We are proud to announce that the Hogan Lovells Chronicle of Data Protection blog has been nominated in The Expert Institute’s 2016 Best Legal Blog Contest for the award of Best AmLaw Blog of 2016. Our editors at The Chronicle strive to provide you with the most relevant and timely legal news, practical legal analysis, and business insights relating to privacy and cybersecurity. We appreciate the recognition for this work and your continued readership.
Please join us for our October 2016 Privacy and Cybersecurity Events.
Cybersecurity risk continues to evolve at an astonishingly rapid rate, prompting companies to review and adjust their plans to deal with the fast-moving threats posed by an increasingly connected world. At the same time, cybersecurity law and regulation around the world are coming of age. In this complex and uncertain environment, it is not surprising that lawyers are increasingly being asked to guide on governance, counsel on compliance and risk allocation, and lead in the event of a cyber incident.
Drawing on our work with clients across the globe, Hogan Lovells’ cross-practice team of cybersecurity lawyers has launched Ready, Set, Respond, a new set of online cybersecurity resources.
Please join us for our September 2016 Privacy and Cybersecurity Events.
The much anticipated Privacy Shield framework for the transfer of data between the EU and U.S. received final approval from the European Commission on 12 July 2016. With this important data transfer mechanism available to companies at the beginning of August, the Hogan Lovells Privacy and Cybersecurity team will answer your questions in a webinar next Wednesday, 27 July. CLE credit will be available.
Please join us for July 2016 events and speaking engagements led by members of the Hogan Lovells Privacy and Cybersecurity team, detailed in this post.
Please join us for our June 2016 Privacy and Cybersecurity Events.
Hogan Lovells hosted the second annual Health Privacy Law Forum for health privacy professionals yesterday. Participants spoke with Deven McGraw, Deputy Director of Health Information Privacy at the U.S. Department of Health and Human Services Office for Civil Rights , and former Federal Trade Commissioner Julie Brill, now a partner at Hogan Lovells and co-chair of its Privacy and Cybersecurity practice.
Please join us for our April 2016 Privacy and Cybersecurity Events, including discussions on the Internet of Things, big data in healthcare, the Telephone Consumer Protection Act, international data flows, and more.
FTC Commissioner Julie Brill will join Hogan Lovells US LLP as a partner and co-leader of the Privacy and Cybersecurity Practice on 1 April. Commissioner Brill was appointed by President Obama to the FTC in 2010 and will complete her service on 31 March.
As reported in The New York Times, Hogan Lovells represented a diverse group of 15 major technology companies, such as Google, Facebook, Microsoft, Snapchat, and Cisco in filing last week an amicus brief in In re Search of an Apple iPhone.
The Chronicle is happy to report that March will see our Privacy and Cybersecurity attorneys speaking around the globe. Please see our March 2016 Privacy and Cybersecurity Events post for a full list of upcoming PaC events.
With cybersecurity threats a top corporate concern implicating regulatory compliance and litigation risk, Hogan Lovells is proud to be one of the sponsors of the ABA National Institute on Cybersecurity, to be held at Fordham Law School in New York on Tuesday, February 23rd.
The International Association of Privacy Professionals announced this week the launch of its Privacy Bar Section, which aims to serve the lawyers that compose more than forty percent of IAPP’s membership. In conjunction, the IAPP has also applied to the American Bar Association to have its privacy certification officially recognized as a legal specialty.
The European Commission has announced an agreement today with the United States Department of Commerce to replace the invalidated Safe Harbor agreement on transatlantic data flows with a new EU-U.S. “Privacy Shield.” The Privacy Shield aims to address the requirements set out by the European Court of Justice in its Oct. 6, 2015 ruling by imposing stronger obligations on companies, providing stronger monitoring and enforcement by the DOC and Federal Trade Commission , and making commitments regarding access to information on the part of public authorities. In announcing the agreement, Vice-President Ansip noted his belief that the Privacy Shield will benefit both European businesses and citizens, and will prove to be a “much better” solution for transatlantic data flows.
