President Obama today addressed cybersecurity for the second time in as many days in a speech at the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC). Early this morning, the White House announced a February 13 Summit on Cybersecurity and Consumer Protection and released further details on several initiatives to promote cybersecurity information sharing between the private sector and government. The President then convened a meeting with congressional leaders in which he discussed cybersecurity issues. Speaking about his cooperation with House Speaker John Boehner (R-OH) and Senate Majority Leader Mitch McConnell (R-KY), the President noted “I think we agreed that this is an area where we can work hard together, get some legislation done and make sure that we are much more effective in protecting the American people from these kinds of cyber attacks.” Today’s developments follow the President’s address to the Federal Trade Commission (FTC) yesterday, in which he announced a legislative proposal on national data breach reporting and emphasized the importance of student and consumer privacy. Together, these events provide a preview of initiatives that the President is expected to highlight during his State of the Union address on January 20. Continue Reading
Today, the President spoke at the Federal Trade Commission (FTC) on the importance of preventing identity theft and improving consumer and student privacy. Today’s speech has been billed as a first look at a broader White House policy initiative on cybersecurity, identity theft, and privacy that will continue this week and will be included in the President’s State of the Union address to Congress on January 20th. Tomorrow, the President will highlight the work of the Department of Homeland Security and the importance of public-private collaboration on cyber threats. In the coming weeks, the White House is expected to release more information on the following policy proposals and executive actions: Continue Reading
You know a matter is serious when a top international tribunal takes upon itself to change the course of society. This year, three rulings of the Court of Justice of the European Union, the highest judicial authority of the EU, show its grave concern for the data-hungry world in which we live and its desire to change it. Each of these rulings targets a different audience – the state, the corporate world and the citizen – but all of them uphold the role of privacy as a right that is threatened by our tech-driven existence. The effects of these decisions go beyond the pure legal technicalities of interpreting European data protection law because their consistent message is that society as a whole, in the EU and elsewhere, should be less tolerant of and more concerned about our dependence on data. Continue Reading
Two weeks ago, the FTC filed a district court complaint in Arizona against an operation that included three corporations and one individual. While touted as a case against data brokers (“FTC Charges Data Broker with Facilitating the Theft of Millions of Dollars from Consumers’ Accounts”), the single count unfair trade practices action really involves fraudulent and egregious conduct that took advantage of a particularly vulnerable population, but it nevertheless provides a few lessons for the data broker industry generally. Continue Reading
On 31 December, the Russian President signed into Federal Law No. 526-FZ a proposal to change the effective date of Russia’s Data Localization Law, first passed last summer, from 1 September 2016 to 1 September 2015. This follows our earlier report that the State Duma (the lower chamber of the Russian Parliament) approved the legislation on 17 December, after which it was approved by the Federation Council (the upper chamber) on 25 December. Continue Reading
Within the last two weeks, two different federal district courts have issued decisions in high-profile data breach cases that highlight an important issue to watch in 2015: whether consumers whose payment card data was taken have standing to pursue claims against retailers. Northern District of Illinois Judge John Darrah and District of Minnesota Judge Paul Magnuson issued decisions regarding motions to dismiss in consumer class actions against P.F. Chang’s China Bistro Inc. and Target Corp. respectively, with substantially different results. Judge Darrah granted the motion to dismiss the class action against P.F. Chang’s, while Judge Magnuson allowed most of the putative consumer class action against Target to proceed. The rulings took different approaches in examining whether the plaintiffs had sufficiently alleged injury, showing continuing uncertainty over what consumers must plead in order to pursue a claim after a data breach. Continue Reading
The following piece, written by the Hogan Lovells privacy team, was posted to the International Association of Privacy Professionals’ (IAPP) Privacy Tracker on December 16. The post, Outlook for State Data Security Laws: More Than Breach Notification, is reprinted in its entirety below with permission from the IAPP.
Is data security legislation coming to a state near you? With data breaches continuing to make the headlines, 60 Minutes reporting that breaches are inevitable and federal legislation seeming unlikely, consumers and advocates may press state lawmakers to address data security. We have already seen state data breach notification laws proliferate following California’s enactment of the first such law in 2002. We may see data security laws spread in a similar fashion. In this post, we look at current and proposed state data security laws and consider their potential impact. Continue Reading
On December 8, Massachusetts Attorney General Martha Coakley announced a settlement with TD Bank, under which TD Bank must pay $625,000 and take several steps to strengthen its data security practices. The settlement agreement stems from a data breach that impacted over 90,000 Massachusetts residents and over 260,000 customers nationwide. The AG’s approach to this case and the resulting settlement underscore the importance of providing prompt notification following a data breach as well as maintaining adequate oversight over the security practices of third-party service providers.
On 17 December, the State Duma (the lower chamber of the Russian Parliament) passed legislation that would change the effective date of Russia’s new law requiring the local storage in Russia of the personal data of Russian citizens (Data Localization Law) from 1 September 2016 to 1 September 2015. The legislation currently is subject to the Federation Council’s (the upper chamber of the Russian Parliament) and president’s approvals. Continue Reading
In a recent client alert, partner Mark Parsons and associate Peter Colegate from the Hogan Lovells Hong Kong office highlighted the attention increasingly paid by privacy regulators around the world to the manner in which mobile apps collect, process, and transmit personal data.
The alert recounts an open letter initiated in collaboration between the privacy commissioners of Hong Kong and Canada, and signed by several others, to seven of the world’s leading app marketplaces calling on them to make app privacy policies available to users prior to downloading. The letter follows a global survey published in May 2014 by the Global Privacy Enforcement Network (GPEN) that highlighted the lack of adequate disclosures to users of mobile apps informing them about how their personal information is used.
Also included in the alert is a detailed analysis of “the Best Practice Guide for Mobile App Development” released by Hong Kong’s Office of the Privacy Commission for Personal Data.
To read the client alert in full, click here.