Privacy & Information Security Law Blog

On April 11, 2022, Federal Trade Commission Chair Lina Khan spoke at the opening of the International Association of Privacy Professionals’ Global Privacy Summit. This speech marks Khan’s first major privacy address since her appointment last June.

On May 3, 2019, the International Association of Privacy Professionals (“IAPP”) honored Centre for Information Policy Leadership (“CIPL”) President Bojana Bellamy with the 2019 IAPP Privacy Vanguard Award during its Global Privacy Summit in Washington, D.C. The IAPP also honored European Data Protection Supervisor Giovanni Buttarelli with its 2019 Privacy Leadership Award. Since the early 2000s the IAPP has recognized professionals and organizations making a difference in the world of privacy through these yearly awards.

In September, the Centre for Information Policy Leadership (“CIPL”) held its second GDPR Workshop in Paris as part of its two-year GDPR Implementation Project. The purpose of the project is to provide a forum for stakeholders to promote EU-wide consistency in implementing the GDPR, encourage forward-thinking and future-proof interpretations of key GDPR provisions, develop and share relevant best practices, and foster a culture of trust and collaboration between regulators and industry.  

On November 20, 2015, Markus Heyder, Vice President of the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP, discussed how “transparency is increasingly understood as a core component of addressing the challenges of the modern information economy” and a key catalyst for a productive and innovative information economy in an article entitled Transparency and the Future of Driverless Privacy published by the International Association of Privacy Professionals.

How do we focus on individuals and ensure meaningful control and the empowerment of individuals in the modern information age? What data privacy tools would drive empowerment in the digital world of today and tomorrow, perhaps more effectively and more nimbly than traditional individual consent? At a time when many countries are legislating or revising their data privacy laws and organizations are searching for best practices to embed in their business models, these questions are more relevant today than ever. In an article published on July 2, 2015, in the International Association of Privacy Professionals’ Privacy Perspective, entitled Empowering Individuals Beyond Consent, Bojana Bellamy and Markus Heyder of the Centre for Information Policy Leadership at Hunton & Williams argue that consent is no longer the best or only way to provide control and protect individuals. There are alternative and additional tools in our toolkit that can deliver effective data privacy and greater individual empowerment.

On February 12, 2015, the International Association of Privacy Professionals (“IAPP”) will host a web conference on The Role of Risk Management in Data Protection – From Theory to Practice. Panelists will include Bojana Bellamy, President of the Centre for Information Policy Leadership at Hunton & Williams (“CIPL”), Fred Cate, Senior Policy Advisor of CIPL, and Hilary Wandall, Associate Vice President, Compliance and Chief Privacy Officer of Merck & Co., Inc. Together, they will lead an online discussion on some of the key considerations in risk assessment and management.

On February 11, 2015, the International Association of Privacy Professionals Australian New Zealand (“iappANZ”) will host a discussion on the risk-based approach to privacy in Sydney, Australia. Richard Thomas, Global Strategy Advisor for the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”), will present the Centre’s contributions to this topic including the outcomes from the workshops held in Paris and Brussels. Other guest speakers include Timothy Pilgrim, Australian Privacy Commissioner; Dr. Elizabeth Coombs, New South Wales Privacy Commissioner; and Olga Ganopolsky, General Counsel of Privacy and Data at Macquarie Group Limited. Together, they will discuss the benefits and challenges of a risk-based approach and the implications for businesses and regulators.

In an article entitled The Rise of Accountability from Policy to Practice and Into the Cloud published by the International Association of Privacy Professinals, Bojana Bellamy, President of the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”), outlines the rapid global uptake of “accountability” as a cornerstone of effective data protection and points to the recent ISO 27018 data privacy cloud standard as one of the latest examples.

At the International Association of Privacy Professionals’ (“IAPP’s”) recent Europe Data Protection Congress in Brussels, the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”) led two panels on the risk-based approach to privacy as a tool for implementing existing privacy principles more effectively and on codes of conduct as a means for creating interoperability between different privacy regimes.

