HL Chronicle of Data Protection : Privacy Lawyers & Attorneys : Hogan Lovells Law Firm : Data Security, E-Commerce & Technology

Hogan Lovells offices worldwide are celebrating Data Privacy Day today. The internationally-recognized day, which is observed in the United States, Canada, and 27 European countries, serves to raise awareness and promote data privacy and protection education.

As part of Hogan Lovells' commitment to fostering dialogue around issues including consumer privacy protection, misuse of information, and online safety, planned Data Privacy Day activities will include:

• Hogan Lovells lawyers from the Privacy and Information Management Practice in the Washington, D.C. office will participate in a new program, the "Privacy Law Salon" in Miami Beach, FL, a Cambridge Forums conference organized by practice director Christopher Wolf, practice Senior Policy Advisor Professor Daniel Solove from the George Washington University Law School, and Berkeley Law Professors Paul Schwartz and Chris Hoonagle, and will involve practice co-director Marcy Wilder and privacy lawyers Barbara Bennett, Lynda Marshall, Chris Zaetta, and Tim Tobin. Numerous Hogan Lovells clients also are participating in the Privacy Law Salon and Department of Commerce General Counsel and co-chair of the new federal privacy committee in the White House Office of Science and Technology, Cameron Kerry will address the group.
• A data protection seminar in our Hong Kong office titled, "A Survival Guide to Data Protection in Hong Kong" will be presented by Hogan Lovells partner Gabriela Kennedy.
• Lawyers in our Madrid office will partner with the Spanish Data Protection Agency for a discussion about data privacy with students. Internal seminars, discussions, and games related to data protection and privacy will take place in many offices.
• Hundreds of Hogan Lovells lawyers in Washington, D.C., New York, California, and London will receive a fortune cookie from the Privacy and Information Management Practice (a subtle reference to the use of tracking cookies online -- a current privacy focus) to raise awareness of how the privacy practice can help clients.

Washington, D.C. office partners Christopher Wolf and Marcy Wilder, co-directors of Hogan Lovells' Privacy and Information Management practice group, coordinated the events. Hogan Lovells is well positioned to assist clients around the globe and in a wide array of industries with advice and representation in the rapidly changing area of privacy and data security law. With offices located throughout the Americas, Europe, Asia, and the Middle East, Hogan Lovells is unique in it ability to provide global assistance on privacy and data security matters. We draw upon the extensive experience of our technology, health, communications, and consumer protection lawyers to provide advice and counsel across a wide range of subject matters and industries.

The Privacy and Information Management practice group's blog, The Chronicle of Data Protection is the source for privacy and information security news and trends. 

• Print

USA Today and "The Last Watchdog" blog published a story today on the privacy implications of ubiquitous digital sensors, in which Hogan Lovells Privacy and Information Management practice Director Chris Wolf is quoted at length. Some excerpts:

Odds are you will be monitored today — many times over.

Surveillance cameras at airports, subways, banks and other public venues are not the only devices tracking you. Inexpensive, ever-watchful digital sensors are now ubiquitous.

Over the next couple of years, the volume of data generated by digital sensors will surpass the flow of e-mails and social-network entries combined, predicts Stephen Brobst, chief technical officer at data analytics firm Teradata. “Sensors will touch nearly every aspect of our lives,” he says.

Meanwhile, technology is rapidly being developed to efficiently mine this mushrooming trove of sensor data in novel ways.

Privacy worries

But before the blessings of pervasive monitoring can be fully realized, privacy concerns need to be addressed, says Chris Wolf, director of privacy and information management at global law firm Hogan Lovells.

“What’s new is the capacity for databases to share data and therefore to put together the pieces of a puzzle that can identify us in surprising ways — ways that really could be an invasion of privacy,” Wolf says.

Wolf, the privacy attorney, says the right to move through public places anonymously could be at risk. “We don’t have to tell everybody we pass on the street our name, phone number and address,” Wolf says.

Losing the right to anonymity, he says, could “really have a chilling effect on where we go, with whom we meet and how we live our lives.”

• Print

The Hong Kong financial services industry (as represented by the Consumer Credit Forum (the "CCF") with support from Hong Kong's financial regulator, the Hong Kong Monetary Authority ("HKMA"), have recently issued proposals to widen the scope of the current credit data sharing scheme in Hong Kong, in order to allow additional mortgage data of consumers to be shared among credit providers (the "Proposals"). If the Proposals are accepted, it will be necessary to amend the Code of Practice on Consumer Credit Data (the "Code of Practice") issued by the Privacy Commissioner for Personal Data (the "Commissioner") under the Personal Data (Privacy) Ordinance (the "Ordinance").

