Hunton Andrews Kurth LLP has launched an online resource center dedicated to helping businesses navigate their new data privacy responsibilities in accordance with the California Consumer Privacy Act of 2018 (CCPA).

The CCPA, with a compliance deadline in 2020, will affect most businesses that handle the personal data of California residents. The resource center aims to assist businesses by providing a general understanding and information about how the CCPA will impact their information practices. It features a compliance checklist, insights and analysis on the law’s requirements, and other helpful CCPA resources.

“Due to the CCPA’s likely effect on the privacy programs of businesses that manage personal data about California residents, it is imperative that companies develop a CCPA compliance strategy to determine the extent to which the law applies to them, assess their current CCPA compliance posture, and conduct necessary remediation activities,” said Lisa Sotto, head of the firm’s global privacy and cybersecurity practice.

The CCPA already has triggered the introduction of a flurry of additional state bills with similar requirements, and federal privacy legislation is likely as well. For state and federal legislative updates, visit the Privacy & Information Security Law Blog.

The Alabama Bar Association has approved the Privacy Law Specialty authorized by the American Bar Association (ABA) and certified by the International Association of Privacy Professionals (IAPP). This is the ninth specialty designation in the state, the IAPP said in a release.

The Privacy Law Specialist (PLS) certification is administered by the IAPP and accredited by the ABA, marking the fifteenth legal specialty accredited by the ABA. The credential is available to attorneys admitted to a U.S. state bar who pass the CIPP/US exam, as well as either the CIPM or the CIPT programs. Qualifying attorneys must also pass the PLS ethics exam administered by the IAPP or submit a recent MPRE score of 80+, provide proof of “ongoing and substantial” involvement practicing privacy law, supply evidence of at least 36 hours of continuing education in privacy law for the preceding three years, and provide at least five peer references from attorneys, clients or judges attesting to the attorney’s privacy law qualifications.

“There is an increasing importance for legal teams to be well-versed on the rapidly evolving area of privacy law,” said J. Trevor Hughes, IAPP president and CEO. “With this designation, each lawyer demonstrates his or her qualifications to remain at the forefront of this legal field and join other leaders in a key intersection of policy, law and technology.”

To date, only 40 attorneys have achieved the PLS nationwide including three practicing in Birmingham:

Paige Boshell
Managing Member, Privacy Counsel LLC
privacycounselllc.com
Boshell has also been designated a Fellow of Information Privacy and is certified CIPP/US (United States law), CIPP/E (EU law), and CIPM (privacy management).

Elena Lovoy
Of Counsel, McGlinchey Stafford
www.mcglinchey.com
Lovoy has also been certified CIPP/US (United States law), CIPP/E (EU law), CIPP/C (Canadian law), CIPM (privacy management), and CCEP (compliance and ethics professional).

Josh Torres
Corporate Regulatory and Privacy Counsel, iCIMS, Inc.
www.icims.com
Torres has also been designated a Fellow of Information Privacy and is certified CIPP/US (United States law), CIPM (privacy management), and CIPT (privacy technologist).

Interested attorneys may find more information on applying to become a Privacy Law Specialist at https://iapp.org/certify/pls/ or email pls@iapp.org.

Image by Montgomery County Planning Commission

A day after Aetna sued the claims administrator Kurtzman Carson Consultants for exposing confidential medical information about Aetna clients in a settlement notification, a KCC subsidiary brought a new suit blaming Aetna and its lawyers at Gibson Dunn & Crutcher for failing to protect the privacy of Aetna customers, according to Reuters.

The underlying case is based on the mailing of prescription notices sent to Aetna insureds. Those mailings by KCC were in envelopes that included transparent windows that displayed text including the words  “when filling prescriptions for HIV medications.”

KCC now claims that “Aetna and Gibson knew that windowed envelopes were being used in the mailings in question.” The law firm is not named as a defendant, but the firm’s actions on Aetna’s behalf are mentioned throughout the complaint, writes Alison Frankel.

Read the Reuters article.

Privacy impacts the daily lives of people like never before, including how their information is treated and protected by the companies in which they place trust for business. In recognition of the growing importance of privacy and data protection law and compliance, the International Association of Defense Counsel (IADC) has dedicated the summer 2017 edition of its Defense Counsel Journal (DCJ) to the exploration of privacy issues.

The summer issue is the first half of the IADC’s “Privacy Project V” publication. The second half will be published as the fall 2017 issue of the DCJ. The current issue is available for free and without a subscription via the IADC’s website.

In the current issue, IADC members write about a variety of privacy topics from a global perspective. Frequently and favorably cited by courts and other legal scholarship, the DCJ is a quarterly forum for topical and scholarly writings on the law, including its development and reform, as well as on the practice of law in general. The IADC is a 2,500-member, invitation-only, worldwide organization that serves its members and their clients, as well as the civil justice system and the legal profession.

