Privacy & Information Security Law Blog

Hunton & Williams LLP is pleased to announce that Richard Thomas, Global Strategy Advisor to the Centre for Information Policy Leadership (“CIPL”), has been selected as Chair for the Bailiwick of Guernsey’s new data protection authority. Adding the appointment to his position at CIPL, Thomas will be formally appointed in May and will work with the Data Protection Commissioner and the States of Guernsey to support the island’s regulatory framework in conjunction with the introduction of its new data protection law. Thomas will work on a shadow basis until his formal appointment, and the role is expected to command between 10 and 15 days per year.

Hunton & Williams LLP is pleased to announce that Richard Thomas, Global Strategy Advisor to the Centre for Information Policy Leadership, has been appointed by the UK Prime Minister to serve as a member of its Advisory Committee on Business Appointments (“ACOBA”), effective February 1, 2018.

Hunton & Williams LLP announces the firm’s Global Privacy and Cybersecurity practice was again recognized by Chambers UK 2016 and The Legal 500 UK 2015 guides, earning Tier 1 rankings. Chambers UK noted that the practice has a “superbly strong bench of highly experienced counsel adept at advising on the most complex of information law concerns. Particularly accomplished in guiding clients through the privacy implications of new technologies, international data transfers, and BCR applications and implementations.” Additionally, the firm’s European data protection practice leaders are recognized in the “Star” and “Senior Statesman” categories by Chambers UK, the highest categories of rankings. Bridget Treacy, head of the firm’s UK Privacy and Cybersecurity practice, and senior attorney consultant Rosemary Jay, received the top honors of “Star” individuals for data protection. Richard Thomas, formerly the UK Information Commissioner and the firm’s global strategy advisor, was again recognized as a “Senior Statesman.”

Richard Thomas, former UK Information Commissioner and Global Strategy Advisor to the Centre for Information Policy Leadership, was invited to a unique event in Scotland last week.

Peter Hustinx, who retired as the European Data Protection Supervisor at the end of 2014, was awarded the Honorary Degree of Doctor of Science in Social Science by the University of Edinburgh.

On February 11, 2015, the International Association of Privacy Professionals Australian New Zealand (“iappANZ”) will host a discussion on the risk-based approach to privacy in Sydney, Australia. Richard Thomas, Global Strategy Advisor for the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”), will present the Centre’s contributions to this topic including the outcomes from the workshops held in Paris and Brussels. Other guest speakers include Timothy Pilgrim, Australian Privacy Commissioner; Dr. Elizabeth Coombs, New South Wales Privacy Commissioner; and Olga Ganopolsky, General Counsel of Privacy and Data at Macquarie Group Limited. Together, they will discuss the benefits and challenges of a risk-based approach and the implications for businesses and regulators.

Former UK Information Commissioner and Centre for Information Policy Leadership (the “Centre”) Global Strategy Advisor Richard Thomas was invited to make a presentation at a roundtable on Privacy Risk Management and Next Steps at the Organization for Economic Cooperation and Development’s (“OECD’s”) 37th meeting of the Working Party on Security and Privacy in the Digital Economy (“Working Party”). The meeting was attended by governmental and regulatory officials from most OECD member countries, with various other participants and observers.

On November 18, 2014, the Centre for Information Policy Leadership at Hunton & Williams (the “Centre”) held the second workshop in its ongoing work on the risk-based approach to privacy and a Privacy Risk Framework. Approximately 70 Centre members, privacy regulators and other privacy experts met in Brussels to discuss the benefits and challenges of the risk-based approach, operationalizing risk assessments within organizations, and employing risk analysis in enforcement. In discussing these issues, the speakers emphasized that the risk-based approach does not change the obligation to comply with privacy laws but helps with the effective calibration of privacy compliance programs.

This week, the Article 29 Working Party (“Working Party”) prepares to debate various proposals on the “one-stop-shop” mechanism under the proposed EU General Data Protection Regulation (“Regulation”). Hunton & Williams’ Global Privacy and Cybersecurity practice and its Centre for Information Policy Leadership submitted a strategy paper on the one-stop-shop to the Working Party. The paper proposes a methodology for selecting and defining the role of a lead regulatory authority with the objective of making the one-stop-shop more operational, flexible and viable. The work draws on a more detailed article published on November 3, 2014, by Hunton & Williams senior attorney Rosemary Jay in the magazine for the Society for Computers and Law, entitled The “One Stop Shop” – Working in Practice.

On March 18, 2014, Hunton & Williams’ Global Privacy and Cybersecurity practice group hosted the latest webcast in its Hunton Global Privacy Update series. The program focused on some of the recent developments in privacy, including observations from the International Association of Privacy Professionals’ Global Privacy Summit in Washington, D.C., earlier this month, the National Institute of Standards and Technology final Cybersecurity Framework and the Article 29 Working Party’s recent Opinion on Binding Corporate Rules and Cross-Border Privacy Rules.

