Privacy and Information Security Law Blog

Recent Posts from Privacy and Information Security Law Blog

• European Commission Pursues Infringement Proceedings Against UK

  On October 29, 2009, the European Commission (the “Commission”) proceeded to the second phase of infringement proceedings against the UK relating to the UK’s implementation of EU e-privacy and personal data protection laws.  EU Member…

• Agencies Issue Final Gramm-Leach-Bliley Act Model Privacy Notice

  Today, eight federal financial regulatory agencies issued a final Gramm-Leach-Bliley Act ("GLBA") model privacy notice.  The final model notice incorporates financial institutions' required disclosures pursuant to Section 503 of the GLBA.  The GLBA requires, in…

• French Senate Issues New Legislation to Amend Data Protection Act: Provisions Include Breach Notice Obligation and Consent for Use of Cookies

  On November 6, 2009, the French Senate proposed a new draft law to reinforce the right to privacy in the digital age (“Proposition de loi visant à garantir le droit à la vie privée à…

• Connecticut Attorney General Investigation Sheds Light on Meaning of "Unreasonable Delay" in Data Breach Context

  On November 9, 2009, Connecticut’s Attorney General, Richard Blumenthal, announced an investigation of whether Blue Cross and Blue Shield (“BCBS”) violated Connecticut’s data breach notification law by waiting until two months after a data breach…

• Observations on Standards Document Adopted by 31st International Conference of Data Protection and Privacy Commissioners

  In a closed session on November 5, 2009, the 31st International Conference of Data Protection and Privacy Commissioners adopted the International Standards on the Protection of Personal Data and Privacy (the “Standards”).  Although the document…

• 2009 International Conference on Cross Border Data Flows, & Privacy

  Every year since 2005, the United States, the European Commission and the Article 29 Working Party on Data Protection meet to review the latest developments in the U.S.-EU Safe Harbor Framework, as well as changes…

• UK's Ministry of Justice Launches Consultation on Fines for Data Breaches

  Background On November 9, 2009, the UK's Ministry of Justice launched a consultation seeking the public's views on the proposed implementation of a maximum penalty of £500,000 (approximately US$837,950) for serious breaches of the UK…

• Centre Releases Galway Accountability Paper: Approach Discussed at Data Protection Commissioner's Conference in Madrid

  In 1980, the Organization for Economic Cooperation and Development (“OECD”) first published privacy guidelines that included an accountability principle.  Since that time, little work has been done to define accountability or to describe what it…

• Madrid Conference Highlights Difficult Balance between National Security and Privacy

  Janet Napolitano, Secretary of the Department of Homeland Security, and Alfredo Perez Rubalcaba, the Spanish Minister of the Interior, spoke in contrasting tones today of the difficulties of finding the right balance between security and…

• Massachusetts Regulator Revises Information Security Requirements (Again)

  On October 30, as reported by the Bureau of National Affairs (“BNA”), the Massachusetts Office of Consumer Affairs and Business Regulation stated that final amendments to its information security regulations had been filed with the…