Anyone reading this blog already knows that cybersecurity is a team sport. No longer does the IT security department bear sole responsibility for protecting a company’s data and systems. Today companies are setting up enterprise-wide councils to oversee cybersecurity that include lawyers, risk managers, technical professionals, and other leaders. And if a breach occurs, that […]
The Colombian Data Protection Authority (the Superintendence of Industry and Commerce, or SIC) has issued regulations requiring all data controllers that are (i) private legal entities registered in Chambers of Commerce in Colombia (i.e., incorporated in Colombia) or (ii) partially government owned corporations (“sociedades de economía mixta”) to register their databases by November 8th, 2016. The regulations were issued on November 3, 2015, and the National Database Registry (the “Registry”) required by Colombian data protection laws was enabled on November 9, 2015. Read our post to learn about the registration requirements and potential penalties for noncompliance.
Data privacy and security regulators don’t always agree. Take a look at the Federal Trade Commission for example. In recent years, FTC commissioners have disagreed about the role that cost-benefit analyses should play and the types of consumer harms that should be considered in the FTC’s data privacy and security enforcement actions. For organizations that rely on the collection and use of consumer information, understanding the different viewpoints at the FTC and how those viewpoints may influence future enforcement is vital to evaluating risk. On Thursday, November 5, 2015, the Future of Privacy Forum will look at those issues as it celebrates its new home and its new partnership with Washington & Lee University School Law by hosting a panel discussion addressing the Future of Section 5 of the FTC Act. Panelists David Vladeck (former FTC Consumer Bureau Director David Vladeck) and James Cooper (former Acting Director of the Office of Policy Planning) will look at key Section 5 issues.
Next Tuesday, the Court of Justice of the European Union is scheduled to publish its decision in Maximillian Schrems v. Data Protection Commissioner, in which it is expected to rule on the validity of the U.S.-EU Safe Harbor Framework. Last week’s opinion of the CJEU’s Advocate General emphatically found Safe Harbor to be inadequate under EU law on the basis that access to Safe Harbor data by U.S. intelligence services is too wide and disproportionate, and that Safe Harbor does not contain appropriate guarantees to prevent this level of access. While the AG’s opinion is not binding on the CJEU, the short turn-around implies that the CJEU will not vary significantly from the opinion.
Austin, Texas is renowned for its live music scene, clean air, college vibe … and of course its technology conferences. Two Hogan Lovells lawyers—Bret Cohen and Lisa Ellman—have made the list of finalists for panels at the South by Southwest group of conferences this upcoming March, to talk about Student Privacy and Domestic Drone Policy. Don’t let the audience miss out on these presentations: view this post to help vote for “Practical Student Privacy” and “Game of Drones: Innovators and Poilcymakers Unite.
Across the country, we’re in the midst of “Unmanned Aircraft Systems ever” – industries from media, agriculture and energy to insurance, real estate and construction are seeking FAA approvals to fly UAS here in the United States. UAS technology has improved at a rapid pace, and offer a vast array of safety and efficiency benefits to companies for a wide variety of uses. But while the benefits from commercial uses of UAS are great, many have also been vocal with their privacy concerns. It may very well be that for industry to succeed, various stakeholders will need to engage in a national conversation surrounding these issues.
Emerging technologies, such as cloud computing and the “smart city,” have the potential to greatly advance our quality of life. The use, retention, and storage of data that go along with them, however, have raised citizen concerns about privacy risks. The National Institute of Standards and Technology addresses these concerns in a new draft report titled Privacy Risk Management for Federal Information Systems, which was released on May 29, 2015. The report introduces NIST’s Privacy Risk Management Framework, which anticipates and addresses privacy risk resulting from the processing of personal information. NIST intends that the framework will lay the foundation for establishing a common vocabulary that facilitates better understanding of (and communication about) privacy risks and how to effectively implement privacy principles. Although the report is directed at federal systems, the principles outlined may be useful for any business that processes personal information. The NIST report focuses on the development of two key pillars of the PRMF: privacy engineering objectives and a Privacy Risk Model.
Two federal appeals courts recently published significant opinions that redefine the scope of government access to phone records, setting the stage for a complex debate in Congress over the future of bulk data collection under the Patriot Act. The pair of decisions, along with the outcome of a legislative debate that has roiled Congress this month, will define the permissible boundaries for government surveillance and contribute to the ongoing debate over government access to digital information in all forms. We summarize both decisions as well as the congressional debate below.
FCC Chairman Wheeler has announced that he is circulating a proposal to address more than twenty pending petitions seeking clarity regarding the scope requirements under the U.S. Telephone Consumer Protection Act. He authored a blog post on the proposal and also released a fact sheet