French DPA Publishes Updated Data Protection Impact Assessment Guidance

Jan 17 2019
, and

Under Article 35(3) of the EU General Data Protection Regulation (GDPR), organisations are required to conduct a data protection impact assessment (DPIA) where they: (i) engage in a systematic and extensive evaluation of personal aspects of individuals, based on automated processing, and on which decisions are based that produce legal or other effects that concern the individual, or (ii) process special categories of personal data (e.g. health data) on a large scale or personal data relating to criminal convictions, or (iii) engage in a systematic monitoring of a publically accessible area on a large scale.

Read More

EmailShare
, , , ,

SEC Announces Examination Priorities for 2019

Jan 16 2019
, and

On December 20, 2018, the Office of Compliance Inspections and Examinations (OCIE) of the U.S. Securities and Exchange Commission (the SEC) released its report (the 2019 Report) setting forth its list of examination priorities for 2019 (the Exam Priorities).1 OCIE announces its exam priorities annually to provide insights into the areas it believes present potentially heightened risk to investors or the integrity of the U.S. capital markets.2  The Exam Priorities can serve as a roadmap to assist advisers in assessing their policies, procedures and compliance programs; testing for and remediating any suspected deficiencies related to the Exam Priorities; and preparing for OCIE exams.

Read More

EmailShare
, , ,

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Jan 14 2019
and

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law.  By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies.  See CT Gen Stat § 38a-999b (2015); 23 NYCRR 500.  (For more information on South Carolina’s adoption of the Model Law, see our prior coverage.) 

Read More

EmailShare
, , , , , , ,

HHS Releases Cybersecurity Guidance for Healthcare Organizations

Jan 08 2019
, and

On December 28, 2018, the U.S. Department of Health and Human Services (HHS) released a four-volume cybersecurity guidance document for healthcare organizations. The publication, “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (HICP), is the result of a government and industry collaboration mandated by the Cybersecurity Act of 2015. The HICP is not limited to individually identifiable health information but instead covers organizations’ enterprise-level information security more generally. HHS describes the publication as “practical, understandable, implementable, industry-led, and consensus-based voluntary cybersecurity guidelines to cost-effectively reduce cybersecurity risks for health care organizations of varying sizes.” Notwithstanding their voluntary nature, these HHS-backed cybersecurity recommendations are likely to serve as an important reference point for the industry.

Read More

EmailShare
, , , , , ,

Spain’s New Data Protection Act Now in Force

Jan 03 2019
, and

When the GDPR came into effect on May 25, 2018, several European Member States had yet to put in place further implementing legislation.  And while the data protection world watches and eagerly digests each new interpretive guidance from data protection authorities, Member State legislation provides additional interpretive tones of harmony or discord in data protection across Europe.  After much delay and almost seven months after the EU’s General Data Protection Regulation (“GDPR”) came into force, the Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (“LOPDGDD”) – which implements the GDPR in Spain – entered into force on 7 December 2018.

Read More

EmailShare
, , , , ,

EU Commission Decision Reconciles Data Protection Rules with the Need for Effective Trade Defence and Trade Policy Investigations

Jan 02 2019
and

On December 17, 2018, European Commission Decision (EU) 2018/1996 (the ‘Decision’) was published in the Official Journal of the European Union. The Decision lays down rules designed to reconcile the rights of individuals respecting their personal data, with the need for effective trade defence and trade policy investigations in the EU.

Read More

EmailShare
, ,

Debate Continues on the Future of U.S. Privacy Regulation from California to Capitol Hill

Dec 27 2018
, and

With the midterm election out of the way, legislators on Capitol Hill and in state capitols are getting ready to consider the future of data privacy regulation in 2019 and consumer and industry groups continue to weigh in on the ongoing debate.  The debate has begun to move from principles and frameworks to drafting of legislative language.

Read More

EmailShare
, , , , , , ,
1 2 3 63
EmailShare

Categories

Archives

Contacts


Colleen Theresa Brown
Washington, D.C.
ctbrown@sidley.com


John M. Casanova
Singapore, London
jcasanova@sidley.com


Christopher C. Fonzone
Washington, D.C.
cfonzone@sidley.com


Cameron F. Kerry
Boston, Washington, D.C.
ckerry@sidley.com


William RM Long
London
wlong@sidley.com


Geeta Malhotra
Chicago
cmalhotra@sidley.com


Edward R. McNicholas
Washington, D.C.
emcnicholas@sidley.com


Wim Nauwelaerts
Brussels
wnauwelaerts@sidley.com


Alan Charles Raul
Washington, D.C.
araul@sidley.com


Yuet Ming Tham
Hong Kong
Singapore
yuetming.tham@sidley.com


John K. Van De Weert
Washington, D.C.
jvandeweert@sidley.com

Click here to view all of Sidley's Privacy and Cybersecurity professionals.

To receive email alerts when we post a blog entry, please provide your name and email address.

Upcoming Events

  1. Data Protection in Finance 2019: Living with the GDPR

    January 24 @ 9:00 am - 5:00 pm

  2. Women in Privacy

    February 11 @ 6:00 pm - 8:30 pm

View All Events

XSLT Plugin by BMI Calculator