HL Chronicle of Data Protection : Privacy Lawyers & Attorneys : Hogan Lovells Law Firm : Data Security, E-Commerce & Technology

With the new "school year" comes a plethora of privacy events featuring Hogan Lovells attorneys:

On September 9th, the International Association of Privacy Professionals will present this Web Conference on "The Evolution of FTC Privacy Enforcement Actions—What More Granular Enforcement Means for Respondents and Businesses" featuring Hogan Lovells attorneys Chris Wolf and Tim Tobin and FTC Attorney Kandi Parsons.

It is a given that there can be no privacy without data security.  Chief Security Officer magazine is presenting the Security Standard conference on September 13 and 14 at the Marriott Brooklyn Bridge in New York City to explore  the complexities of modern security strategies, addressing identity management, cloud security, data protection, risk management and privacy.  For registration information, click here

Hogan Lovells' Chris Wolf will be presenting the following session on September 13:

Negotiating with Your Cloud Provider:  Standard service agreements don’t go far enough in protecting your data and your organization in the event of security incidents or outages at cloud providers. In this session, learn how to negotiate the right terms and penalties to get the protection you need from your cloud provider, from identity management to business continuity, incident response plans and more.

On September 14th, Pike & Fischer (a BNA company) will present this Web Conference entitled "Legal Landmines in Europe for Internet-Based Businesses" and featuring Hogan Lovells attorneys from our Paris Office David Taylor, Winston Maxwell, and Chris Wolf from Washington, DC, as well as Google's Global Privacy Counsel Peter Fleischer.

On September 21st, Hogan Lovells will present a complimentary webinar on NAFTA Privacy featuring top governmental privacy officials from Canada, US, and Mexico, as well as the Chief Privacy Leader of General Electric, and moderated by Hogan Lovells' Chris Wolf.   More information can be found here  To register, please click here.

And later in September....

You are invited to join Hogan Lovells at the upcoming Online Trust Alliance 5^th Anniversary "Online Trust & Cybersecurity Forum" being hosted at Georgetown University, September 22 to 24.  Of particular interest on Wednesday the 22d are three pre-conference workshops focusing on(1) email regulatory compliance, (2)  email and domain authentication, and (3) malvertising.  More information on the agenda and registration information are posted here .

Thursday keynotes include the US Secretary of Commerce Gary Locke, Greg Link of CoveyLink, Howard Schmidt (White House Cybersecurity Coordinator) and Randall Rothenberg (IAB) as well as dozens of other business and industry leaders.  Friday Representative Cliff Stearns is speaking and kicking off a privacy roundtable following by sessions on data breach remediation, identity management and privacy policy makeovers.

At the September 24th session, Christopher Wolf of Hogan Lovells will participate in this panel:

Data Breach & ID Theft; Detection & Remediation *
Despite increased security prevention investments and employee training, incidents of data loss are increasing. Companies need to pro-actively plan for the worst case understanding the focus is not if an event will occur, but when. An effective plan includes an orchestrated play book to be deployed on moment’s notice. This session will examine steps businesses can take to protect consumers and their brands by reviewing elements of an effective plan including consumer education.  Session will also examine the role consumers have in the chain of trust and steps they can take to protect their identity.

• Chris Shenefelt, Executive Vice President, Global Operations, Intersections Inc.

• Anne Wallace, President, Identity Theft Assistance Corporation

• Christopher Wolf, Director, Privacy & Information Management Practice, Hogan Lovells

OTA has offered readers of the Hogan Lovells Blog the opportunity to register by August 31^st for only $399.50 for the two day program and save 50%.  Use discount code Hogan50  Register at https://otalliance.org/dc.html

AMP Summit is "an annual forum for influentials and thought leaders in the activist, media and political spheres."   Public officials and regulators, experts from think tanks, trade associations, and public relations, and members of the media will attend. This conference in Washingrton at the Marriott Metro Center "is intended to inspire new thinking, challenge traditional strategies, and create opportunities to learn from each other."   Detailed information can be found here .

