Lexology Pro Compliancetakes a look at some of the most informative articles published on Lexology this fortnight for compliance teams to stay up-to-date, including key guidance from regulators around the world and practical tips to help businesses adapt to a new normal.

Certified to the Privacy Shield? Great! So you’re done in terms of GDPR compliance, right? Think again.

As we have discussed in previous newsletters, no matter where you are in the world, the General Data Protection Regulation (GDPR) applies to you if you are collecting or processing personal data of any EU individual. The law goes into effect in May.

High Court considers “test case” of Wall v Royal Bank of Scotland [2016] EWHC 2460 (Comm)

The claims

The Claimant, Mr Wall (W), brought claims against the Defendant, Royal Bank of Scotland Group (RBS), in relation to RBS’s dealings with a now insolvent group of companies owned and controlled by W. W brought the claims in his capacity as assignee of the group’s rights and/or as beneficiary of a trust as declared by the group’s liquidators.

For the benefit of our clients and friends investing in European distressed opportunities, our European Network is sharing some current developments.

Recent Developments

Personal data is a valuable corporate asset.  At times, the personal information collected from customers (such as email address, mailing address, phone number, etc.) can be a company’s most valuable asset.  Unfortunately, when a company attempts to sell this asset, it can find the value of the data significantly diminished due to promises made in a privacy policy the company implemented years before it ever contemplated such a sale.

Insolvent companies often hold a large volume of personal data, such as customer lists or user data. Who is responsible for this information? Recently, the Irish High Court decided a case concerning the transfer of patient records from a private hospital in liquidation.

The new Australian Privacy Principles (APPs) came into effect on 12 March 2014. In APP 8, they introduce a new 'accountability' approach to cross-border disclosures of personal information. 

The staff of the Federal Trade Commission’s Bureau of Consumer Protection recently sent a letter to the court handling ConnectEdu’s bankruptcy proceedings and sale of assets, which may include their customer’s personal information.

On May 23, 2014, the Federal Trade Commission announced that the FTC’s Bureau of Consumer Protection sent a letter to the court overseeing the bankruptcy proceedings for ConnectEDU Inc. (“ConnectEDU”), an education technology company, warning that the proposed sale of the company’s assets raises privacy concerns.

On 10 April 2014, the Department of Justice (DOJ) and Federal Trade Commission (FTC) issued a joint policy statement on the antitrust implications of sharing cybersecurity information to help facilitate the flow of cyberintelligence throughout the private sector. The statement addresses the long-standing concern that sharing cyberintelligence may violate antitrust law under certain circumstances and explains the analytical framework for such arrangements to make it clear that legitimate cyberintelligence exchanges will not raise antitrust issues.