A recent California ruling ordering Twitter to unmask an anonymous critic of a UK local government council raises the question of whether foreign privacy law will be applied in the US. In this case, the ruling deprived someone of privacy (the anonymous online critic), but the outcome seeks to suggest that a US company may be subject to foreign privacy law, even if it conflicts with First Amendment principles. This would give force to EU Justice Minister Reding’s announced privacy pillar of “protection regardless of the data location.”
The Department of Health and Human Services (HHS) has issued a proposed rule implementing changes to the HIPAA Privacy Rule’s standard for accounting of disclosures of protected health information. This proposed rule addresses the changes required by the HITECH Act, which requires HIPAA covered entities and business associates to account for disclosures of protected health [...]
The National Labor Relations Board (NLRB) has social media in its sights. There has been a spate of activity at the NLRB on the social media front, including the issuance of two new complaints in the last three weeks alone, as reported in this blog entry.
Hogan Lovells Privacy and Information Management practice leaders Marcy Wilder Chris Wolf are delegates to the eG8 Forum in Paris, where later today Chris will be a speaker at the session on privacy. This entry publishes Chris’ prepared opening remarks.
The U.S. Department Health and Human Services Office of the Inspector General issued two reports yesterday criticizing the Centers for Medicare and Medicaid Services (“CMS”) and the Office of the National Coordinator for Health IT (“ONC”) for doing too little to protect the security of patient health information. The first report, Nationwide Rollup Review of the Centers for Medicare & Medicaid Services HIPAA Oversight, found that CMS oversight and enforcement “were not sufficient to ensure that covered entities, such as hospitals, effectively implemented the Security Rule.”
On May 6, 2011, the Californian PUC (CPUC) issued a proposed decision [[link]]] by CPUC President Peevey addressing smart grid privacy and security. The proposed decision is part of a longstanding proceeding we first discussed [here]. The proposed decision represents a significant step towards the first set of specific smart grid privacy rules in the United States during a time that smart grid privacy is attracting increasing global attention. For example, as discussed in the Chronicle of Data Protection post on April 18, 2011, the European Union’s Article 29 Working Party issued smart meter guidelines last month.
This week, Germany started a new Volkszählung – the first count and registration of Germany’s, its federal states’ and communities’ population since 1987. The census 2011 has precititated privacy concerns and legal challenges, described in the blog entry.
Few topics in the world of EU data protection have generated so much debate, and so little understanding, as the change to the law on cookies. On 9 May the UK Information Commissioner issued some guidance on the new law, but anyone expecting clear instructions on how to achieve compliance will be very disappointed.
A recent New York Times article fueled the debate over whether the EU is more committed to the protection of personal privacy than the US. Hogan Lovells Privacy and Information Management practice co-director Chris Wolf responded in a Letter to the Editor of the Times, published today, along with that of Mark Rotenberg of the Electronic Privacy Information Center. This entry describes, links and quotes from the article and the exchange, and references the upcoming eG8 forum on the Internet (and privacy) in which Chris will participate, and where the issue of privacy cooperation will be addressed.