Chris Wolf from Hogan Lovells will participate on a panel on Friday, September 24th from 3:50 to 5 PM entitled "Privacy in the Internet Age: Does DC Have a Role to Play?" with Lillie Coney of the Electronic Privacy Information Center and  Berin Szoka of the Progress and Freedom Foundation, moderated by Bruce Mehlman of Mehlman, Vogel, Catagnetti.

Also, as shown here, Quentin Archer from the Hogan Lovells London Office will be co-chairing the Sedona Conference International Programme on Cross-Border E-Discovery and Privacy on 15 and 16 September in Washington, DC.

• Email This
• Print
• Share Link

With much of the privacy regulatory and policy world on vacation, I took a few days outside of Washington to hear what people are thinking about where privacy law is going.  I have just returned from "Geek Week" in Seattle, WA, where I particiated in a new program entitled "pii2010" which "explore[d] the future of digital privacy, identity and innovation, and how to strike a balance between protecting sensitive information and enabling new technologies and business models. Hosted by technology analyst Larry Magid, it [was] an all-hands-on-deck conference where industry executives, technologists, consumer advocates, policy experts and other stakeholders [came] together as a group to examine critical issues.  "Lively" doesn't beging to describe the event, with audience members intervening at will and peppering the panelists with questions and "colorful" comments,  It was a little like a blog come to life.  One major take-away:  there are widely divergent views on the role of government and regulation in protecting online privacy. 

Washington Internet Daily provided a report of the event and my participation, a small excerpt of which is here:

Rumors of the death of the notice-and-choice privacy framework have been greatly exaggerated.Despite regular declarations from FTC officials over the past several months that the framework needs to be replaced, privacy advocates speaking to the pii2010 conference Thursday gave every indication that won't happen.

"For better or worse, we are stuck with a notice-and-choice paradigm" and must work within it, said Christopher Wolf, co-chairman of the Future of Privacy Forum. "I don't see how you get rid of choice," said Fran Maier, president of TRUSTe.  The likelihood of any privacy bill passing this year is "virtually nonexistent," and if Republicans retake at least one house of Congress in the midterm elections, it drops, Wolf said. The bills offered by Reps. Bobby Rush, D-Ill., and Rick Boucher, D-Va., chairmen of the House Commerce Consumer Protection and Communications subcommittees, are "incredibly complex," Wolf said. "I just see enormous wrangling" over their provisions from industry and activists. The bills have been helpful to "start conversation" with stakeholders, though, Maier said.

 

More likely is faster development of "common law" by the FTC, which has "really gotten into the weeds" on privacy-related issues, especially data security, said Wolf, who represents clients before the commission. The parties targeted in FTC investigations rarely put up much of a fight, as exemplified by Sears' conceding that its tracking software installed on customers' computers crossed the line, he said: There's no reason to think the commission will go easier on privacy disputes.

 

The Future of Privacy Forum is "trying to proselytize" for better self-regulation by industry, as with the "Power-I" icon being tested in online ads, but not trying to halt privacy legislation that gives companies a safe harbor for following best practices, Wolf said. The forum is running a "privacy papers for policymakers" competition whose winners will be announced Sept. 15 at a George Washington University law school event with David Vladeck, director of the FTC Consumer Protection Bureau, he said.

 

• Email This
• Print
• Share Link

Readers of the Hogan Lovells Chronicle of Data Protection may be interested in this upcoming webinar featuring Hogan Lovells attorneys from Europe and the United States, as well as Google's European Privacy Counsel, Peter Fleischer.  This event is being produced by Pike & Fischer, a Bureau of National Affairs (BNA) Company.  Here is the Pike & Fischer/BNA announcement with link to registration information:

BNA Webinar
Legal Landmines in Europe for Internet-Based Businesses
June 30, 12:30 p.m. to 2:00 p.m. ET

So you think your business practices are EU-compliant? You could be blindsided by European laws and regulations that are foreign—in every sense of the word—to your accustomed way of doing business. The recent conviction of three Google executives by an Italian judge is one notable example. Don't be caught off guard. Join Pike & Fischer's panel of legal experts as they expose European laws (both enacted and proposed) that potentially render U.S.-based Internet businesses liable for intellectual property, privacy, e-commerce, speech, and other violations.