“We are reminded in our daily lives of the importance of privacy – particularly in matters or with business impacted by social media, e-discovery, text messaging and instant messaging,” said Eve B. Masinter, co-chair of the IADC’s Privacy Project V Editorial Board and a partner with Breazeale, Sachse & Wilson, L.L.P., in New Orleans. “Privacy must be protected worldwide by our constitutions and laws.”

According to the Pew Research Center, 91 percent of adults agree or strongly agree that consumers have lost control of how personal information is collected and used by companies, and technology experts believe most individuals will not have the energy or resources to protect themselves from “dataveillance” in the coming years.

S. Gordon McKee, also co-chair of the IADC’s Privacy Project V Editorial Board and a partner with Blake, Cassels & Graydon, LLP, in Toronto, added, “It is critical that attorneys, who are increasingly giving advice on the balance between privacy and other rights and interests, remain engaged and informed on the latest developments and insights that impact this developing area of the law.”

The IADC’s Privacy Project is dedicated to the memory of Joan Fullam Irick, the IADC’s first female president, who made the issue of corporate and personal privacy a key theme for her administration.

The first half of the “Privacy Project V” issue of the DCJ includes the following articles:

– “The Era of the Internet of Things: Can Product Liability Laws Keep Up?” – Explores the need to reexamine traditional product liability theories amid the proliferation of wireless connected devices.

– “Follow the Audit Trail: The Impact of Metadata in Litigation” – Discusses the importance of practitioners making a conscious effort early in every case to determine whether discoverable electronic data and, particularly, metadata exist, assess whether it is relevant to the pertinent issues, and ensure its preservation.

– “Standing in the Midst of a Data Breach Class Action” – Focuses on class-action litigation following a cyber attack, and what is often corporate counsel’s first best chance to dispose of these cases by challenging plaintiffs’ standing.

– “Connected Cars and Automated Driving: Privacy Challenges on Wheels” – Explores privacy and data protection in the realm of connected cars.

– “The French Blocking Statute and Cross-Border Discovery” – Reviews the so-called “French blocking statute” and attempts to reform it, and how it – along with data protection and privacy laws – constitutes another hurdle for the transfer of certain information from the French jurisdiction to the United States.

– “Did You Really Send It? Email Evidence in Litigation and Arbitration in Argentina” – Analyzes the state of electronic evidence in Argentina and the need for additional measures.

– “Zones of Privacy: How Private?” – Discusses the constitutional and legal implications engendered by the collision between the right to individual privacy and the exercise of the state’s police power pursuant to the demands of public interest and state security under Philippine law.

– “Busting the Black Box: Big Data Employment and Privacy” – Provides examples of the impact that big data can have in the workplace and the related compliance concerns.

– “EU Data Protection and the Conflict of Laws: The Usual “Bag of Tricks” or a Fight Against the Evasion of the Law?” – Examines to what extent the principles developed by the case law of the Court of Justice of the European Union still apply under the General Data Protection Regulation and, if so, to what extent they can still be used as a source of inspiration in resolving data protection questions.

– “Shots Fired – A Rational Assessment of Mass Shootings, The Alleged Participation of the Mentally Ill, and an Impaired Right of Privacy” – Advocates for removal of the barriers preventing data collection and analysis, particularly with states abandoning conceal-carry permit requirements and as terrorists migrate to using cars and alternative means to carry out their plans.

Join Our LinkedIn Group

Zapproved Inc., a developer of cloud‐based software for corporate legal departments, announced that the U.S. Department of Commerce has accepted Zapproved’s self-certification as Privacy Shield compliant. Zapproved’s Privacy Shield Certificate is available on the U.S. Department of Commerce’s Privacy Shield website.

The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. Becoming certified as EU-U.S. Privacy Shield compliant enables Zapproved to demonstrate compliance with EU data transfer rules and our ongoing commitment to best practices in data privacy.

“Zapproved takes data security and data privacy very seriously,” said Brad Harris, VP of Product Strategy for Zapproved. “We proactively look for ways to implement best practices, whether it be earning SOC2 ® certification or self-certifying as Privacy Shield compliant. Ensuring data security and privacy is part of our ongoing commitment to our many customers who engage in commerce globally.”

Akerman LLP, a top 100 U.S. law firm serving clients across the Americas, announced the advent of the Akerman Data Law Center, a technology-driven, data privacy and security law service offering developed in collaboration with Thomson Reuters Legal Managed Services.

In a release, the firm said the “Akerman Data Law Center will provide tailored research, multi-jurisdictional surveys and regulatory gap analyses in a wide array of data and privacy risk areas empowering clients to quickly and cost-effectively understand and handle routine compliance matters while mitigating risks before they become crises. With Akerman’s multi-disciplinary team of regulatory compliance and data law lawyers within reach, the firm can also provide legal interpretation and day-to-day counseling specifically tailored to each client’s distinctive situation and needs.”

Read more about the service.