Privacy & Information Security Law Blog

Hunton & Williams LLP announces the firm’s Global Privacy and Cybersecurity practice was again ranked in Tier 1 by Chambers & Partners in their 2015 Global and USA guides. Over the last eight years, the firm has been recognized by Chambers Global, Chambers UK and Chambers USA as a Tier 1 firm for privacy and data protection. As noted by Chambers USA, the practice lawyers “have established themselves as real leaders in this area.”

On May 26, 2015, the Upper House of the Dutch Parliament passed a bill that introduces a general obligation for data controllers to notify the Dutch Data Protection Authority (“DPA”) of data security breaches and provides increased sanctions for violations of the Dutch Data Protection Act. A Dutch Royal Decree still needs to be adopted to set the new law’s date of entry into force. According to the Dutch DPA, the new law is likely to come into force on January 1, 2016.

On May 25, 2015, the French Data Protection Authority (“CNIL”) released its long-awaited annual inspection program for 2015. Under French data protection law, the CNIL may conduct four types of inspections: (1) on-site inspections (i.e., the CNIL may visit a company’s facilities and access anything that stores personal data); (2) document reviews (i.e., the CNIL may require an entity to send documents or files upon written request); (3) hearings (i.e., the CNIL may summon representatives of organizations to appear for questioning and provide other necessary information); and (4) since March 2014, online inspections.

After a number of high-profile data breaches, corporate cybersecurity is facing increased scrutiny and attention from consumers, the government and the public. In a webinar, entitled Cyber Insurance: Addressing Your Risks and Liabilities, hosted by Hunton & Williams LLP and CT, Hunton & Williams partners Lon A. Berk and Lisa J. Sotto provide a background into the current cyber threats and educate companies and their counsel on how to take full advantage of their existing insurance programs and specialized cyber insurance products to effectively and proactively address cyber ...

On May 20, 2015, the Federal Communications Commission (“FCC”) released an Enforcement Advisory announcing that its previously-released Open Internet Order “applies the core customer privacy protections of Section 222 of the Communications Act to providers of broadband Internet access service” and that the statutory provisions of Section 222, which historically have been used to protect Consumer Proprietary Network Information on telephone networks, will apply to broadband providers when the Open Internet Order goes into effect on June 12, 2015. This approach will expand broadband providers’ requirements to protect consumer privacy and limit their use of consumer data.

On May 13, 2015, the Belgian Data Protection Authority (the “DPA”) published a recommendation addressing the use of social plug-ins associated with Facebook and its services (the “Recommendation”). The Recommendation stems from the recent discussions between the DPA and Facebook regarding Facebook’s privacy policy and the tracking of individuals’ Internet activities.

On May 7, 2015, the Digital Advertising Alliance (“DAA”) announced that, as of September 1, 2015, the Council of Better Business Bureaus and the Direct Marketing Association will begin to enforce the DAA Self-Regulatory Principles for Online Behavioral Advertising and the Multi-Site Data Principles (collectively, the “Self-Regulatory Principles”) in the mobile environment.

On May 5, 2015, the Financial Crimes Enforcement Network of the U.S. Treasury Department (“FinCEN”), in coordination with the U.S. Attorney’s Office for the Northern District of California (“USAO”), announced a civil monetary penalty of $700,000 against Ripple Labs, Inc. (“Ripple Labs”) and its subsidiary XRP II, LLC (“XRP II”) for violations of the Bank Secrecy Act (“BSA”). This assessment represents the first BSA enforcement action against a virtual currency exchanger by FinCEN. The fine coincides with a settlement agreement between Ripple Labs, XRP II and the USAO to resolve any criminal and civil liability arising out of these activities, the terms of which include a $450,000 forfeiture and full cooperation by Ripple Labs in the ongoing investigation.

On May 11, 2015, the French Data Protection Authority (“CNIL”) and the UK Information Commissioner’s Office (”ICO”) announced that they will participate in a coordinated online audit to assess whether websites and apps that are directed toward children, and those that are frequently used by or popular among children, comply with global privacy laws. The audit will be coordinated by the Global Privacy Enforcement Network (“GPEN”), a global network of approximately 50 data protection authorities (“DPAs”) from around the world.

On May 5, 2015, the Centre for Information Policy Leadership at Hunton & Williams (“CIPL”) filed comments in English and Portuguese on Brazil’s draft law “on the processing of personal data to protect the personality and dignity of natural persons” (the “Draft Law”).