In a recording prepared for the Centre for Information Policy Leadership at Hunton & Williams LLP’s (“Centre’s”) annual retreat, former UK Information Commissioner and Centre Global Strategy Advisor Richard Thomas discussed some of the challenges facing Big Data with respect to the purpose limitation principle set out in Article 6(1)(b) of the current EU Data Protection Directive 95/46/EC. In April 2013, the Article 29 Working Party adopted an Opinion on this topic, focusing on how to apply the purpose limitation principle in the Big Data context. Richard Thomas ...

On May 29, 2013, Hunton & Williams hosted a webinar, A Discussion on the Proposed EU Regulation: Developing a More Creative Approach. Hunton & Williams partner Bridget Treacy moderated the session with former UK Information Commissioner Richard Thomas, Global Strategy Advisor of the Centre for Information Policy Leadership at Hunton & Williams. Richard Thomas discussed the need for a more creative and flexible approach to the proposed EU General Data Protection Regulation, with better-defined outcomes and targeting businesses that present the greatest risks. He also ...

Hunton & Williams LLP is pleased to announce the firm’s global Privacy and Data Security practice again ranked in “Band 1” in 2013 Chambers USA, Chambers Global and Chambers UK.

Global practice group leader Lisa Sotto, who was recently named among The National Law Journal’s “The 100 Most Influential Lawyers in America,” was recognized in Chambers USA as a “Star” performer, the guide’s highest ranking. Sotto was the only privacy lawyer in the U.S. to receive this distinguished ranking. In the same guide, New York partner Aaron Simpson was highlighted for his notable work in advising on global privacy and data security matters.

On January 28, 2013, the London office of Hunton & Williams marked European Data Privacy Day with the launch of the fourth edition of Data Protection Law & Practice, written by Senior Attorney Rosemary Jay. A panel comprised of the current UK Information Commissioner, Christopher Graham; his three predecessors, Eric Howe CBE, Elizabeth France CBE and Richard Thomas CBE; and the UK Minister of State for Justice, Lord McNally, spoke at the event and provided a retrospective on data protection in the United Kingdom since the Information Commissioner’s Office’s (“ICO’s”) inception in 1984.

On January 28, 2013, European Data Privacy Day, the London office of Hunton & Williams hosted the launch of senior attorney Rosemary Jay’s fourth edition book, Data Protection Law & Practice, by publisher Sweet & Maxwell.

Hunton & Williams is pleased to announce the firm maintained its top-tier “Band 1” ranking in Data Protection in the 2013 edition of Chambers UK. Our London-based principals also maintained their high rankings as leading Data Protection lawyers:

• Bridget Treacy, managing partner of the firm’s London office and head of the UK Privacy and Data Security practice, was ranked as a “Star Individual.”
• Richard Thomas, Global Strategy Advisor to the Centre for Information Policy Leadership at Hunton & Williams LLP, was ranked as a “Senior Statesman.”
• Rosemary Jay, a senior ...

On July 12, 2012, the National Telecommunications and Information Administration (“NTIA”) of the U.S. Department of Commerce initiated a multistakeholder process to develop guidance for transparency in the mobile environment. The NTIA has announced that they will schedule a second meeting in August, and encouraged small group discussions in the interim. This is not the first multistakeholder process to wrestle with transparency in the mobile environment, and those previous efforts – which date back almost a decade – may prove useful to such discussions.

On November 2, 2011, following welcome comments by Federal Institute for Access to Information and Data Protection (“IFAI”) Commissioner Jacqueline Peschard, the 33rd International Conference of Data Protection and Privacy Commissioners opened in Mexico City with an examination of the phenomenon of “Big Data” as a definer of a new economic era. In a wide-ranging presentation, Kenneth Neil Cukier of the Economist drew into clear relief the possibilities and problems associated with combining vast stores of data and powerful analytics. He highlighted the growing ability to correlate seemingly unrelated data sets to predict behavior, reveal trends, enhance product performance and safety and derive meaning. In his remarks Cukier noted that, in an era of Big Data, much of the decision-making about data collection and use goes beyond traditional notions of privacy, touching on ethics and free will. Noting that the printing press led to the development of free speech laws, he left open the question of how Big Data may change the legal landscape.

On November 1, 2011, the Centre for Information Policy Leadership released a discussion document entitled “Implementing Accountability in the Marketplace,” at the 33rd International Conference of Data Protection and Privacy Commissioners in Mexico City. The document reflects the collaborative effort of experts from Canada, Europe and the United States, and provides a comprehensive summary of the third year of the Centre’s work with the Accountability Project. It examines the requirements and benefits of accountability when it is applied across the marketplace, and ...