Peter Fleischer, Global Privacy Counsel, Google, and Winston Maxwell and David Taylor, both partners with Hogan Lovells in Paris, will cover a wide range of topics, including data retention obligations, collection of personal data, and liability for user-generated content. The session will be moderated by Christopher Wolf, Partner, Hogan Lovells in Washington, DC.  

For further information: http://www.pf.com/eventDetail.asp?id=105&type=1.
 

• Email This
• Print
• Share Link

  While the Hogan Lovells Chronicle of Data Protection primarily is designed for news and analysis of developments in the field of privacy and data protection, we want to take the opportunity of the recent combination of Hogan & Hartson with Lovells to inform our readers of the global breadth and depth of our practice. While each of the legacy firms was celebrated for its privacy and information management practices, the coming together of the lawyers from the two firms has created a practice group that is unparalleled in the world.  Hogan Lovells helps clients address privacy and data protection globally and in regard to specific national laws in countries around the world, through our 40 offices in the Americas, Europe, the Middle East and across Asia.

In the coming weeks, we will detail the privacy practices resident in various offices around the world.

Last week, selected partners from the global privacy and information management practice met in Geneva, Switzerland to discuss practice coordination and cooperation, and to focus on how we together can better serve our clients as a unified group.   (Regrettably, some of the partners scheduled to participate were grounded due to the Icelandic ash cloud including, notably, practice co-leader Marcy Wilder). Joining the discussion and pictured above are (from left to right)  Winston Maxwell (Paris), Quentin Archer (London), Steffan Schuppert (Munich), Gonzalo Gallego (Madrid), David Taylor (Paris), Marco Berliri (Rome), Wim Nauwelaerts (Brussels) and practice co-leader Christopher Wolf (Washington).

To provide an illustration of our global capabilities,  tomorrow (20 May 2010) the firm will host a webinar entitled “Hogan Lovells Trans-Atlantic Discussion on the Privacy Challenges Facing Multi-National Corporations”. This will be the first webinar by the Privacy and Information Management Group at Hogan Lovells, featuring privacy lawyers on both sides of the Atlantic from the former Hogan & Hartson and Lovells. Quentin Archer (London), Steffan Schuppert (Munich), Wim Nauwalaerts (Brussels), Lynda Marshall (Washington), Marcy Wilder (Washington) and Christopher Wolf (Washington) will explore contemporary privacy law challenges facing companies doing business in multiple jurisdictions around the world, such as:

• Cross-Border Transfers of Data Internationally
• Managing Employees in Multiple Jurisidctions
• Onine Marketing Issues Around the World
• Data Security and Data Breach Requirements
• The Obligations Concerning Health Data Around the World
• National Trends with International Ramifications

The panelists will explain how a coordinated international approach to privacy compliance is cost-

effective and is an optimal way to limit risk and protect privacy.

Readers of the Hogan Lovells Chronicle of Data Protection are cordially invited to attend our webinar.  Please register by clicking here.

• Email This
• Print
• Share Link

 We are pleased to announce that Hogan & Hartson LLP and Lovells LLP have combined to form Hogan Lovells, effective May 1, 2010.

Our new firm now has about 2,500 lawyers in more than 40 offices throughout the United States, Europe, Asia, the Middle East, and Latin America. We are excited about the expanded global capabilities that Hogan Lovells can offer our clients, including a broader range of legal services in virtually all major international markets. Though we are a new firm, our fundamental values and our commitment to excellence remain unchanged.

