Privacy & Information Security Law Blog

Global Privacy and Cybersecurity Law Updates and Analysis

Latest from Privacy & Information Security Law Blog

On April 22, 2019, Washington state legislators voted to send HB 1071 (the “Bill”) to Governor Jay Inslee for consideration. The Bill was requested by Attorney General Ferguson and would strengthen Washington’s data breach law. The request to amend the current law followed Attorney General Ferguson’s third annual Data Breach Report, which found that data breaches affected nearly 3.4 million Washingtonians between July 2017 and July 2018.…
On April 17, 2019, the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (the “Dutch DPA”) issued six recommendations (in Dutch) for companies, to be taken into account when drafting privacy policies for the purpose of Article 24.2 of the EU General Data Protection Regulation (the “GDPR”). Article 24.2 of the GDPR provides the obligation for data controllers to implement privacy policies for accountability purposes, under certain criteria. The published recommendations follow the Dutch DPA’s investigation…
Earlier this month, the U.S. Department of Justice (“DOJ”) published a white paper entitled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act” (“White Paper”). The Clarifying Lawful Overseas Use of Data Act (the “CLOUD Act”) was enacted in March 2018 by the U.S. government to aid foreign and U.S. investigators in obtaining access to electronic information related to serious crimes and held by…
On October 22, 2018, the UK Court of Appeal upheld the High Court’s decision that VM Morrison Supermarkets PLC (“Morrisons”) was vicariously liable for a data breach caused by a disgruntled former employee, despite Morrisons being cleared of any wrongdoing (VM Morrison Supermarkets PLC v Various Claimants). The case is important, given its potential “floodgate” effect on data breach class action claims in the UK. The Supreme Court has granted Morrisons permission to…
The much-discussed Washington Privacy Act, Senate Bill 5376 (“SB 5376”), appears to have died after failing to receive a House vote by an April 17, 2019 deadline for action on non-budget policy bills. Though the bill could be revived before the regular session ends on April 28, 2019, Washington lawmakers expressed doubt.…
Hunton Andrews Kurth LLP is pleased to announce the launch of a dedicated site focused on the California Consumer Privacy Act of 2018 (“CCPA”), which serves as a resource for businesses to understand and prepare to comply with the CCPA. Transformative in nature, the CCPA will impact most businesses that process the personal information of California residents, and is likely to set the stage for a wider shift in standards on data privacy across the…
On April 9, 2019, the UK Information Commissioner’s Office (the “ICO”) levied one of its most significant fines under the Data Protection Act 1998 (the “DPA”) against pregnancy and parenting club Bounty (UK) Limited (“Bounty”), fining the company GBP 400,000. Bounty, which provides new and expectant mothers with information and offers for products and services, collects personal data online, via an app, and offline through hard copy cards. The company also offered a data broking…
On April 12, 2019, Senator Edward J. Markey (MA) introduced the Privacy Bill of Rights Act (the “Act”), comprehensive privacy legislation intended to protect individuals’ “personal information,” defined as “information that directly or indirectly identifies, relates to, describes, is capable of being associated with, or could reasonably be linked to, a particular individual.” This definition is substantially similar to the definition of “personal information” contained in the California Consumer Privacy Act of 2018. The Act…