On 5 January 2011, the Commissioner issued a consultation paper to seek public comment on the Proposals. The public are invited to submit comments on the Proposals and the related privacy implications by 8 February 2011. 

• Print

E-mails to an attorney that clearly would otherwise have been privileged were found by the California Court of Appeal not to qualify as a "confidential communication between client and lawyer" within the meaning of California Evidence Code section 952.

In Holmes v. Petrovich Development Co., LLC, an employee appealed from a trial court determination that e-mails she sent to counsel regarding possible legal action against her employer were not privileged.  The employee had used a company computer to send the e-mails, "even though:  (1) she had been told of the company's policy that its computers were to be used only for company business and that employees were prohibited from using them to send or receive personal e-mail; (2) she had been warned that the company would monitor its computers for compliance with this company policy and thus might 'inspect all files and messages . . . at any time;' and (3) she had been explicitly advised that employees using company computers to create or maintain personal information or messages 'have no right of privacy with respect to that information or message.'"

The Court held that while an attorney-client communication does not lose its privileged character for the sole reason that it was communicated by electronic means, the circumstances of the case "were akin to consulting her attorney in her employer's conference room, in a loud voice, with the door open, so that any reasonable person would expect that their discussion of her complaints about her employer would be overheard by him."  The Court distinguished Quon v. Arch Wireless Operating Co., Inc., 529 F.3d 882 (9th Cir. 2008), which was reversed by the Supreme Court in City of Ontario v. Quon, 177 L.Ed.2d 216, 231 (2010), on the ground that Quon involved a search and seizure of employee messages by a public employer.  It also stressed that the employee's use of the e-mail account was clearly covered by the company's policy, and that employees had been warned that e-mails were not private and would be subject to random monitoring.  The fact that the employee erroneously believed that the use of a private password protected the confidentiality of her e-mails, or that the company did not in fact randomly monitor employee e-mails, were found to be irrelevant.

• Print

News of an innovative client program, a strategic risk management relationship with Hogan Lovells offering proactive resources and advice to manage privacy and data security risks, as well as just in time support and access to counseling in the event of an information breach:

ZUG, Switzerland, Jan. 11, 2011 /PRNewswire/ -- Allied World Assurance Company Holdings, AG (NYSE:  AWH) announced new strategic risk management relationships with the law firm of Hogan Lovells US LLP and eRisk Hub® available for Privacy 403v2 policyholders.

"The goal of our program is to provide our policyholders with both proactive resources and advice as well as just in time support and access to industry experts in the event of an information breach," said Susan Chmieleski, Senior Vice President Healthcare Product and Risk Management Lead, Allied World U.S.

Our program includes the following Hogan Lovells resources: Guide for Data Security Breach Preparedness and Response, Monthly Updates on Important Developments in Privacy and Information Management Law, Chronicle of Data Protection, Webinars, Help Desk for Breach Response and Incident Reporting, and Proactive Consulting.

Additionally, Allied World's e-Risk Hub® portal powered by Net Diligence is an internet-based service that features news, content and services from leading practitioners in risk management, computer forensics, forensic accounting, crisis communications, legal counsel, and other highly-specialized segments of cyber risk.

Adam Sills, Vice President of Allied World U.S.' Privacy/Technology Unit adds, "We are very pleased to announce our Risk Management services providing our Privacy 403v2 policyholders with the ability to proactively manage and respond to Privacy risks."

About Allied World Assurance Company

Allied World Assurance Company Holdings, AG, through its subsidiaries, is a global provider of innovative property, casualty and specialty insurance and reinsurance solutions, offering superior client service through a global network of branches and affiliates.  Our insurance and reinsurance subsidiaries are rated A (Excellent) by A.M. Best Company, and our Lloyd's Syndicate 2232 is rated A+ (Strong) by Standard & Poor's and Fitch. Please visit our website at www.awac.com for further information on Allied World.