We believe that this is a great combination that will benefit all our clients. In the Privacy and Information Management area especially, the combination gives us even greater breadth and depth.

The compliance challenges and business risks related to personal data are significant and growing. With advances in technology, personal information increasingly is collected, stored, used, and shared. At the same time, the regulation of data use and security is increasing worldwide.

Hogan Lovells has one of the largest and most experienced Privacy and Information Management practices in the world, spanning the United States, the EU, and Asia. The group assists clients with all of their compliance challenges, drafting policies and providing advice.

• We are among the very few law firms that can help you achieve compliance both globally and in regard to specific national laws.
• Our lawyers are conversant with local regulations, the laws affecting cross-border data transfers, and the laws regulating sectors that collect sensitive personal information, such as finance and health.
• We represent clients in adversarial matters concerning the use of data, whether at the level of the EU data protection authorities, or before the U.S. Federal Trade Commission, Department of Health and Human Services, state attorneys general or in private party litigation.
• We play an important role in the development of public policy regarding the future regulation of privacy.

Awards and Rankings

• Recognized for our "deep and thorough understanding of the privacy issues surrounding the healthcare sector," Chambers Global: USA (2010)
• Ranked in the first tier and awarded "plaudits for delivering an 'exceptional standard,'" Legal 500: Europe, Middle East & Africa (2010)
• "Probably the most sophisticated clutch of privacy advisors in the country," Legal 500 US (2009)
• "The Brussels team is lauded for its protection expertise," Chambers Global: Europe-wide (2009)

For more information about the new HoganLovells Privacy and Information practice, visit our web site.

• Email This
• Print
• Share Link

The privacy and data security enforcement agenda at the Federal Trade Commission is evolving. Consent decrees are imposing stricter and more specific standards on business with respect to the collection, usage, storage, sharing and disposal of personal information. Recent changes in leadership at the FTC, and public statements from the FTC Chairman and the Director of the Bureau of Consumer Protection, suggest more aggressive privacy and data security enforcement in the coming years. And the entire paradigm of privacy protection, including its foundation of notice and choice, is under reexamination after a series of FTC Roundtables conducted in later-2009 and early-2010.

For businesses under the jurisdiction of the FTC, the impact of this evolving enforcement agenda is significant. Greater attention than ever must be paid to the issue of notice and choice, as well as to the physical, technical and administrative safeguards provided for personal information, to ensure that specific statutory standards enforced by the FTC are met and that the general consumer protection standard of Section 5 is also satisfied.

Historically, enforcement actions by the Commission under Section 5 of the FTC Act focused on businesses that failed to adhere to promises they made about privacy and data security. In many of these cases, the FTC determined that a business’s failure to adhere to their own policies and promises constituted an unfair business practice. In the middle of the last decade, however, the enforcement focus at the FTC began to change. Rather than concentrating enforcement activities exclusively on businesses that failed to adhere to their own promises, the Commission began to look more at whether a business’s actual privacy and data security practices were reasonable.

The many reports of data security breaches required under state laws gave the FTC several new enforcement targets – businesses whose lax data security led to breaches that had to be reported publicly. In these cases, unreasonably lax practices led to a complaint of unfairness under Section 5. Also noteworthy about this phase of FTC enforcement was that nearly all of these cases involved instances in which privacy and security failures resulted in substantial consumer harm. In recent years FTC enforcement has become more “granular,” in the sense that the FTC enforcement staff examines specific details of respondents’ privacy practices and information security measures when assessing “reasonableness.”

By clicking on this link, you will be taken to a 45-minute multimedia presentation on the new directions in enforcement at the FTC, with in-depth cases analysis, including the recent Dave & Busters consent decree involving the absence of filters for outgoing data to protect against the loss of personal data. 

