Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy

Principles to Consider for your IoT Privacy and Security Program

shutterstock_185706044Fifteen months after forming an Internet of Things (IoT) working group, on March 2, 2016, the Online Trust Alliance (OTA) released a final version of its IoT Framework (Framework) along with a companion Resource Guide that provides explanations and additional resources. The voluntary Framework sets forth thirty suggested guidelines that provide criteria for designing privacy, security, and sustainability into connected devices. The creation of the OTA IoT principles represents a potential starting point for achieving privacy- and security-protective innovation for IoT devices. Continue Reading

Posted in International/EU Privacy

Hogan Lovells Issues Legal Analysis of the EU-U.S. Privacy Shield

shutterstock_285945950In a thorough legal analysis of the EU-U.S. Privacy Shield framework, a report from Hogan Lovells says the framework would stand up in the Court of Justice of the European Union (CJEU), and that the true level of data protection afforded by the Privacy Shield framework will only be demonstrated by its functioning and the practices of its participants.

Continue Reading

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

OCR Highlights Priorities as it Steps Up HIPAA Enforcement

shutterstock_150374810Last week, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) launched the long-awaited Phase 2 HIPAA Audit Program. Earlier this month, the agency posted two resolution agreements that continue the trend toward big dollar settlement amounts and a focus on security risk assessments and business associate agreements. With Phase 2 HIPAA Audits underway and more full-scale compliance reviews triggered by data breach reports, it is more important than ever to appropriately protect health information.

Continue Reading

Posted in News & Events

FTC Commissioner Julie Brill To Co-Lead Hogan Lovells Privacy and Cybersecurity Practice as of 1 April

HoganLovells Logo_382Hogan Lovells announced today that Julie Brill will join the firm as a partner and co-director of the Privacy and Cybersecurity practice on 1 April.  Brill is a Commissioner at the Federal Trade Commission and her service will conclude on 31 March.

As co-director of the Privacy and Cybersecurity practice, Brill succeeds co-director and founding partner Christopher Wolf, who will transition to a senior status at the firm. She will be joined in leadership with Marcy Wilder, co-director of the Privacy and Cybersecurity practice; Harriet Pearson, leader of the firm’s Cybersecurity Solutions Group and Cyber Risk Services business unit; and Eduardo Ustaran, a partner in the firm’s London office, and leader of the firm’s European data protection practice.
Continue Reading

Posted in International/EU Privacy

Inside the New EU-U.S. Data Framework: A Practical Breakdown of the Privacy Shield

shutterstock_285945950

The February 29, 2016 announcement of the new EU-U.S. data transfer framework—the Privacy Shield—was accompanied by over 130 pages of documentation and significantly more operational details than its predecessor, Safe Harbor.  We have reviewed the Privacy Shield materials and published a comprehensive breakdown of the changes from Safe Harbor to Privacy Shield and the practical impact on business:  Inside the New and Improved EU-U.S. Data Transfer Framework.

In general, the Privacy Shield imposes more specific and exacting measures on U.S. organizations wishing to join the framework. It also includes additional checks and balances designed to make sure that the rights of EU individuals can be exercised when their data is being processed in the United States. That said, the seven Privacy Shield Principles are largely aligned with the privacy practices followed by Safe Harbor participants and found in other global privacy compliance programs, and should not be an insurmountable burden for companies looking to shift from Safe Harbor compliance to Privacy Shield compliance.

To access the full text of Inside the New and Improved EU-U.S. Data Transfer Framework, first published on Law360, click here.

Posted in Consumer Privacy

FCC Circulates Privacy Rulemaking and Announces Commission Vote

shutterstock_126022781On Thursday, Federal Communications Commission (“FCC”) Chairman Tom Wheeler circulated a highly anticipated broadband data privacy and security Notice of Proposed Rulemaking (“NPRM”) to the other Commissioners, slating the proposals for a full Commission vote at the agency’s March 31 Open Meeting. The rules would apply to internet service providers (“ISPs”), but organizations throughout the online data ecosystem will want to pay close attention to this rulemaking and be prepared to comment on the FCC’s proposals.

Continue Reading

Posted in News & Events

Hogan Lovells Represents Major Tech Companies in Apple iPhone Case

000017164817_Newsletter_CoverAs reported in The New York Times, Hogan Lovells represented a diverse group of 15 major technology companies, such as Google, Facebook, Microsoft, Snapchat, and Cisco, in filing last week an amicus brief in In re Search of an Apple iPhone. The Times reports:

‘These companies, which are often fierce competitors, have joined together to voice concern about the attempted government overreach in this case, which threatens the integrity and security of their products and privacy rights of consumers in general,’ said Neal Katyal, a lawyer at Hogan Lovells for the tech companies and a former acting solicitor general of the United States.”

For a copy of the brief, click here.

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

Health Sector Regulators Increase Focus on Cybersecurity

36232267_US_Newsletter_CoverThe US government has been increasingly active in cybersecurity legislation and enforcement. Congress recently passed the Cybersecurity Act of 2015, which has spurred renewed attention to cybersecurity requirements and cyber threat information sharing. The US government continues to draw attention to how organizations can align their cybersecurity programs with the NIST Cybersecurity Framework. Moreover, a number of federal agencies including the Consumer Financial Protection Bureau, Federal Trade Commission, and Federal Communications Commission have all issued settlements relating to cybersecurity enforcement actions in recent months. In the health sector, the US Department of Health and Human Services (HHS) has been increasingly focused on cybersecurity, primarily through its HIPAA enforcement activities. Against that backdrop, three recent developments demonstrate the ways in which HHS and the health sector are expanding their cybersecurity focus beyond HIPAA Security Rule compliance.

Continue Reading

Posted in News & Events

March 2016 Privacy and Cybersecurity Events

The Chronicle is happy to report that March will see our Privacy and Cybersecurity attorneys speaking around the globe.

Please see below for a full list of our March 2016 PaC events.

March 1
Digital Health
Christian Tinnefeld co-hosted the Pharmaceutical Law Update 2016 on Digital Health with workshops on Data Privacy. Hosted by the Life Sciences Team, this event included a regulatory workshop, run by Jörg Schickert and Arne Thiermann, and a product liability workshop, run by Carolin Gierth and Matthias Schweiger.
Location: Hamburg, Germany

 

March 2
2016 RSA Conference
Harriet Pearson was a featured panelist for “Privacy and Cyberthreat Sharing: Bridging the Divide” with Ari Schwartz, NSC’s former Special Assistant to the President & Senior Director for Cybersecurity Policy. And, Eduardo Ustaran was a featured panelist for “Privacy Regulatory Landscape, Past, Present and Future.”
Location: San Francisco, California

 

March 3
ABA/FCBA Privacy & Data Security Symposium
Mark Brennan was a panelist at the ABA/FCBA Privacy & Data Security Symposium panel on “Lessons Learned from High Profile FCC Enforcement Actions and Class Action Litigation.”
Location: Washington, D.C.

 

Continue Reading

Posted in International/EU Privacy

The EU General Data Protection Regulation: A Brave New World for Processors

shutterstock_258292643Significant changes are afoot for processors. With the text of the European Union General Data Protection Regulation (GDPR) now published, processors will need to begin to acclimatise to the new regime under the GDPR. Although the GDPR still places the lion’s share of compliance responsibilities on controllers, it also extends direct application of the law to processors and renders them subject to fines, in an effort to allocate responsibility between the parties. Continue Reading