Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Robin B. Campbell

Robin B. Campbell

Robin B. Campbell is a senior counsel and co-chair of the firm’s Privacy & Cybersecurity Group. She is also a member of the firm’s Health Care Group. She focuses on the development and implementation of information management strategies for the handling of personal information, including employee, customer, and consumer information. Robin provides a variety of privacy and security counseling, and has twice been seconded to clients to serve as their in-house privacy lead, once in the health care industry and once in the automotive industry.

Read Robin's bio on Crowell & Moring's website

Subscribe to all posts by Robin B. Campbell

EU DPAs Say Privacy Shield an Improvement but Needs Some Work

Posted in Government Agencies, Privacy
Uncertainty surrounding the U.S.-EU Safe Harbor (Safe Harbor) replacement, the EU-U.S. Privacy Shield (Privacy Shield), will remain for now. On April 13, 2016 the European Union (EU) Article 29 Working Party (WP29) comprised of all 28 EU member state data protection authorities (DPAs) announced its official but non-binding opinion on the European Commission’s (EC) draft… Continue Reading

Facebook Hit with French Data Protection Authority Action – Including a Safe Harbor Count

Posted in Cybersecurity / Data Security, Privacy, Sanctions
On February 8, 2016, the French Data Protection Authority (CNIL) publicly issued a formal notice to Facebook, following a joint investigation with four other EU regulators, asking the U.S. social network provider to comply with the French Data Protection Act within three months’ time. The notice (unofficial English translation available here), outlined several alleged violations… Continue Reading

U.S.-EU Safe Harbor Renegotiation in Jeopardy

Posted in Government Agencies, Privacy
The U.S. Department of Commerce and European Commission have remained publicly optimistic about their renegotiation of the U.S.-EU Safe Harbor (Safe Harbor) following the program’s invalidation by the European Court of Justice in October. Unfortunately, there are signs of trouble in the U.S. Senate and future trouble coming from European Union (EU) regulators. The EU… Continue Reading

EU Court of Justice Advocate General Says Safe Harbor is Invalid

Posted in Cybersecurity / Data Security, Government Agencies, Privacy
A European Court of Justice (ECJ) advocate general released his opinion September 23 in the matter of Maximillian Schrems v. Data Protection Commissioner, a case that questions the “adequacy” of the U.S.-EU Safe Harbor (Safe Harbor). The nonbinding opinion, which will now be considered by the full court in the coming months ruled: (1) that… Continue Reading

FTC dives deeper on U.S.-EU Safe Harbor enforcement

Posted in Cybersecurity / Data Security, Information Management, Privacy, Sanctions
On April 7, 2015 the Federal Trade Commission (FTC) announced two new U.S.-EU Safe Harbor cases. TES Franchising, LLC and American International Mailing, Inc. have agreed to settle FTC charges that the companies falsely claimed they were abiding by the U.S.-EU Safe Harbor Framework, a voluntary but enforceable framework that enables U.S. companies to transfer… Continue Reading

President Obama Announces Major Cyber and Privacy Legislation

Posted in Criminal Law, Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Information Management, Privacy
President Obama recently proposed several new laws reflecting the administration’s increased focus on privacy and cyber issues. The proposals seek to create a consistent national data breach notification law (to replace the current patchwork of 47 state laws), to encourage cyber threat information sharing, and to update cybercrime enforcement. Although Immediate reactions to the proposed… Continue Reading

Snapchat Settlement Highlights Continued FTC Scrutiny of Privacy and Security Representations

Posted in Cybersecurity / Data Security, Data Breach, Government Regulations & FISMA, Information Management, Privacy, Sanctions
The Federal Trade Commission (FTC) has been at it again, settling on December 31, 2014 with Snapchat over privacy and data security concerns stemming from its text and video mobile messaging services. The settlement is instructive for gauging the FTC’s enforcement priorities and illustrates the steep costs a company can face when the FTC alleges… Continue Reading