• Email This
• Print
• Share Link

Hogan & Hartson privacy attorneys, including Chris Wolf, will be participating in the Chubb Social Media Risk Innovation Event, hosted from April 26-29 by the Chubb Group of Insurance Companies and its technology partner, Imaginatik.  The event is an online, interactive session with risk managers, other business professionals, agents, and brokers in which pariticipants will collectively identify risks and potential mitigation strategies regarding the use and potential misuse of social media.  Hogan & Hartson attorneys will be on hand throughout the event to facilitate the discussion and contribute expertise regarding legal risks businesses face from sanctioned and unsanctioned corporate and employee use of social media.

Demonstrating the power of social media, musician Dave Carroll posted a video seen by millions of people on YouTube chastising an airline he accused of breaking his guitar. View an invitation from Dave to Chubb's Social Media Risk Innovation Event.

You may self-register on-line at https://chubbsocialmedia.imaginatik.com. The first 500 people to register will receive a free download of "Perfect Blue," Dave's new album.

Once registered, you may participate in this online event either remotely via your PC, laptop, smartphone, (e.g., BlackBerry, iPhone, etc.) or at Chubb booth #1511 at the RIMS Conference in Boston, MA. We also welcome you to invite clients you believe would be interested in participating in this event by forwarding this email and its self-registration link.

Chubb will award prizes to participants who submit the most ideas and whose ideas generate the greatest amount of collaboration. The prizes include cash donations to charities, ranging from $500 to $2,000, in the names of the top three scoring participants.

• Email This
• Print
• Share Link

Today is "Data Privacy Day", which is being marked around the world, including here in Berkeley, CA at the FTC's "Exploring Privacy" Roundtable.  The purpose of this roundtable discussion, the second in a series of three, is to "explore the privacy challenges posed by the vast array of 21st century technology and business practices that collect and use consumer data. Such practices include social networking, cloud computing, online behavioral advertising, mobile marketing, and the collection and use of information by retailers, data brokers, third-party applications, and other diverse businesses. The goal of the roundtables is to determine how best to protect consumer privacy while supporting beneficial uses of the information and technological innovation."  Today's discussion, like the one that took place at the first roundtable in Washington, is focusing on whether the traditional paradigm of Fair Information Practices -- and especially notice and choice -- suffices to allow consumers to understand and control what information is collected about them and used by others for marketing and other purposes.  Professor Paul Schwartz, on the cloud computing panel, just commented on how typically-complex privacy policies provide "TMI" (too much information) for a consumer to understand and act on.  And Harriet Pearson of IBM also commented on how simply providing a list of companies processing data in the clouds -- service providers -- would not be meaningful for consumers, a proposition with which Scott Shipman of Ebay agreed.

On the issue of meaningful notice, see yesterday's New York Times article on the emergence of an eye-catching icon attached to online ads to attract consumer attention, on which they can click to get information about  what information is being collected about them to deliver targeted ads.  (Full disclosure: the Future of Privacy Forum, the think tank that I founded and co-chair, was instrumental in development of the icon.)

• Email This
• Print
• Share Link

On November 17, the Federal Trade Commission released the agenda of the first of three privacy round tables it will hold over the course of the next few months.  The first round table will occur on December 7 at the FTC Conference Center in Washington, DC, and will feature four panels entitled "Benefits and Risks of Collecting, Using, and Retaining Consumer Data," "Consumer Expectations and Disclosures," "Online Behavioral Advertising," and "Exploring Existing Regulatory Frameworks."

