A recent judgment of the highest court in the European Union announced that search engines within the court’s jurisdiction must respond to “right to be forgotten” requests. This authoritative interpretation of the existing data protection laws may create significant issues for Internet intermediaries and exacerbate the differences between the European privacy-based “right to be forgotten” and the United States’ free-speech based “right to remember.” This judgment will have a significant impact not only on search engine companies and publishers, but also on many other industries, including financial services and life sciences, that need to maintain data on individuals for legitimate business reasons, often for lengthy periods.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2014-05-20 17:08:282014-05-20 17:08:28European Court of Justice Finds ‘Right to be Forgotten’ and Compels Google to Remove Links to Lawful Information
On Tuesday, April 22, 2014, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced that Concentra Health Services Inc. (“CHS”) and QCA Health Plan Inc. (“QCA”) have agreed to pay a total of $1,975,220, collectively, to resolve potential violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Security Rules stemming from the theft of unencrypted laptops. Specifically, CHS has agreed to pay $1,725,220, and QCA has agreed to pay $250,000, to OCR to settle potential HIPAA violations and will adopt corrective action plans to evidence their remediation of the potential violations. The clear message from both settlements is that OCR expects covered entities to encrypt mobile devices that store electronic Protected Health Information (“ePHI”).
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2014-04-25 17:28:172014-04-25 17:28:17OCR Levies Nearly $2 Million in HIPAA Fines for Stolen Unencrypted Laptops
On April 15, 2014 the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert announcing that the agency will be examining 50 registered broker-dealers and investment advisers in order to assess cybersecurity preparedness in the securities industry.1 The announcement was accompanied by a sample request for information and documents. According to OCIE, the examinations will focus on “cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.”
Over two years ago, in January 2012, the European Parliament published a proposal for an EU Regulation on Data Protection (the Regulation) to replace the current European Data Protection Directive. Whilst the Regulation raises significant issues for all industries, the financial services sector has been particularly concerned given the billions of financial records and transitions handled yearly. Due to its potential impact, the proposed Regulation has been one of the most lobbied pieces of European legislation in European Union history. According to reports, the European Parliament’s Civil Liberties Committee, which has been negotiating the Regulation, has received over 4,000 amendments.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2014-04-18 19:52:002014-04-18 19:52:00Significant Impact of New EU Data Protection Regulation on Financial Services
The European Parliament has voted in a plenary session on March 12, 2014 to fully endorse the draft EU Data Protection Regulation (the Regulation) and the draft EU resolution calling for the immediate suspension of Safe Harbor (the Resolution), both of which were adopted previously by the European Parliament’s Civil Liberties Committee (the LIBE Committee).
According to the European Commission’s press release “today’s plenary vote means the position of the Parliament is now set in stone and will not change even if the composition of the Parliament changes following the European elections in May.”
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2014-03-17 17:29:282014-03-17 17:29:28European Parliament Votes to Approve New EU Data Protection Regulation and Immediate Suspension of Safe Harbor
The European Commission wishes to ensure a competitive and growing share of the global digital economy. It is, therefore, working on a number of key proposals that will directly impact CIOs and information security departments throughout this current digital decade.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2014-03-01 19:54:162014-03-01 19:54:16CIOs and the changing legal landscape
Recent data breaches at retailers like Target have increased awareness about growing cybersecurity threats. Broker-dealers in particular need to reevaluate their own cybersecurity preparedness in light of several recent events:
FINRA’s launch of a cybersecurity sweep, publicly announced on the FINRA website on February 6, 2014;
The inclusion of cybersecurity as a priority in the SEC’s National Examination Program for 2014 and FINRA’s 2014 Annual Regulatory and Examination Priorities Letter;
The White House’s February 12, 2014 release of the much-anticipated Framework for Improving Critical Infrastructure Cybersecurity; and
An upcoming SEC public roundtable on cybersecurity issues, to be held in Washington, DC on March 26, 2014.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2014-02-20 17:45:282014-02-20 17:45:28Broker-Dealers Need to Respond to Recent Focus on Cybersecurity Threats
On December 26, 2013, Singapore’s Personal Data Protection Commission (the “Commission”) issued advisory guidelines on the “Do Not Call” Provisions (“DNCGuidelines”) of the Personal Data Protection Act 2012 (Act 26 of 2012) (“the Act”). The DNC Guidelines supplement the Commission’s earlier issued Advisory Guidelines1 on the Act. The DNC Provisions came fully into effect on January 2, 2014, and the DNC Guidelines serve to illustrate particular aspects of the DNC Provisions, though “they are not meant to exhaustively address every obligation in the Act.”2
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Sidley Data Matters Contributorshttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngSidley Data Matters Contributors2014-02-18 17:48:032014-02-18 17:48:03Advisory Guidelines on the Singapore Do Not Call Provisions: The Personal Data Protection Act
European Court of Justice Finds ‘Right to be Forgotten’ and Compels Google to Remove Links to Lawful Information
A recent judgment of the highest court in the European Union announced that search engines within the court’s jurisdiction must respond to “right to be forgotten” requests. This authoritative interpretation of the existing data protection laws may create significant issues for Internet intermediaries and exacerbate the differences between the European privacy-based “right to be forgotten” and the United States’ free-speech based “right to remember.” This judgment will have a significant impact not only on search engine companies and publishers, but also on many other industries, including financial services and life sciences, that need to maintain data on individuals for legitimate business reasons, often for lengthy periods.