Privacy Takes Center Stage for Private and Public Sectors Alike

Posted in Cloud Computing, Cybersecurity / Data Security, Data Breach, Privacy, Rules
Over the past year, privacy concerns have played an increasingly critical role in influencing how government and the private sector think about information collection, use, and disclosure. With the rapid pace of technological advancements – and the complex issues that accompany developments such as the Internet of Things, cloud technology, and “big data” analytics –… Continue Reading

Florida Continues Trend to Strengthen Breach Laws

Posted in Cybersecurity / Data Security, Data Breach, Government Agencies, Government Regulations & FISMA, Public Sectors
On June 20, 2014, Florida enacted the Florida Information Protection Act of 2014 (FIPA) to strengthen its data breach notification law. The amendments, which take effect July 1, will make Florida one of the strictest jurisdictions for reporting deadlines (which shortens to 30 days) and the types of information that trigger notification obligations (Which now… Continue Reading

What You Should Know About the Changing U.S.-EU Safe Harbor Agreement

Posted in Cybersecurity / Data Security, Information Management, Transnational Discovery
The July 2000 Safe Harbor agreement between the United States and Europe concerning cross-border data flows is one of the key regulatory structures governing how organizations can collect, store, move, and use the massive amount of personal data generated in our interconnected world. Fourteen years after its inception, the agreement is under increasing strain from… Continue Reading

Wyndham Decision Upholds FTC Authority to Regulate Data Security

Posted in Cybersecurity / Data Security, Government Agencies
In a much-anticipated decision, the U.S. District Court for the District of New Jersey upheld the FTC’s authority to regulate data security practices by denying Wyndham Worldwide Corporation’s motion to dismiss challenging the FTC’s authority to pursue unfair and deceptive trade practices claims arising from a cyber breach. The complaint against Wyndham asserts that Wyndham’s… Continue Reading

EU Data Protection Rules Might Transform the Internet

Posted in Privacy, Transnational Discovery
With initial approval in the European Parliament civil liberties committee (the so-called LIBE Committee), the EU is moving ahead with overhauling its existing 15-year-old Data Protection Directive, replacing it with the General Data Protection Regulation (GDPR). The European Commission introduced the draft GDPR in January 2012 and seeks to harmonize regulations across the 28 member-states,… Continue Reading

Data Breach Class Action Against Barnes & Noble Dismissed for Lack of Standing

Posted in Cybersecurity / Data Security, Data Breach, Privacy
On September 3, 2013, the U.S. District Court for the Northern District of Illinois dismissed a class action complaint against Barnes & Noble seeking damages based on a data security incident, finding that the plaintiffs lacked standing to bring the claims. This decision reaffirms that retailers may be able to avoid damages for data breaches… Continue Reading

Massachusetts Court Broadly Interprets “Personal Identification Information” to Include Zip Codes, Holds Identity Theft Unnecessary to Sustain Private Cause of Action

Posted in Cybersecurity / Data Security, Privacy
A Massachusetts federal court (“federal court”) certified several privacy related questions of first impression to the Massachusetts State Supreme Judicial Court (“State court”) to clarify the scope of state law. In response, the State court broadly construed “personal identification information” (“PII”) and held that collecting customer zip codes during credit card transactions violates Massachusetts privacy… Continue Reading

Allegation of Data Breach Alone Insufficient to Sustain Claim Based on Inadequate Cybersecurity

Posted in Cybersecurity / Data Security, Data Breach, Information Management, Privacy
On March 6, 2013, the United States District Court for the Northern District of California held that a putative class of LinkedIn premium users lacked standing to pursue state law unfair competition, breach of contract, and negligence claims resulting from a hacking incident. The court dismissed the complaint, concluding that the plaintiffs failed to establish… Continue Reading

HIPAA Final Rule Applicable to Cloud Providers and Data Vendors

Posted in Cloud Computing, Cybersecurity / Data Security, Government Regulations & FISMA, Information Management, Privacy
The Health Insurance Portability and Accountability Act (HIPAA) final rule published on January 25, 2013 contains important changes that affect data management organizations, such as cloud providers. In many cases, entities that have access to health information will be considered “Business Associates.” Such entities would therefore be required to comply with HIPAA’s extensive security provisions… Continue Reading