The FTC also announced that its second privacy round table will be held on January 28, 2010 at the University of California, Berkeley, School of Law.  The round table will focus on how technology affects consumer privacy, including its role in both raising privacy concerns and enhancing privacy protections, and will include specific discussions on cloud computing, mobile computing, and social networking.  The FTC has posed two questions for comment in advance of this round table:

1. What role do privacy enhancing technologies play in addressing Internet-related privacy concerns?  Consider the efficacy of technological innovations in areas such as identity management systems, new means of providing consumer notice and choice, and emerging methods of ensuring accountability in data usage.  In framing comments, consider the costs and benefits of privacy-enhancing technologies in the following contexts:  cloud computing services; social networking sites; online behavioral advertising; the mobile environment; services that collect sensitive data, such as location-based information; and any other contexts you wish to address.  If privacy enhancing technologies do play a role in resolving privacy concerns, discuss whether and how to create incentives for the development and adoption of such technologies, and ways to ensure they are effective and useful to consumers.
2. What challenges do innovations in the digital environment pose for consumer privacy, and how can those challenges be addressed without stifling innovation or otherwise undermining benefits to consumers?  For example, consider the technology and business practices that enable greater collection, use, and distribution of consumer data, including evolving methods of observation and tracking; techniques for correlating data, including the re-identification of anonymized data; the merging of data between on-line and off-line environments; and the emergence of third-party application developers in online platform environments.

The FTC currently is soliciting requests to participate as panelists in this second round table, as well as recommendations for topics for inclusion in the agenda, which are due by December 9.  Comments or additional research on the topics will be considered prior to the second round table if they are received by December 21.

Details have not yet been released for the third and final privacy round table, which is to be held on March 17, 2010 in Washington.

• Email This
• Print
• Share Link

The University of Denver Law Review today presented a Syposium on "Cyber Civil Rights: New Challenges for Civil Rights and Civil Liberties in Our Networked Age."  Hogan & Hartson partner (and privacy group co-chair) Christopher Wolf delivered remarks on "Accountability for Online Hate Speech: What Are The Lessons From 'Unmasking' Laws?” 

Chris observed that online anonymity and the privacy it shields can be used as a sword to injure the human dignity of others who are victimized by hate speech.  It also can be used to mislead and indoctrinate young people.

The Internet, in large part because of the shield of online anonymity, has become the medium through which hate groups plot and promote real-world violence, recruit and indoctrinate like-minded haters, mislead and distort information for those – like students – who innocently link to their content. There are, of course, notorious hate mongers who use their real identities and revel in the limelight.   But the vast majority of hate spewed online is done so anonymously. The Internet content of hate mongers – words, videos, music, and social network postings – serve to offend the human dignity of the intended victims, minorities and those who hate groups identify as “the other”.   

Chris went on point out the problem of cyberbullying and hate-filled comments appended to mainstream news articles online.  After reviewing the legal regimes used to "unmask" online copyright infringers, those who commit defamation online and KKK members while marching in groups, Chris acknolwedges the First Amendment limitations on legal regulation of anonymous speech online and proposes a self-regulatory regime by online companies to address hate speech online.  A copy of his full remarks can be found here. 

• Email This
• Print
• Share Link

As the 31st annual International Conference of Data Protection and Privacy Commissioners wraps up in Madrid, capped by the announcement that next year’s conference will occur in Jerusalem, to be hosted by the Israeli Information and Technology Authority, some reflections:

• Security vs. Privacy   There continues to be a tension between the need for security from terrorist and criminal attacks and the right to be free of excessive collection and retention of personal data by governments.  This was the focus of the remarks of the Spanish Minister of the Interior and the US Secretary of Homeland Security, and a panel of experts from around the world who concluded that there needs to be greater focus on the need for all of the information that is harvested from citizens.  The pre-conference session of The Public Voice organized by the Electronic Privacy Information Center resulted in a Madrid Declaration that warned that "privacy law and privacy institutions have failed to take full account of new surveillance practices."