On November 2-3, 2011, Mexico’s Federal Institute for Access to Information and Data Protection (“IFAI”) will host the 33rd International Conference of Data Protection and Privacy Commissioners in Mexico City. Marty Abrams, President of the Centre for Information Policy Leadership at Hunton & Williams LLP, is the chairman of the Conference’s advisory panel and principal advisor to Conference organizers on program content. Hunton & Williams is a proud sponsor of the event which will feature Hunton representatives as speakers or moderators on multiple panels and plenary sessions, including the following:

On October 10-12, 2011, the Council of Europe’s Bureau of the Consultative Committee of the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (known as the “T-PD-Bureau”) met in Strasbourg, France, to discuss, among other things, amending the Council of Europe’s Convention 108 and Additional Protocol. Convention 108 (together with the Protocol), which underlies the European Union’s legal framework for data protection, is the only legally-binding international convention that addresses data protection. Amendment of the Convention is also closely linked to the current review of the EU data protection framework.

On June 28-30, 2011, the Council of Europe’s Bureau of the Consultative Committee of the Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (known as the “T-PD-Bureau”) met in Strasbourg, France, to discuss, among other things, amending the Council of Europe’s Convention 108.  Convention 108, which underlies the European Union’s legal framework for data protection, is the only legally-binding international convention that addresses data protection.  Amendment of the Convention is thus closely linked to the current review of the EU data protection framework, and many of the same actors are involved in both exercises.

For the fourth consecutive time, Hunton & Williams LLP was named the top firm for privacy by Computerworld in its 2010 report on “Best Privacy Advisers.”  The survey of more than 4,000 global corporate privacy leaders ranked Hunton & Williams #1 overall, citing the firm’s extensive experience and global presence.  Computerworld reported that, “Hunton [& Williams] attracted more than twice as many votes as its nearest challenger.”  In a breakdown by focus categories, Hunton & Williams also received top honors from respondents working in the financial services and ...

On January 17, 2011, the Centre for Information Policy Leadership at Hunton & Williams LLP (the “Centre”) released a response to the European Commission’s consultation paper, “A comprehensive approach on personal data protection in the European Union.”  In its response, prepared by Richard Thomas, former UK Information Commissioner and Global Strategy Advisor of the Centre, the Centre calls for a modernized European framework for data protection that addresses the realities of the digital age.

This year, the 32nd International Conference of Data Protection and Privacy Commissioners takes place in Jerusalem.  In addition, the Israeli Law, Information and Technology Authority (“ILITA”) is hosting a week of privacy activities to mark the 30th anniversary of the OECD Privacy Guidelines.

The UK Ministry of Justice has issued a Call for Evidence on the effectiveness of current data protection legislation in the UK.  Responses must be submitted by October 6, 2010.  “It will give the [UK] Government a solid evidence base to use in negotiations with other European Union parties.  I believe we have everything to gain from a sensible, proportionate and rights-based data protection framework, and one that works for you as businesses, service-providers and citizens,” said Minister of State for Justice, Lord McNally.

Join us next week at the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C., April 19 – 21, 2010.  This year’s summit features three days of intensive programs and networking with more 1,500 privacy professionals.  We also hope you will visit our privacy professionals who are speaking on the following panels:

• The Essential Elements of Accountability and Baking Them into a Privacy Business Process
  Tuesday April 20, 1:15 – 2:15 p.m.
  Speakers include: Marty Abrams, Executive Director of the Centre for Information Policy Leadership and Scott Taylor, CIPP, Chief Privacy Officer of Hewlett-Packard Company.
• Revisiting the Safe Harbor a Decade Later
  Wednesday April 21, 12:15 – 1:15 p.m.
  Speakers include: Lisa J. Sotto, Partner and Head of the Privacy and Information Management Practice at Hunton & Williams LLP; Damon Greer, CIPP, Director, U.S. - EU and Swiss Safe Harbor Framework, U.S. Department of Commerce; and JoAnn Stonier, Global Privacy & Data Usage Officer of MasterCard Worldwide.
• Data Can Be Good: Exploring Alternatives to Data Minimization for Protecting Privacy
  Wednesday April 21, 12:15 – 1:15 p.m.
  Speakers include: Marty Abrams, Executive Director of the Centre for Information Policy Leadership; Fred Cate, Distinguished Professor of Indiana University and Senior Policy Advisor of the Centre for Information Policy Leadership; and Stan Crosley, CIPP, Co-Director of Indiana University Center for Strategic Health Information Provisioning and Principal of Crosley Law Offices, LLC. The program is moderated by Jane Horvath, CIPP, CIPP/G, Senior Privacy Counsel of Google, Inc.

In February 24, 2010, an Italian court in Milan found three Google executives guilty of violating applicable Italian privacy laws.  The executives were accused of violating Italian law by having allowed a video showing an autistic teenager being bullied to be posted online.  The Google executives, Senior Vice President and Chief Legal Officer David Drummond, Chief Privacy Counsel Peter Fleischer and former Chief Financial Officer George Reyes, were fined and received six-month suspended jail sentences.