Tuesday, June 22, 2010

Data Privacy Regulations: Trends & News

With the the HITECH Act and state data privacy laws going into effect in the US, many organizations are paying closer attention to rules affecting the standard of care they must exercise with the sensitive information they manage. Law firms are responding to client demand for privacy expertise by expanding client-facing privacy practice groups (see Hunton & Williams announcement). But firms should also carefully consider their own internal information risk management practices for managing both client and internal data.

Here are some interesting updates on evolving international data privacy rules and related resources:
  • Canada -- (via Canadian Privacy Law Blog) -- is proposing adding breach notification provisions to its data privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). If the changes are adopted, notice would need to be provided to affected parties and the Privacy Commissioner of Canada.
  • Mexico -- (via Reed Smith) -- has passed the Federal Law for Protection of Personal Data (FLPPA), which includes provision for collection, management, sharing, safeguards, notitification and non-compliance penalties.
  • Russia -- (via Hunton & Williams) -- is considering updating its data privacy laws. Though, at this point it's unclear if the results will be stronger rules or relaxed requirements for activities like collecting individual consent for data sharing. The local regulators have pointed out a high rate of existing non-compliance and are presently collecting feedback from the business community.
  • See also: an interview Brian Hengesbaugh, Partner with Baker & McKenzie, on data privacy considerations.

No comments:

Post a Comment