Jan Albrecht, the rapporteur for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, released a draft report last month with key proposals to amend the European Commission’s proposed Regulation on data protection. The report includes a total of 350 amendments to the original proposal. Highlights of the 215-page report include the following:
Philippine President Benigno Aquino III signed into law the Data Privacy Act of 2012, which is modeled after the EU Data Protection Directive and the Asia-Pacific Economic Cooperation (APEC) Privacy Framework. The Act contains provisions that govern the processing of personal information, the rights of data subjects (e.g., notice, access, and data portability), and the security of personal information (which includes a breach notification requirement).
Following the recent implementation of the EU e-Privacy Directive, the Italian Data Protection Authority (the “Garante”) has issued a set of guidelines based upon which telecom operators and access providers are required to notify the Garante and data subjects of data breaches.
Privacy and data security were at the forefront of the May 11 PLI seminar program entitled “Cloud Computing 2012: Cut Through the Fluff and Tackle the Critical Stuff,” with presenters including Hogan Lovells partners Chris Wolf and Philip Porter. This blog post contains summarizes the panel discussions, with topics ranging from breach preparation to cloud contracting.
Hogan Lovells partners Quentin Archer, Roger Tym and Winston Maxwell hosted a London workshop on February 29, 2012 aimed at collecting comments for the UK Ministry of Justice’s public consultation on the proposed EU privacy Regulation. Workshop participants commented on the right to be forgotten, data portability, the accountability principle, data breach notifications, proposed requirements for consent, fining powers, and the “one-stop-shop” principle.
The White House released its long-awaited Privacy “White Paper” that outlines the Obama Administration’s proposal for a new American privacy framework, which consists of four key elements: (1) a Consumer Privacy Bill of Rights; (2) a multi-stakeholder process to determine how these rights will apply in specific business contexts; (3) an effective enforcement model; and (4) greater interoperability between the privacy frameworks of the United States and its international partners.
The European Commission today published its proposal for a new Data Protection Regulation. The Regulation, which is not likely to come into force before 2014, is intended to harmonise data protection law in all 27 EU Member States and thus remove current differences which have proved problematic for business and individuals.
Although the European Commission was expected to release its overhaul of the 1995 Data Protection Directive (95/46/EC) next month, some of the details of those changes emerged earlier than expected this week. In this post, we summarize the many key changes between the Data Protection Directive and the Commission’s draft Data Protection Regulation.
A new amendment to California’s security breach notification statute establishes specific content requirements for data breach notifications and imposes a new Attorney General notification requirement for breaches affecting more than 500 California residents.
A House subcommittee held a hearing yesterday on the SAFE Data Act, a draft data security and breach notification bill that, among other things, would require businesses to minimize the amount of personal information they maintain about consumers and notify law enforcement within a very short period of time — within 48 hours of discovering a breach.