On September 15-16, 2014, the National Institute of Standards and Technology (“NIST”) will sponsor a workshop to further its Privacy Engineering initiative. The workshop will focus on developing draft privacy engineering definitions and concepts that will be explored in a forthcoming NIST report.

On March 18, 2014, Hunton & Williams’ Global Privacy and Cybersecurity practice group hosted the latest webcast in its Hunton Global Privacy Update series. The program focused on some of the recent developments in privacy, including observations from the International Association of Privacy Professionals’ Global Privacy Summit in Washington, D.C., earlier this month, the National Institute of Standards and Technology final Cybersecurity Framework and the Article 29 Working Party’s recent Opinion on Binding Corporate Rules and Cross-Border Privacy Rules.

The Centre for Information Policy Leadership at Hunton & Williams LLP is pleased to announce that Bojana Bellamy, global director of data privacy for Accenture, will be joining the firm as president of the Centre, effective September 2, 2013. Current Centre President, Marty Abrams, who is retiring on September 1, will stay on as an advisor to the Centre.

On November 13-15, 2012, delegates at the IAPP Europe Data Protection Congress in Brussels were given insight into how discussions with key policymakers are progressing. As European Parliament rapporteur and Member of the European Parliament Jan Philipp Albrecht aims to finalize the reform of the EU Data Protection Directive by the end of the current European Parliament’s mandate in 2014, this ambitious goal faces numerous hurdles.

• Mending Fences after a Breach Thursday, March 8, 12:15 p.m. Speakers include: Lisa J. Sotto, partner and head of the Global Privacy and Data Security practice, Hunton & Williams LLP; Susan Grant, Director of Consumer Protection, Consumer Federation of America; and Joanne B. McNabb, Chief, California Office of Privacy Protection.

On July 28, 2011, the International Association of Privacy Professionals (“IAPP”) hosted a webinar that addressed the upcoming audit program of the Department of Health and Human Services Office of Civil Rights (“OCR”).  Susan McAndrew, the Deputy Director for Health Information Privacy at OCR, provided an overview of the audit program, noting that it stemmed from Section 13411 of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.  That section of the HITECH Act authorized the Secretary of the Health and Human Services to “provide for periodic audits to ensure that covered entities and business associates” comply with the requirements of the HIPAA Privacy and Security Rules.

On September 29, 2010, the Centre for Information Policy Leadership (the “Centre”) hosted a pre-conference workshop at the International Association of Privacy Professionals (”IAPP”) Privacy Academy in Baltimore, Maryland.  The tutorial “Accountability on the Ground,” led by Centre Executive Director Marty Abrams, offered practical guidance on the subject of accountability.  The workshop, which featured presentations by Centre member companies, discussed in-depth examples of how organizations can implement an accountability program.

David Vladeck, the head of the Bureau of Consumer Protection at the Federal Trade Commission, shared his vision for consumer privacy protection with an audience at the IAPP’s Privacy Academy on September 30, 2010.  Mr. Vladeck began by reminding the audience that the FTC is aggressively enforcing on privacy and data security matters, having brought 29 cases to date.  Where possible, the FTC joins forces with other federal regulators, such as the Department of Health and Human Services, to seek broad relief that the FTC could not otherwise get on its own.  Mr. Vladeck indicated that the FTC also works closely with the states, citing a recent case in which the FTC filed concurrent settlements with 36 state attorneys general.  Mr. Vladeck stated that the FTC plans to continue to bring cases to ensure that companies “reasonably” safeguard information.

Mr. Vladeck noted three key areas for future enforcement.  The FTC will (1) bring more cases involving “pure” privacy, i.e., cases involving practices that attempt to circumvent consumers’ understanding of a company’s information practices and consumer choices; (2) focus enforcement efforts on new technologies (Mr. Vladeck noted that, to assist staff attorneys in bringing these sorts of cases, the FTC has hired technologists to assist and also have created mobile labs to respond to the proliferation of smart phones and mobile apps); and (3) increase international cooperation on privacy issues (Mr. Vladeck cited the FTC’s recently-announced participation in the Global Privacy Enforcement Network).

