With data breaches and the new cookies rules never far from the press or industry agendas, and with a new European framework on the horizon, the past year has been a busy one for the Information Commissioner’s Office (ICO). Its Annual Report for 2011/12, along with a companion webcast, reflect this changing privacy landscape. Both offer useful insights into the ICO’s priorities for the coming year.
In terms of enforcement action (perhaps one of the most
By Brian Murray
The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as the application of existing privacy and security requirements to it–subjects on which the FCC last solicited public input five years ago. As the FCC acknowledged
By Jennifer Archie, Kevin Boyle and Ghaith Mahmood
As the home of the largest online and mobile businesses and platforms, and no doubt seeking to maintain the reputation of her state as one of those leading the nation in enactment and enforcement of privacy laws and regulations, California Attorney General Kamala D. Harris on Thursday announced the formation of a Privacy Enforcement and Protection Unit within the Office of the Attorney General.
The unit is intended to enforce laws related to
By Simon Berry and Daisy Shen
Questions often arise about the scope of a data user’s obligations to respond to data subject access requests. Hong Kong’s Privacy Commissioner for Personal Data offers some guidance in a recently issued Guidance Note (Guidance on Proper Handling of Data Access Request and Charging of Data Access Request Fee by Data Users).
The Guidance Note addresses, among other matters/questions:
By Lijie Han
China’s internet and telecoms industry regulator, the Ministry of Industry and Information Technology (MIIT), recently released two draft regulations for public comment, namely, the amended Measures on the Administration of Internet Information Services (IIS Measures) and the Notice Regarding Strengthening the Administration of Network Access for Smart Mobile Devices (Smart Mobile Notice).
The draft IIS Measures were issued on June 7, 2012 and are meant to supersede the original measures promulgated on September 25, 2000. Among
By Gail Crawford and Amy Taylor
It seems somewhat fitting to blog about the USA Patriot Act on this Fourth of July. On the second day of the annual Privacy Laws & Business conference in Cambridge, Peter McLaughlin, senior counsel at Foley & Lardner, took to the floor with the aim of “distinguishing fact and fiction about the scope of the law and its impact on companies outside the United States” for a predominantly European audience.
In the last slot of the
By Gail Crawford and Amy Taylor
Privacy professionals from more than 20 countries are gathered in Cambridge, England, to discuss privacy challenges in today’s world at the 25th annual Privacy Laws & Business conference.
Professor Michael Birnhack, Professor of Law at Tel Aviv University and Visiting Associate Fellow at the Institute of Advanced Legal Studies, University of London, kicked off the conference on Monday–day one of the three-day event–aptly setting the scene with a session on the
The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public clouds with seven key steps, summarized below, to be followed by cloud customers:
1. Identify the types of data and the data processing that could
By Jennifer Archie and Suan Ambler-Ebersole
Second Highest HIPAA Settlement Amount to Date and First Paid by a State
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced Tuesday that it had reached a settlement with Alaska’s state Medicaid agency, the Department of Health and Social Services (DHSS) for $1,700,000 arising out of potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.
In October 2009 a
By Gail Crawford, Amy Taylor, and Ben Wright
The UK Information Commissioner’s Office (ICO) 12-month grace period for enforcing compliance with the new cookie consent rules has now expired. If you are not yet compliant, you need to take action.
Over the course of the 12-month grace period, we have seen guidance released from, amongst others, the ICO, setting out its interpretation of the new rules; the International Chamber of Commerce (ICC), working with industry to publish a