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
OCR Levies Nearly $2 Million in HIPAA Fines for Stolen Unencrypted Laptops
On Tuesday, April 22, 2014, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced that Concentra Health Services Inc. (“CHS”) and QCA Health Plan Inc. (“QCA”) have agreed to pay a total of $1,975,220, collectively, to resolve potential violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Security Rules stemming from the theft of unencrypted laptops. Specifically, CHS has agreed to pay $1,725,220, and QCA has agreed to pay $250,000, to OCR to settle potential HIPAA violations and will adopt corrective action plans to evidence their remediation of the potential violations. The clear message from both settlements is that OCR expects covered entities to encrypt mobile devices that store electronic Protected Health Information (“ePHI”).
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
Cybersecurity Developments: SEC, FINRA, NIST, DOJ/FTC
SEC Launches Cybersecurity Examination Initiative – Promoting Cyber Preparedness
On April 15, 2014 the Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert announcing that the agency will be examining 50 registered broker-dealers and investment advisers in order to assess cybersecurity preparedness in the securities industry.1 The announcement was accompanied by a sample request for information and documents. According to OCIE, the examinations will focus on “cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.”
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
Significant Impact of New EU Data Protection Regulation on Financial Services
Global Banking & Finance Review
Over two years ago, in January 2012, the European Parliament published a proposal for an EU Regulation on Data Protection (the Regulation) to replace the current European Data Protection Directive. Whilst the Regulation raises significant issues for all industries, the financial services sector has been particularly concerned given the billions of financial records and transitions handled yearly. Due to its potential impact, the proposed Regulation has been one of the most lobbied pieces of European legislation in European Union history. According to reports, the European Parliament’s Civil Liberties Committee, which has been negotiating the Regulation, has received over 4,000 amendments.
View Article
William RM Long
London
wlong@sidley.com
European Parliament Votes to Approve New EU Data Protection Regulation and Immediate Suspension of Safe Harbor
The European Parliament has voted in a plenary session on March 12, 2014 to fully endorse the draft EU Data Protection Regulation (the Regulation) and the draft EU resolution calling for the immediate suspension of Safe Harbor (the Resolution), both of which were adopted previously by the European Parliament’s Civil Liberties Committee (the LIBE Committee).
According to the European Commission’s press release “today’s plenary vote means the position of the Parliament is now set in stone and will not change even if the composition of the Parliament changes following the European elections in May.”
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
CIOs and the changing legal landscape
CIO Today UK
The European Commission wishes to ensure a competitive and growing share of the global digital economy. It is, therefore, working on a number of key proposals that will directly impact CIOs and information security departments throughout this current digital decade.
View Article
William RM Long
London
wlong@sidley.com
Geraldine Scali
gscali@sidley.com
Broker-Dealers Need to Respond to Recent Focus on Cybersecurity Threats
Recent data breaches at retailers like Target have increased awareness about growing cybersecurity threats. Broker-dealers in particular need to reevaluate their own cybersecurity preparedness in light of several recent events:
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
Advisory Guidelines on the Singapore Do Not Call Provisions: The Personal Data Protection Act
On December 26, 2013, Singapore’s Personal Data Protection Commission (the “Commission”) issued advisory guidelines on the “Do Not Call” Provisions (“DNC Guidelines”) of the Personal Data Protection Act 2012 (Act 26 of 2012) (“the Act”). The DNC Guidelines supplement the Commission’s earlier issued Advisory Guidelines1 on the Act. The DNC Provisions came fully into effect on January 2, 2014, and the DNC Guidelines serve to illustrate particular aspects of the DNC Provisions, though “they are not meant to exhaustively address every obligation in the Act.”2
(more…)
Sidley Data Matters Contributors
Sidley Austin Privacy Group
1n-licensing@onenorth.com
Upcoming Events
Women in Privacy Networking Event
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
Linh Lieu
linh.lieu@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Alan Charles Raul
araul@sidley.com
Sean Royall
sroyall@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
John K. Van De Weert
jvandeweert@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com