Please join us at these great events coming up this fall.  Several members of Hunton & Williams’ Privacy and Information Management team are presenting at these events to discuss the current and evolving privacy and data security issues occurring around the world.

Internet Rights and Technology: A Practical Legal Guide to Doing Business on the Internet – New York City Bar
On September 28, 2010, 6:00 p.m. – 8:45 p.m., the New York City Bar hosts a live program to discuss how the Internet affects various areas of law, including intellectual property, new media, litigation, regulatory and licensing.  The faculty includes Hunton & Williams partner, Aaron P. Simpson, who will lead the Privacy & Data Security session.

Join us next week at the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C., April 19 – 21, 2010.  This year’s summit features three days of intensive programs and networking with more 1,500 privacy professionals.  We also hope you will visit our privacy professionals who are speaking on the following panels:

• The Essential Elements of Accountability and Baking Them into a Privacy Business Process
  Tuesday April 20, 1:15 – 2:15 p.m.
  Speakers include: Marty Abrams, Executive Director of the Centre for Information Policy Leadership and Scott Taylor, CIPP, Chief Privacy Officer of Hewlett-Packard Company.
• Revisiting the Safe Harbor a Decade Later
  Wednesday April 21, 12:15 – 1:15 p.m.
  Speakers include: Lisa J. Sotto, Partner and Head of the Privacy and Information Management Practice at Hunton & Williams LLP; Damon Greer, CIPP, Director, U.S. - EU and Swiss Safe Harbor Framework, U.S. Department of Commerce; and JoAnn Stonier, Global Privacy & Data Usage Officer of MasterCard Worldwide.
• Data Can Be Good: Exploring Alternatives to Data Minimization for Protecting Privacy
  Wednesday April 21, 12:15 – 1:15 p.m.
  Speakers include: Marty Abrams, Executive Director of the Centre for Information Policy Leadership; Fred Cate, Distinguished Professor of Indiana University and Senior Policy Advisor of the Centre for Information Policy Leadership; and Stan Crosley, CIPP, Co-Director of Indiana University Center for Strategic Health Information Provisioning and Principal of Crosley Law Offices, LLC. The program is moderated by Jane Horvath, CIPP, CIPP/G, Senior Privacy Counsel of Google, Inc.

In conjunction with the celebration of its 10th anniversary on March 16, the International Association of Privacy Professionals is releasing a white paper on the future of the privacy profession entitled, “A Call for Agility: The Next-Generation Privacy Professional.”  When the IAPP initially was formed, the role of the chief privacy officer was newly emerging following the dot-com boom.  Over the past 10 years, the exponential increase in data collection and retention have propelled the privacy professional into senior levels of management.  Reflecting the growth of the privacy professional’s role, the IAPP’s membership has grown to include over 6,500 privacy professionals from businesses, governments and academic institutions across 50 countries.

Lisa Sotto, head of the Privacy and Information Management practice of Hunton & Williams LLP, has been appointed to the Board of Directors of the International Association of Privacy Professionals (“IAPP”). The IAPP is the world’s largest association of privacy professionals and works to define, promote and improve the privacy profession through networking, education and certification.

Sotto also serves as a member and is a former vice chair of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee. She is co-chair of the ...

On November 4, join our privacy professionals at the 31st International Conference of Data Protection and Privacy Commissioners in Madrid, Spain.  Participate in various presentations on ways to manage the most challenging data protection issues in today’s global environment.  In addition, the International Association of Privacy Professionals (“IAPP”) will host a Data Protection and Privacy Workshop in conjunction with the conference.

Don’t miss the 2009 International Association of Privacy Professionals’ (“IAPP”) Privacy Academy in Boston, MA, September 16-18th. The Academy provides various program topics on operational privacy and technology, as well as advanced breakout sessions focusing on today’s cutting edge privacy issues. We hope you will visit our privacy attorneys who are speaking on the following panels:

• Suggestions From the States: Designing a Workable Breach Notice Requirement, Thursday, September 17, 11 a.m. – 12 p.m., Aaron Simpson, Hunton & Williams, moderates, and speakers ...