On January 31, the Federal Trade Commission (FTC) announced a settlement with GMR Transcription Services following the public exposure of thousands of medical transcript files containing personal medical information. According to the FTC complaint, GMR failed to adequately verify that its overseas service provider implemented reasonable and appropriate security measures to protect personal information being transmitted and processed. This settlement, the FTC’s 50th with respect to data security, highlights the need for companies to engage in thorough vendor management and oversight with respect to data security practices. Continue Reading
The UK Information Commissioner and the Secretary of State for Justice have entered into Memoranda of Understanding on the handling of information requests in national security cases under the UK’s Data Protection Act (DPA), Freedom of Information Act (FOIA) and Environmental Information Regulations 2002 (EIRs). The new Memoranda replace the Memorandum of Understanding entered into by the parties on 24 February 2005. Continue Reading
LabMD recently announced its plans to wind down operations, citing its ongoing legal battle with the Federal Trade Commission (FTC) over the company’s data security practices as a major cause. In a letter dated January 6, LabMD president Michael Daugherty informed the company’s customers and workforce that the medical testing laboratory would no longer be accepting new specimens after January 11 and that the company’s phones and internet access would be discontinued shortly thereafter. Daugherty’s letter blamed the FTC’s “debilitating investigation and litigation” as a major source of the company’s decision to wind down operations. Continue Reading
The following piece, written by the Hogan Lovells privacy team, was posted to the International Association of Privacy Professionals’ (IAPP) Privacy Tracker on January 29th. The post, Will the New Year Bring New Privacy Laws to Brazil?, is reprinted in its entirety below with permission from the IAPP. If the Brazilian legislature fails to pass the bills promptly or does not include the data localization measures discussed below in the final legislation, Brazil’s president may choose–to the extent permitted by Brazil’s constitution–to implement many of the privacy provisions contained in the proposed laws by executive decree.
The World Cup is not the only event to look out for in Brazil this year. Brazil has been developing two significant pieces of privacy legislation since the late 2000s, and it looks like they may be voted on soon. The Marco Civil da Internet (“Civil Internet Bill”) would establish what some have called an “Internet Bill of Rights” that includes data protection requirements and the preservation of net neutrality. The Data Protection Bill would establish a comprehensive, European-style data protection framework governing the processing of all personal data. The proposed laws would replace Brazil’s current sector-specific privacy framework. Brazil is the fifth largest country in the world, and the number of Brazilian Internet and smartphone users is growing rapidly. The new laws would therefore have a significant impact on organizations offering digital products or services to Brazilian consumers. We here provide background on the proposed laws and insights as to their potential impacts.
Last week, California Attorney General Kamala Harris filed suit against Kaiser Foundation Health Plan, Inc. (“Kaiser”) in relation to a 2011 data security breach. The AG’s complaint alleges that even though Kaiser provided notice of the breach to affected individuals, it took too long to issue the required notifications. Continue Reading
The following post, written by Mark Brennan, was posted to the Hogan Lovells “Focus on Regulation” blog on January 28th. The post, D.C. Circuit Opens the Door to New TCPA Defense Arguments on Liability and Deference to FCC, is reprinted below in its entirety.
A Telephone Consumer Protection Act (TCPA) case decided by the U.S. Court of Appeals for the D.C. Circuit has direct implications for all organizations that employ third-party providers to conduct their outbound calling and text messaging campaigns. It could also impact the extent to which courts will defer to portions of the FCC’s TCPA orders when interpreting the statute. More details are discussed below. In addition, on February 6, members of Hogan Lovells’ TCPA Practice will host a special webinar on recent TCPA developments and key compliance challenges for 2014. If you are interested in attending this webinar, please contact Mark Brennan at email@example.com.
Data Protection Day in Europe, 28 January 2014, saw the announcement by EU Justice Commissioner Viviane Reding of a more precise timetable for the adoption of the EU’s data protection reform package, comprising a Regulation governing general data protection and a Directive governing the use of personal data in the area of law enforcement and crime. Continue Reading
The Hogan Lovells privacy team wishes you a happy Data Privacy Day! Here are five tips to help protect your privacy in everyday situations: Continue Reading
The Evolving Legal Framework Regulating Commercial Data Security Standards, an article by Hogan Lovells associate Bret Cohen, was featured in the January/February 2014 cybersecurity law issue of the Maryland Bar Journal. The article covers the sources of regulation and potential legal liability in the U.S. for businesses who experience data security breaches, including general consumer protection laws, state data security laws, federal sectoral laws, and consumer class action litigation.
To mitigate legal risks, the article recommends that to protect regulated information, organizations take the following steps:
China’s Supreme People’s Court (“SPC“) on November 21, 2013 issued a new regulation “Provisions on the Online Issuance of Judgment Documents by People’s Courts,” (Fa Shi  No. 26) (“Provisions“), effective since January 1, 2014, requiring that all court judgments in China be published online in a searchable public database specially set up for that purpose. Continue Reading