Cautionary Statement Regarding Forward-Looking Statements

Any forward-looking statements made in this press release reflect our current views with respect to future events and financial performance and are made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995.  Such statements involve risks and uncertainties, which may cause actual results to differ materially from those set forth in these statements.  For example, our forward-looking statements could be affected by pricing and policy term trends; increased competition; the impact of acts of terrorism and acts of war; greater frequency or severity of unpredictable catastrophic events; negative rating agency actions; the adequacy of our loss reserves; the company or its subsidiaries becoming subject to significant income taxes in the United States or elsewhere; changes in regulations or tax laws; changes in the availability, cost or quality of reinsurance or retrocessional coverage; adverse general economic conditions; and judicial, legislative, political and other governmental developments, as well as management's response to these factors, and other factors identified in our filings with the U.S. Securities and Exchange Commission. You are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date on which they are made. We are under no obligation (and expressly disclaim any such obligation) to update or revise any forward-looking statement that may be made from time to time, whether as a result of new information, future developments or otherwise.

SOURCE Allied World Assurance Company Holdings, AG

• Print

Despite expressing sympathy for the plaintiff, who was bombarded with more than 1,000 unwanted e-mails advertising a pornographic website, the Ninth Circuit affirmed the dismissal of a “novel and creative” suit against a domain site registrar because it was erroneously premised on a third-party beneficiary theory.

In Balsam v. Tucows, Inc. a spam victim alleged that the defendant domain site registrar utilized a system to hide the identity of spammers, and that the plaintiff was an intended third-party beneficiary of the Registration Accreditation Agreement (“RAA”) between the defendant and the Internet Corporation for Assigned Names and Numbers (“ICANN”). The RAA permitted the defendant to sell domain name registrations to third parties, who thereby became registered name holders. The provision in question (¶ 3.7.7.3) provided as follows:

“A Registered Name Holder licensing use of a Registered Name according to this provision shall accept liability for harm caused by wrongful use of the Registered Name, unless it promptly discloses the identity of the licensee to a party providing the Registered Name Holder reasonable evidence of actionable harm.”

The plaintiff alleged that he attempted without success to learn from the defendant the true identity of the website operator sending the unwanted e-mails, but that the defendant refused to reveal that information because it afforded anonymity to the spammer pursuant to a “privacy feature” that allowed website operators to remove their identity information from the ICANN database. The plaintiff sued as an alleged third-party beneficiary of the RAA between ICANN and the defendant, on the theory that the defendant (the nominal registered name holder) was required to accept liability for harm caused by the spammer’s wrongful use of the pornographic website.

The District Court had dismissed the plaintiff’s claims, agreeing with the defendant’s challenge to the plaintiff’s status as an intended third-party beneficiary. The Ninth Circuit affirmed, finding that the contract provision in the IRAA did not support a claim that the parties to the RAA (ICANN and the defendant) intended to benefit or confer any rights upon third parties such as the plaintiff. The Ninth Circuit was persuaded that ¶ 3.7.7.3 of the RAA did not trump another provision in the agreement which expressly stated that the RAA was not to be construed to create any obligation to any non-parties. The court also found fault with the plaintiff’s argument that ¶ 3.7.7.3 of the RAA created liability on the part of the defendant for its actions as a registered name holder, since the defendant had entered into the RAA not as a registered name holder but as a registrar of domain names. The Ninth Circuit noted that there is “no simple remedy for the vast number of unsolicited emails . . . that fill our electronic inboxes daily,” and that spammers “continue to find new ways to advertise.”
 

• Print

The beginning of the New Year gives us an opportunity to reflect on the evolution of privacy in France over the past twelve months and also to consider the new challenges and opportunities that will develop in 2011.

2010 was a year of evolution for the French data protection authority, the Commission Nationale de l'Informatique et des Libertés - "CNIL" and 2011 promises to bring further changes and evolutions. Formal changes came with evolution in the management of formalities with a new online platform for the completion of formalities, which seems to bring a much needed improvement in the delays for management of files. Policy evolutions also resulted from the adoption of documents providing guidance to data controllers with regards to the security of data or with the amendment of the general authorization of certain whistleblowing systems, which although it was needed could be regarded as slightly disappointing. 

In France, 2010 also saw privacy invite itself in the public debate, whether as a result of controls and sanctions conducted and imposed by the CNIL or as a result of high profile cases such as the Google StreetView controversy or the decision acknowledging the legitimacy of the dismissal of an employee on the basis of comments posted on his Facebook page.

