Privacy & Information Security Law Blog

Global Privacy and Cybersecurity Law Updates and Analysis

Latest from Privacy & Information Security Law Blog

On October 11, 2018, the French data protection authority (the “CNIL”) announced that it adopted two referentials (i.e., guidelines) on the certification of the data protection officer (“DPO”). View the announcement (in French). As a practical matter, both referentials are intended to apply to DPOs located in France or who speak French. The referentials include:…
As reported on the Insurance Recovery Blog, Hunton Andrews Kurth insurance practice head Walter Andrews recently commented to the Global Data Review regarding the infirmities underlying an Orlando, Florida federal district court’s ruling that an insurer does not have to defend its insured for damage caused by a third-party data breach.…
On October 5, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP hosted a workshop on how to implement, demonstrate and incentivize accountability under the EU General Data Protection Regulation (“GDPR”), in collaboration with AXA in Paris, France. In addition to the workshop, on October 4, 2018, CIPL hosted a Roundtable on the Role of the Data Protection Office (“DPO”) under the GDPR at Mastercard and a pre-workshop dinner at the…
The European Data Protection Board (“EDPB”) recently published 22 Opinions on the draft lists of Supervisory Authority (“SAs”) in EU Member States regarding which processing operations are subject to the requirement of conducting a data protection impact assessment (“DPIA”) under the EU General Data Protection Regulation (“GDPR”).…
Vizio, Inc. (“Vizio”), a California-based company best known for its internet-connected televisions, agreed to a $17 million settlement that, if approved, will resolve multiple proposed consumer class actions consolidated in California federal court. The suits’ claims, which are limited to the period between February 1, 2014 and February 6, 2017, involve data-tracking software Vizio installed on its smart TVs. The software allegedly identified content displayed on Vizio TVs and enabled Vizio to determine the date,…
On September 26, 2018, the SEC announced a settlement with Voya Financial Advisers, Inc. (“Voya”), a registered investment advisor and broker-dealer, for violating Regulation S-ID, also known as the “Identity Theft Red Flags Rule,” as well as Regulation S-P, the “Safeguards Rule.” Together, Regulations S-ID and S-P are designed to require covered entities to help protect customers from the risk of identity theft and to safeguard confidential customer information. The settlement represents the first SEC…
The U.S. Department of Commerce’s National Institute of Standards and Technology recently announced that it is seeking public comment on Draft NISTIR 8228, Considerations for Managing Internet of Things (“IoT”) Cybersecurity and Privacy Risks (the “Draft Report”). The document is to be the first in a planned series of publications that will examine specific aspects of the IoT topic.…