Privacy & Information Security Law Blog

On August 20, 2015, the Centre for Information Policy Leadership at Hunton & Williams (“CIPL”) filed comments to the Indonesian Draft Regulation proposed by the Minister of Communication and Information (RPM) of the Protection of Personal Data in Electronic Systems. The comments were limited to the issue of cross-border data transfers and were submitted in the form of a new CIPL white paper entitled Cross-Border Data Transfer Mechanisms.

On July 30, 2015, the Bavarian Data Protection Authority (“DPA”) issued a press release stating that it imposed a significant fine on both the seller and purchaser in an asset deal for unlawfully transferring customer personal data as part of the deal.

On August 24, 2015, the United States Court of Appeals for the Third Circuit issued its opinion in Federal Trade Commission v. Wyndham Worldwide Corporation (“Wyndham”), affirming a district court holding that the Federal Trade Commission has the authority to regulate companies’ data security practices.

On August 11, 2015, the Online Trust Alliance, a nonprofit group whose goal is to increase online trust and promote the vitality of the Internet, released a framework (the “Framework”) for best practices in privacy and data security for the Internet of Things. The Framework was developed by the Internet of Things Trustworthy Working Group, which the Online Trust Alliance created in January 2015 to address “the mounting concerns and collective impact of connected devices.”

On August 17, 2015, the Federal Trade Commission announced proposed settlements with 13 companies over allegations that they misled consumers by falsely claiming to be Safe Harbor certified when their certifications had lapsed or they had never been certified at all.

On August 7, 2015, Delaware Governor Jack Markell signed four bills into law concerning online privacy. The bills, drafted by the Delaware Attorney General, focus on protecting the privacy of website and mobile app users, children, students and crime victims.

On May 25, 2015, the Privacy and Big Data Institute at Ryerson University in Canada announced that it is offering a Privacy by Design Certification. Privacy by Design is a “framework that seeks to proactively embed privacy into the design specifications of information technologies” to obtain the most secure data protection possible. Organizations that attain the certification will be permitted to post a “Certification Shield” “to demonstrate to consumers that they have withstood the scrutiny of a rigorous third party assessment, assuring the public that their product or service reflects the viewpoint of today’s privacy conscious consumer.”

On August 3, 2015, Neiman Marcus requested en banc review of the Seventh Circuit’s recent decision in Remijas v. Neiman Marcus Group, LLC, No. 14-3122. As we previously reported, the Seventh Circuit found that members of a putative class alleged sufficient facts to establish standing to sue Neiman Marcus following a 2013 data breach. During that breach, hackers gained access to customers’ credit and debit card information.

On July 28, 2015, the UK Supreme Court announced its decision to grant permission in part for Google Inc. (“Google”) to appeal the England and Wales Court of Appeal’s decision in Google Inc. v Vidal-Hall and Others.

On August 29, 2015, the Centre for Information Policy Leadership at Hunton & Williams (“CIPL”) will host a half-day workshop in Cebu, Philippines, on the APEC Cross-Border Privacy Rules (“CBPR”) and their role in enabling legal compliance and international data transfers. The CBPR are a privacy code of conduct developed by the 21 APEC member economies for cross-border data flows in the Asia-Pacific region.