The review of the past year also allows us to anticipate some of the CNIL's points of focus for 2011. Firstly, the evolution of technologies will still be at the forefront of data protection discussions during the coming year. In 2010, the CNIL approved a number of processes involving biometric data and the development of these technologies will continue to raise questions and issues this year. In 2011, the CNIL will also focus on the development and implentation of a major project: certification labels for products and services, which could become an important and discriminating factor to attract customers in the short and long term.

• Print

We are delighted to share this news with readers of the Hogan Lovells Chronicle of Data Protection:

FOR IMMEDIATE RELEASE

Hogan Lovells Adds Leading Privacy Professor Daniel Solove as Senior Policy Advisor

WASHINGTON, D.C., 3 January 2011 – Hogan Lovells US LLP announced today that Professor Daniel J. Solove, an internationally-known leader in privacy law, has joined the Washington, D.C. office as a Senior Policy Advisor to the Privacy and Information Management Practice.

 

With Professor Solove’s arrival, Hogan Lovells will be able to offer clients his insights and experience from years of scholarship in privacy and engagement with the privacy community.

 

Christopher Wolf, Director of the privacy practice at Hogan Lovells, said: “Having Dan Solove available to consult with us and our clients on privacy law matters is an amazing opportunity. Dan is universally regarded as one of the top privacy scholars in the country, someone who not only is a widely-heralded for his knowledge but also someone who understands the practical aspects of privacy protection.”

 

Professor Solove is the John Marshall Harlan Research Professor of Law at the George Washington University Law School. Professor Solove is the author of numerous books, including Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale, forthcoming 2011), Understanding Privacy (Harvard 2008), The Future of Reputation: Gossip and Rumor in the Information Age (Yale 2007) (winner of the 2007 McGannon Award), and The Digital Person: Technology and Privacy in the Information Age (NYU 2004).

 

Professor Solove is also the author of a textbook, Information Privacy Law with Aspen Publishing Co. now in its third edition, with co-author Professor Paul Schwartz. Professor Solove also co-authored with Professor Paul Schwartz the forthcoming Privacy Law Fundamentals to be published by the International Association of Privacy Professionals (IAPP) in 2011. Additionally, Professor Solove is the author of several other textbooks, including Privacy and the Media (1st edition, Aspen Publishing Co. 2009) and Privacy, Information, and Technology (2nd edition, Aspen Publishing Co. 2009), all with Paul Schwartz.

He has published nearly 40 articles and essays, which have appeared in leading law reviews, including the Yale Law Journal, Stanford Law Review, Columbia Law Review, Michigan Law Review, N.Y.U. Law Review, Chicago Law Review, U. Pennsylvania Law Review, among others.

 

Professor Solove has testified before Congress and has served as an expert witness in privacy cases. He has been interviewed and featured in several hundred media broadcasts and articles, including the New York Times, Wall Street Journal, Washington Post, Chicago Tribune, USA Today, Associated Press, Time, Newsweek, People, Reader’s Digest, ABC, CBS, NBC, CNN, NPR, and C-SPAN’s “Book TV.” 

 

Marcy Wilder, also a Director of the privacy practice at Hogan Lovells observed: “One of the hallmarks of the Hogan Lovells privacy practice is the advice we provide to clients not only on existing legal requirements but on how to anticipate changes in privacy law and regulation. Having Dan Solove as part of our team enhances our ability to help clients ‘look around corners’ and be prepared for coming privacy developments.”

 

Warren Gorrell, Co-CEO of Hogan Lovells added: “Our global privacy practice is recognized for its breadth and depth, and adding Professor Solove to the team is a real coup.”

About Hogan Lovells

www.hoganlovells.com

Hogan Lovells combines the breadth of business-oriented legal advice and high-quality service that clients have come to expect through working with its two founding firms – Hogan & Hartson and Lovells.

"Hogan Lovells" or the "firm" refers to the international legal practice comprising Hogan Lovells International LLP, Hogan Lovells US LLP, Hogan Lovells Worldwide Group (a Swiss Verein), and their affiliated businesses, each of which is a separate legal entity. Hogan Lovells International LLP is a limited liability partnership registered in England and Wales with registered number OC323639. Registered office and principal place of business: Atlantic House, Holborn Viaduct, London EC1A 2FG. Hogan Lovells US LLP is a limited liability partnership registered in the District of Columbia.

###

• Print