Please join us for our June 2016 Privacy and Cybersecurity Events.
Hogan Lovells hosted the second annual Health Privacy Law Forum for health privacy professionals yesterday. Participants spoke with Deven McGraw, Deputy Director of Health Information Privacy at the U.S. Department of Health and Human Services Office for Civil Rights , and former Federal Trade Commissioner Julie Brill, now a partner at Hogan Lovells and co-chair of its Privacy and Cybersecurity practice.
Please join us for our April 2016 Privacy and Cybersecurity Events, including discussions on the Internet of Things, big data in healthcare, the Telephone Consumer Protection Act, international data flows, and more.
FTC Commissioner Julie Brill will join Hogan Lovells US LLP as a partner and co-leader of the Privacy and Cybersecurity Practice on 1 April. Commissioner Brill was appointed by President Obama to the FTC in 2010 and will complete her service on 31 March.
As reported in The New York Times, Hogan Lovells represented a diverse group of 15 major technology companies, such as Google, Facebook, Microsoft, Snapchat, and Cisco in filing last week an amicus brief in In re Search of an Apple iPhone.
The Chronicle is happy to report that March will see our Privacy and Cybersecurity attorneys speaking around the globe. Please see our March 2016 Privacy and Cybersecurity Events post for a full list of upcoming PaC events.
With cybersecurity threats a top corporate concern implicating regulatory compliance and litigation risk, Hogan Lovells is proud to be one of the sponsors of the ABA National Institute on Cybersecurity, to be held at Fordham Law School in New York on Tuesday, February 23rd.
The International Association of Privacy Professionals announced this week the launch of its Privacy Bar Section, which aims to serve the lawyers that compose more than forty percent of IAPP’s membership. In conjunction, the IAPP has also applied to the American Bar Association to have its privacy certification officially recognized as a legal specialty.
The European Commission has announced an agreement today with the United States Department of Commerce to replace the invalidated Safe Harbor agreement on transatlantic data flows with a new EU-U.S. “Privacy Shield.” The Privacy Shield aims to address the requirements set out by the European Court of Justice in its Oct. 6, 2015 ruling by imposing stronger obligations on companies, providing stronger monitoring and enforcement by the DOC and Federal Trade Commission , and making commitments regarding access to information on the part of public authorities. In announcing the agreement, Vice-President Ansip noted his belief that the Privacy Shield will benefit both European businesses and citizens, and will prove to be a “much better” solution for transatlantic data flows.
Anyone reading this blog already knows that cybersecurity is a team sport. No longer does the IT security department bear sole responsibility for protecting a company’s data and systems. Today companies are setting up enterprise-wide councils to oversee cybersecurity that include lawyers, risk managers, technical professionals, and other leaders. And if a breach occurs, that […]
The Colombian Data Protection Authority (the Superintendence of Industry and Commerce, or SIC) has issued regulations requiring all data controllers that are (i) private legal entities registered in Chambers of Commerce in Colombia (i.e., incorporated in Colombia) or (ii) partially government owned corporations (“sociedades de economía mixta”) to register their databases by November 8th, 2016. The regulations were issued on November 3, 2015, and the National Database Registry (the “Registry”) required by Colombian data protection laws was enabled on November 9, 2015. Read our post to learn about the registration requirements and potential penalties for noncompliance.
Data privacy and security regulators don’t always agree. Take a look at the Federal Trade Commission for example. In recent years, FTC commissioners have disagreed about the role that cost-benefit analyses should play and the types of consumer harms that should be considered in the FTC’s data privacy and security enforcement actions. For organizations that rely on the collection and use of consumer information, understanding the different viewpoints at the FTC and how those viewpoints may influence future enforcement is vital to evaluating risk. On Thursday, November 5, 2015, the Future of Privacy Forum will look at those issues as it celebrates its new home and its new partnership with Washington & Lee University School Law by hosting a panel discussion addressing the Future of Section 5 of the FTC Act. Panelists David Vladeck (former FTC Consumer Bureau Director David Vladeck) and James Cooper (former Acting Director of the Office of Policy Planning) will look at key Section 5 issues.
Next Tuesday, the Court of Justice of the European Union is scheduled to publish its decision in Maximillian Schrems v. Data Protection Commissioner, in which it is expected to rule on the validity of the U.S.-EU Safe Harbor Framework. Last week’s opinion of the CJEU’s Advocate General emphatically found Safe Harbor to be inadequate under EU law on the basis that access to Safe Harbor data by U.S. intelligence services is too wide and disproportionate, and that Safe Harbor does not contain appropriate guarantees to prevent this level of access. While the AG’s opinion is not binding on the CJEU, the short turn-around implies that the CJEU will not vary significantly from the opinion.
