Privacy & Information Security Law Blog

In our August 2009 blog post on data protection issues in China, we noted that there was no uniform Chinese law that specifically addresses the protection of personal data, and that it seemed likely that Chinese personal information protection law would continue to develop as a patchwork of piecemeal regulations. This remains true today, and developments since our previous article was published have in fact reinforced this assumption. In the past year and a half, new laws affecting personal information protection in China have arisen in various forms, including a consumer ...

On February 14, 2011, Senator Patrick Leahy (D-VT), Chairman of the Senate Judiciary Committee, announced the creation of a subcommittee on Privacy, Technology and the Law.  The subcommittee will be chaired by Senator Al Franken (D-MN), and its jurisdiction will include oversight of laws and policies that govern the commercial collection, use and dissemination of personal information.  Senator Franken said, “The boom of new technologies…has also put an unprecedented amount of personal information into the hands of large companies that are unknown and unaccountable to the ...

On February 10, 2011, the California Supreme Court ruled in Pineda v. Williams-Sonoma Stores, Inc. that ZIP codes are “personal identification information” under the state’s Song-Beverly Credit Card Act of 1971 (the “Credit Card Act”).  This finding effectively prohibits California businesses from requesting and recording cardholders’ ZIP codes during credit card transactions.

Reporting from Israel, legal consultant Dr. Omer Tene writes:

In a sweeping, 91-page decision issued last week, the Israeli National Labor Court severely restricted employers’ ability to monitor employee emails.  In its opinion, the Court made strong statements concerning the suspect nature of employee consent and mandated the implementation of principles of legitimacy, transparency, proportionality, purpose limitation, access, accuracy, confidentiality and security.  The Court stated that, given the constitutional status of the right to privacy, exemptions to the Privacy Protection Act, 1981, must be interpreted narrowly.

On February 8, 2011, the German Federal Commissioner for Data Protection and Freedom of Information issued a concept paper setting forth concrete suggestions for the creation of a Data Protection Foundation (the “Foundation”). The German government has reserved a budget of €10 million to establish the Foundation, which it plans to do in 2011.

On February 10, 2011, Representative Bobby Rush (D-Ill.) re-introduced the BEST PRACTICES Act (H.R. 611), which aims to provide consumers with meaningful choices about the collection, use and disclosure of their personal information. As we reported last year, Rush initially introduced the BEST PRACTICES Act in July 2010.  H.R. 611 contains no substantive changes to the original legislation (H.R. 5777), and does not include a Do Not Track mechanism.

In a press release issued today, Rush stated that he does not oppose Do Not Track, contending that “[i]n fact, in order for ...

On February 11, 2011, Representative Jackie Speier (D-Calif.) introduced two pieces of legislation that, in her words, “send a clear message—privacy over profit.” The Do Not Track Me Online Act of 2011 (HR 654), would direct the Federal Trade Commission to promulgate regulations that establish standards for a “Do Not Track” mechanism. The regulations also would require covered entities to disclose their information practices to consumers, and to respect consumers’ choices regarding the collection and use of their information. 

For the fourth consecutive time, Hunton & Williams LLP was named the top firm for privacy by Computerworld in its 2010 report on “Best Privacy Advisers.”  The survey of more than 4,000 global corporate privacy leaders ranked Hunton & Williams #1 overall, citing the firm’s extensive experience and global presence.  Computerworld reported that, “Hunton [& Williams] attracted more than twice as many votes as its nearest challenger.”  In a breakdown by focus categories, Hunton & Williams also received top honors from respondents working in the financial services and ...

The National Institute of Standards and Technology (“NIST”) has issued draft Guidelines on Security and Privacy in Public Cloud Computing (SP 800-144) (the “Guidelines”) for public comment. The Guidelines provide an overview of the security and privacy challenges pertinent to public cloud computing, and identify considerations for organizations outsourcing data, applications and infrastructure to a public cloud environment. The Guidelines are intended for use by federal agencies. Use in nongovernmental settings is voluntary.

On February 3, 2011, the German Federal Commissioner for Data Protection and Freedom of Information issued a press release announcing that it has approved the privacy policy formulated by Deutsche Post DHL.  This allows Deutsche Post DHL to transfer personal data abroad in accordance with its privacy policy without having to obtain approval in individual cases.  Deutsche Post DHL is the first German company to have its binding corporate rules (“BCRs”) approved at the European level, following an extensive consultation process among EU data protection authorities.