Privacy & Information Security Law Blog

On June 3, 2013, the French Data Protection Authority (“CNIL”) published an article outlining the importance of binding corporate rules (“BCRs”) for data processors, and describing how to use them.

On June 5, 2013, Hunton & Williams hosted a seminar in the firm’s London office: Tracking the Draft EU Regulation ̶ General Update and the Concept of the “One-Stop Shop.” Bridget Treacy, Rosemary Jay and Tim Hickman of Hunton & Williams gave a presentation on the operation and effects of the “consistency mechanism” to be introduced in the proposed General Data Protection Regulation. The June 5 update was the most recent in Hunton & Williams’ ongoing series of Executive Briefings on the Proposed Regulation. The consistency mechanism is intended to ensure that, once the ...

On June 6, 2013, a group of 300 gathered in Santa Marta, Colombia, the second oldest city in South America, for the First Latin America Congress on Data Protection. The Congress was organized by Colombia’s data protection authority, the Superintendency of Industry and Commerce, and the Centre for Information Policy Leadership at Hunton & Williams LLP. “Latin America is very important to Centre member companies, and education is a key element of the Centre’s Latin America Project. So, we were very pleased to help the Superintendent organize the program,” said Centre President Marty Abrams.

On May 30, 2013, the European Court of Justice held that Sweden failed to fulfill its obligations under EU law when it delayed complying with the Court’s 2010 ruling regarding the country’s implementation of the EU Data Retention Directive 2006/24/EC (the “Data Retention Directive”). The Court ordered Sweden to pay a lump sum of €3,000,000.

On May 31, 2013, the Council of the European Union’s Justice and Home Affairs released a draft compromise text in response to the European Commission’s proposed General Data Protection Regulation (the “Proposed Regulation”). This compromise text narrows the scope of the Proposed Regulation and seeks to move from a detailed, prescriptive approach toward a risk-based framework.

On May 29, 2013, Hunton & Williams hosted a webinar, A Discussion on the Proposed EU Regulation: Developing a More Creative Approach. Hunton & Williams partner Bridget Treacy moderated the session with former UK Information Commissioner Richard Thomas, Global Strategy Advisor of the Centre for Information Policy Leadership at Hunton & Williams. Richard Thomas discussed the need for a more creative and flexible approach to the proposed EU General Data Protection Regulation, with better-defined outcomes and targeting businesses that present the greatest risks. He also ...

On June 3, 2013, Privacy Piracy host Mari Frank interviewed Lisa J. Sotto, partner and head of the Global Privacy and Data Security practice at Hunton & Williams LLP, on KUCI 88.9 FM radio in Irvine, California. Listen to the latest developments in cybersecurity, including legal issues businesses should consider when dealing with cybersecurity threats and the types of information being targeted.

Access the radio interview.

On May 30, 2013, the French Data Protection Authority (“CNIL”) launched a public consultation on the digital “right to be forgotten.”

The CNIL recalled that the principle of a digital “right to be forgotten” is established in the Proposed EU Data Protection Regulation and that this new right will have to be exercised in accordance with freedom of expression, freedom of the press and the duty of remembrance.

In this context, the CNIL decided to consult web users with a goal of defining the broad outlines of the digital right to be forgotten. The CNIL also announced that it will ...

Hunton & Williams LLP is pleased to announce the firm’s global Privacy and Data Security practice again ranked in “Band 1” in 2013 Chambers USA, Chambers Global and Chambers UK.

Global practice group leader Lisa Sotto, who was recently named among The National Law Journal’s “The 100 Most Influential Lawyers in America,” was recognized in Chambers USA as a “Star” performer, the guide’s highest ranking. Sotto was the only privacy lawyer in the U.S. to receive this distinguished ranking. In the same guide, New York partner Aaron Simpson was highlighted for his notable work in advising on global privacy and data security matters.

On May 29, 2013, a bill, accompanied by an explanatory memorandum, was proposed in the Australian Parliament that requires businesses and government agencies that experience a serious data breach to notify affected individuals and the Office of the Australian Information Commissioner (“OAIC”). The proposed legislation requires organizations to notify individuals only when they are “significantly affected” by a “serious” data breach. Breaches that merely pose a “remote risk” of harm would not require notification. The factors organizations should assess when determining whether a breach is “serious” include: (1) harm to a person’s reputation, (2) economic harm, (3) financial harm, and (4) physical and psychological harm. Additionally, the bill specifies that implementing regulations may identify other situations that would require notification even if the breach does not give rise to a risk of serious harm. Organizations should notify affected individuals through the normal method of communication they have previously used to communicate with those individuals. Absent a normal method of prior communication, organizations must take reasonable steps to notify the affected individuals via email, telephone or postal mail. If passed, the legislation would become effective in March 2014.