• Corporate Accountability and New Privacy-Enhancing Technologies  Presentations by corporate representatives of Google, Microsoft, eBay, Yahoo!, Procter & Gamble, Accenture and others showed that corporate accountability for privacy (a concept advanced enthusiastically by our friend Marty Abrams of the Center for Information Policy Leadership) is guided not only by the need to be legally compliant but also by the recognition that in our information society, responsible data management will build consumer trust.  There was an impressive demonstration of various new technologies that provide greater transparency and more robust notice to individuals about the collection of data about them, and that give them greater control over the collection, use, transfer and retention of personal data.  For example, Google unveiled new privacy tools and Jules Polonetsky, my co-chair at the Future of Privacy Forum, illustrated the array of technologies available to protect the privacy of children.  The greater demonstration of such “self-regulation” through corporate accountability and the deployment of privacy-enhancing technology was recognized at the conference as an essential pillar of privacy protection. 

• US Law and Enforcement  In the panel on children’s privacy, John Avila of the Walt Disney Company, gave a compelling overview of the breadth and depth of US legal protections for privacy, which includes COPPA to protect kids, and which he pointed out focuses on the areas of greatest privacy concern (such as financial and health privacy).  There were also presentations on the robust enforcement of US privacy laws by the FTC and other authorities, and the innovations in regulation that include, for example, data security breach notification laws which serve as a model for new regulation in Europe.  My conversations with various EU Data Protection Commissioners indicated a growing respect for the US scheme of data protection, in stark contrast to the official EU position that the US lacks adequate protections for personal data which prohibit the cross-border transfer of data to the US absent special arrangements (such as Safe Harbor participation, model contracts or Binding Corporate Rules).

• Cloud Computing and the Smart Grid  There was a focus on the privacy issues implicated by new technologies such as the next generation of cloud computing and the Smart Grid.

• Cross-Border Harmonization of Regulation  Another important theme of the conference concerned cross-border harmonization of privacy regulation, even among countries in the EU that operate under the common principles of the EU Directive but whose laws often reflect differences in detail and application.  In that regard, the European Commission is in the process of soliciting views on the new challenges for personal data protection in order to maintain an effective and comprehensive legal framework to protect individual’s personal data within the EU. 

As with many such conferences, the value of the formal program was augmented by the opportunity of data protection regulators to meet informally with representatives of civil society, privacy advocates, privacy lawyers, and corporate privacy officials.  The interactions over lunch and dinner, and at the wonderful art galleries of Madrid (where tours were made part of the official agenda), allowed for the sharing of perspectives and ideas, and a recognition that no matter which sector is involved, those gathering in Madrid share the commitment to the protection of personal  privacy.

Next year in Jerusalem!
 

• Email This
• Print
• Share Link

Today at the 31st International Conference of Data Protection and Privacy in Madrid, US Secretary of Homeland Security spoke to those of us in attendance about her goal of a US-EU binding agreement on data sharing and privacy.  See this account from former Hogan & Hartson partner Mary Ellen Callahan, now Chief Privacy Officer at DHS, who accompanied Secretary Napolitano to Europe.

Following the ceremonial opening of the conference and addresses from senior government officials from Spain and the US, the delegates got down to work on granular issues of privacy and data protection.  Look for more reports as the meeting progresses.

• Email This
• Print
• Share Link

In advance of the global meeting of data protection authorities starting tomorrow in Madrid, the International Association of Privacy Professionals (IAPP) and the Electronic Privacy Information Center (EPIC) are hosting side events today at the conference hotel.

The biggest news so far, discussed at the IAPP event,  is that the European Commission is seriously considering  new  data security breach notification laws. Previously, the Commission and  the European Council had focused only on breaches at telecom companies and ISPs.

The Commission’s Information Society Commissioner, Viviane Reding,  now has said that new EU-wide legislation requiring all entities to notify individuals and authorities of breaches is seriously under consideration.

Thus, EU compliance officers are paying rapt attention to the discussion by the Americans here of how to comply with data security breach laws.

