Category

Policy

04 March 2019

TPI Podcast on Privacy Legislation Features Sidley Partner Alan Raul

On February 26, 2019, the Technology Policy Institute’s Two Think Minimum podcast featured Sidley Partner and founder of the Privacy and Cybersecurity practice, Alan Raul, alongside former FTC Acting Chairman and Commissioner of the FTC Maureen Ohlhausen.  The topic of the day was the future of privacy legislation in 2019.  Topics ranged from politics, U.S. State trends, activity in Europe, FTC enforcement powers and more.

To read or listen, check out https://techpolicyinstitute.org/2019/03/01/privacy-legislation-in-2019-maureen-ohlhausen-and-alan-raul-two-think-minimum-podcast/

EmailShare
18 February 2019

Blockchain Technology: SEC Commissioner Peirce Presents an Opportunity to Rethink Regulation

On February 8, 2019, U.S. Securities and Exchange (SEC) Commissioner Hester Peirce delivered a speech addressing the relationship between technological innovation and regulation, in particular addressing some of the pending regulatory challenges surrounding blockchain and digital assets.1 The key takeaways from Commissioner Peirce’s speech, titled “Regulation: A View From Inside the Machine,” 2 are these:

(more…)

EmailShare
14 February 2019

Health Sector Council Released Cybersecurity Recommendations for Medical Devices and Health IT

On January 28, 2019, the Healthcare and Public Health Sector Coordinating Council released the “Medical Device and Health IT Joint Security Plan” (“JSP” or “Plan”)—cybersecurity recommendations for medical device manufacturers, healthcare information technology vendors, and healthcare providers.  U.S. Government entities, including the FDA, participated in the development of the Plan.   The JSP comes close on the heels of the “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” a similar effort by a public-private partnership to provide cybersecurity guidance to healthcare industry stakeholders. (more…)

EmailShare
12 February 2019

Takeaways From CCPA Public Forums

When California Governor Jerry Brown signed the California Consumer Privacy Act (CCPA) into law on June 28, 2018, there was broad agreement that revisions and clarifications were necessary.  The CCPA was written and enacted with extraordinary speed, as legislators felt the need to move quickly in order to preempt a data privacy ballot initiative that had received enough signatures to be placed on California’s November ballot.  Consequently, June 28 was, in many ways, the beginning of a debate over the specifics of the CCPA, rather than the end.  Indeed, the California legislature has already passed a “clean-up” bill to address concerns expressed about the CCPA, and heated debates over the meaning and merits of specific provisions continue.  (more…)

EmailShare
07 February 2019

EDPB Adopts Opinion on Interplay Between the EU Clinical Trials Regulation and the GDPR

On 23 January 2019, the European Data Protection Board (EDPB) adopted an opinion on the interplay between the EU Clinical Trials Regulation (CTR) and the EU General Data Protection Regulation (GDPR). The Opinion addresses the appropriate legal basis for the processing of personal data in the context of clinical trials (primary use), and the secondary use of clinical trial data. (more…)

EmailShare
04 February 2019

Second Annual Review of Privacy Shield Continues to Call for Improvements; White House Nominates Privacy Shield Ombudsperson

In December 2018, the European Commission published its report on the second annual review of the EU-US Privacy Shield (the “Report”). The Report concluded that the Privacy Shield “continues to ensure an adequate level of protection” for personal data transferred from the EU to the US. However, the Commission did identify a number of recommendations from the first annual review which still required implementation including the appointment by the US of a permanent ombudsperson to oversee complaints.  To date, the U.S. has only appointed an interim ombudsperson (Manisha Singh). In the first annual review, the Commission did not set a deadline for the appointment. However, the latest review required an appointee to be identified by 28 February 2019 failing which the Commission will “consider taking appropriate measures.”

(more…)

EmailShare
28 January 2019

European Commission Provides a Summary of the GDPR so far for Data Protection Day 2019

On January 25, 2019, the European Commission published a statement to mark Data Protection Day (January 28, 2019) which, this year, comes eight months after the entry into force of the General Data Protection Regulation (“GDPR”) on May 25, 2018.

The statement indicates that the European Commission considers the GDPR to have had a positive effect, in particular because European citizens are now more conscious of the importance of data protection and of their rights. The European Commission also notes that the Data Protection Authorities (“DPAs”) are enforcing the new rules and better coordinating their actions in the European Data Protection Board. (more…)

EmailShare
22 January 2019

Transfers of Personal Data from the EU to the U.S. in the Event of a Brexit ‘No-Deal’

The EU-U.S. Privacy Shield (“Privacy Shield”) enables the free-flow of personal data from the European Economic Area (“EEA”) to the U.S. Under the Privacy Shield, U.S. participant organisations commit to adhering to Privacy Shield principles, which include accountability for the onward transfer of personal data after receiving such data from EEA organisations, data integrity obligations and purpose limitations with respect to the personal data transferred. Privacy Shield participant organisations are also required to develop and maintain a Privacy Shield-compliant privacy policy which informs individuals of the organisation’s practices and procedures when handling personal data and explains the independent recourse mechanisms in place for individuals to address complaints with respect to the processing of their personal data.  (more…)

EmailShare
17 January 2019

French DPA Publishes Updated Data Protection Impact Assessment Guidance

Under Article 35(3) of the EU General Data Protection Regulation (GDPR), organisations are required to conduct a data protection impact assessment (DPIA) where they: (i) engage in a systematic and extensive evaluation of personal aspects of individuals, based on automated processing, and on which decisions are based that produce legal or other effects that concern the individual, or (ii) process special categories of personal data (e.g. health data) on a large scale or personal data relating to criminal convictions, or (iii) engage in a systematic monitoring of a publicly accessible area on a large scale. (more…)

EmailShare
14 January 2019

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law.  By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies.  See CT Gen Stat § 38a-999b (2015); 23 NYCRR 500.  (For more information on South Carolina’s adoption of the Model Law, see our prior coverage.)  (more…)

EmailShare
XSLT Plugin by BMI Calculator