Austin, Texas is renowned for its live music scene, clean air, college vibe … and of course its technology conferences. Two Hogan Lovells lawyers—Bret Cohen and Lisa Ellman—have made the list of finalists for panels at the South by Southwest group of conferences this upcoming March, to talk about Student Privacy and Domestic Drone Policy. Don’t let the audience miss out on these presentations: view this post to help vote for “Practical Student Privacy” and “Game of Drones: Innovators and Poilcymakers Unite.
Across the country, we’re in the midst of “Unmanned Aircraft Systems ever” – industries from media, agriculture and energy to insurance, real estate and construction are seeking FAA approvals to fly UAS here in the United States. UAS technology has improved at a rapid pace, and offer a vast array of safety and efficiency benefits to companies for a wide variety of uses. But while the benefits from commercial uses of UAS are great, many have also been vocal with their privacy concerns. It may very well be that for industry to succeed, various stakeholders will need to engage in a national conversation surrounding these issues.
Emerging technologies, such as cloud computing and the “smart city,” have the potential to greatly advance our quality of life. The use, retention, and storage of data that go along with them, however, have raised citizen concerns about privacy risks. The National Institute of Standards and Technology addresses these concerns in a new draft report titled Privacy Risk Management for Federal Information Systems, which was released on May 29, 2015. The report introduces NIST’s Privacy Risk Management Framework, which anticipates and addresses privacy risk resulting from the processing of personal information. NIST intends that the framework will lay the foundation for establishing a common vocabulary that facilitates better understanding of (and communication about) privacy risks and how to effectively implement privacy principles. Although the report is directed at federal systems, the principles outlined may be useful for any business that processes personal information. The NIST report focuses on the development of two key pillars of the PRMF: privacy engineering objectives and a Privacy Risk Model.
Two federal appeals courts recently published significant opinions that redefine the scope of government access to phone records, setting the stage for a complex debate in Congress over the future of bulk data collection under the Patriot Act. The pair of decisions, along with the outcome of a legislative debate that has roiled Congress this month, will define the permissible boundaries for government surveillance and contribute to the ongoing debate over government access to digital information in all forms. We summarize both decisions as well as the congressional debate below.
FCC Chairman Wheeler has announced that he is circulating a proposal to address more than twenty pending petitions seeking clarity regarding the scope requirements under the U.S. Telephone Consumer Protection Act. He authored a blog post on the proposal and also released a fact sheet
Hogan Lovells is pleased to announce that its Privacy and Information Management practice has been named “Privacy & Data Security Team of the Year” by Chambers USA. Hogan Lovells was bestowed with the accolade at the Chambers USA Awards Ceremony and Dinner at Cipriani in New York City on 19 May.
This Wednesday December 3rd, Hogan Lovells partner Christopher Wolf will be moderating a panel hosted by the Future of Privacy Forum and the International Association of Privacy Professionals entitled: “Device encryption: Too Much Privacy for Consumers?” The panel is free and open to the public.
As the keynote speaker for the Winnik Forum, U.S. Federal Trade Commission (FTC) Commissioner Maureen Ohlhausen sat down with Christopher Wolf, Director of Hogan Lovells’ Privacy and Information Management Practice to discuss the evolving role of the FTC as we enter an era of “Big Data” and the “Internet of Things.” Commissioner Ohlhausen offered her views on a flexible approach to protecting consumer data privacy as connected devices continue to evolve. As opportunities arise for additional potential uses of collected data, Commissioner Ohlhausen said organizations and policymakers should consider a “harms-based approach” in which new uses of data would be allowed as long as they do not cause consumer harm and as long as they remain consistent with earlier promises that organizations have made to consumers. The key for Commissioner Ohlhausen is that companies should disclose what data is being collected and keep the promises that they make to consumers about the collection and uses of that data.
Hogan Lovells’ leading Privacy and Information Management practice is due to have its largest presence ever at the forthcoming IAPP Europe Data Protection Congress taking place in Brussels from 18 to 20 November. More than 20 lawyers from 7 offices will be attending and actively participating at the conference. Please come and visit us at Booth 3.
In an article published by re/code, Hogan Lovells Partner Christopher Wolf, working with Jules Polonetsky, Wolf’s co-chair at the Future of Privacy Forum, explores novel applications of Big Data in combatting discrimination and advancing civil rights. As highlighted by Wolf and Polonetsky, Big Data analytics has already begun empowering society to limit and remedy discrimination and follows the legacy of the Matthew Shepard and James Byrd Jr. Hate Crimes Prevention Act and the Hate Crime Statistics Act of 1990, which produce comprehensive statistics on hate crimes for law enforcement.
As commercial use of unmanned aircraft systems begins to take flight, the Hogan Lovells Privacy and Information Management practice has partnered with colleagues from across the firm to respond to the needs of manufacturers and operators of UAS. The launch of the group comes at a time when government activity to regulate UAS is creating both new opportunities and risks in the marketplace.