• Email This
• Print
• Share Link

Starting on Tuesday, November 3d, Hogan & Hartson will be live blogging from international privacy events in Madrid.  Chris Wolf from the firm's Washington Office and Wim Nauwelaerts from the Brussels Office, both senior lawyers in the Privacy and Data Security Practice, will provide timely reports from side events leading to the 31st International Conference of Data Protection and Privacy Commissioners

The civil society conference The Public Voice: Global Privacy Standards in a Global World to be presented by the Electronic Privacy Information Center;  and 

The Data Protection and  Privacy Workshop to be presented by the International Association of Privacy Professionals.    

Then, starting on Wednesday, November 4th, we will bring you reports from the "main event", which the host, the Spanish Data Protection Agency (AEPD), has described as "the largest forum dedicated to privacy in the world, which every year brings together the highest authorities and institutions guaranteeing data protection and privacy, as well as experts in the field from every continent. "

Watch for our daily reports.

• Email This
• Print
• Share Link

Readers of our blog are cordially invited to a complimentary Hogan & Hartson webinar on the legal issues arising from Cloud Computing on Tuesday, October 6 from 11 AM - 12:30 PM EDT.  To request an invitation to the webinar, please e-mail:  jbhowe@hhlaw.com

Cloud computing allows businesses to use the remote computing power of others to handle data and data applications. For most businesses, it is not a question of whether but how to use cloud computing. Cloud computing — a unique form of outsourcing — can reduce costs, improve service delivery, and allow business innovation not feasible with proprietary servers and on-site software.

So the question is how a company can use the new services in ways that protect the company and its data. As with any transfer of valuable company information, there are legal issues and legal risks that must be addressed.

In this webinar, you will learn and have an opportunity to ask questions about these issues and more:

• What exactly is cloud computing? What forms does it take?
• What steps should a company take to protect its intellectual property, including trade secrets and confidential information, in the cloud?
• Is data in the cloud safe from government view, and what can you do to protect it?
• How should you address the privacy law issues implicated by cloud computing, especially in light of the international legal rules on the cross-border transfer of data?
• What labor and employment law issues are implicated by sending data to the cloud?
• How does a company deal with e-discovery when using cloud computing?
• What data security safeguards should a company put in place before outing data in the cloud?
• Whose responsibility is it if there is a data breach and how are the requirements of data security breach notification laws met?
• What are the contracting issues with cloud computing and the best practices for getting a solid cloud computing contract?
• How do companies and cloud service providers handle service level issues?

• Email This
• Print
• Share Link

By Lynda Marshall, Chris Wolf, Marcy Wilder and Tracy Gray

Hello and welcome to the Hogan & Hartson Chronicle of Data Protection.   

We are delighted to introduce you to our privacy blog.  Our goal is to use this blog to bring you timely updates on a wide-range of issues in the privacy arena, including the evolving role of privacy and data protection in health law and policy, security safeguards, international compliance and e-commerce.  The practical implications of changing privacy regulations affect us all, both as professionals and personally, and we hope this blog will serve as a key source of information for you in navigating this ever-changing field.

We also hope you will have the chance to catch some of Hogan & Hartson's privacy team at the IAPP Privacy Academy in Boston, September 16 - 18th.    H&H attorneys will be on the following panels:

• Data Retention - the Monster in the Servers, September 17th at 2:15, featuring Chris Zaetta, Hogan & Hartson, and Andy Holleman, Chief Privacy Officer and Associate General Counsel, Qwest Communications
• In to the Breach - Dealing with the Aftermath of a Data Breach, September 18th at 11 AM, featuring Christopher Wolf, Hogan & Hartson, Chris Cwalina, Vice President and Associate General Counsel, Intersections, Inc., and Carol DiBattiste, Senior Vice President, Privacy, Security, Compliance and Government Affairs, LexisNexis Group
• Pie in the Sky - Looking at a Cloud Contract at Ground Level, September 18th at 11 AM, featuring Zenas Choi, Hogan & Hartson, and Geff Brown, Senior Attorney,  Law and Corporate Affairs, Microsoft Corporation

Thanks for joining us, and we look forward to being a helpful guide in the world of privacy.

• Email This
• Print
• Share Link