practice Lisa Sotto moderated the session, which was led by speakers Bridget Treacy, managing partner of the firm’s London office; Wim Nauwelaerts, managing partner of the firm’s Brussels office; and Jörg Hladjk, counsel in the firm’s Brussels office. Together the speakers presented an overview of the proposed EU General Data Protection Regulation, discussed ...

On June 16, 2015, the Article 29 Working Party (the “Working Party”) adopted an Opinion on Privacy and Data Protection Issues relating to the Utilization of Drones (“Opinion”). In the Opinion, the Working Party provides guidance on the application of data protection rules in the context of Remotely Piloted Aircraft Systems, commonly known as “drones.”

On July 9, 2015, the National Telecommunications and Information Administration (“NTIA”) announced the launch of its first cybersecurity multistakeholder process, in which representatives from across the security and technology industries will meet in September to discuss vulnerability research disclosure.

On June 29, 2015, Lisa J. Sotto, partner and head of the Global Privacy and Cybersecurity practice at Hunton & Williams LLP, was profiled in a Crain’s New York Business article entitled Lawyer Goes Into the Breach. The feature highlights the Hunton & Williams privacy team and the tireless work they do for their clients. Here is an excerpt from the article:

“Ms. Sotto came to her corner of the financial world a decade ago, after years working as an environmental lawyer. Spearheading Superfund cases was rewarding, but she was intrigued by the then-nascent field of mopping up messes for ...

How do we focus on individuals and ensure meaningful control and the empowerment of individuals in the modern information age? What data privacy tools would drive empowerment in the digital world of today and tomorrow, perhaps more effectively and more nimbly than traditional individual consent? At a time when many countries are legislating or revising their data privacy laws and organizations are searching for best practices to embed in their business models, these questions are more relevant today than ever. In an article published on July 2, 2015, in the International Association of Privacy Professionals’ Privacy Perspective, entitled Empowering Individuals Beyond Consent, Bojana Bellamy and Markus Heyder of the Centre for Information Policy Leadership at Hunton & Williams argue that consent is no longer the best or only way to provide control and protect individuals. There are alternative and additional tools in our toolkit that can deliver effective data privacy and greater individual empowerment.

Richard Thomas, former UK Information Commissioner and Global Strategy Advisor to the Centre for Information Policy Leadership, was invited to a unique event in Scotland last week.

Peter Hustinx, who retired as the European Data Protection Supervisor at the end of 2014, was awarded the Honorary Degree of Doctor of Science in Social Science by the University of Edinburgh.

On June 30, 2015, the French Data Protection Authority (the “CNIL”) summarized the results of the cookie inspections it conducted at the end of 2014.