Last week, the UK’s Information Commissioner’s Office (ICO) published a monetary penalty notice which fined a private healthcare company, HCA International, £200,000 for its failure to keep sensitive data secure.
Please join us for our March 2017 Privacy and Cybersecurity Events.
The Federal Communications Commission’s (FCC) Media Relations Office has released a statement announcing Chairman Pai’s intention to stay a data security rule adopted by the Commission late last year in its Broadband Privacy Order. Absent a stay, the rule is set to go into effect on March 2.
On 13 February 2017, the Australian Senate passed into law the Privacy Amendment (Notifiable Data Breaches) Bill 2016. This law amends the primary privacy and data protection legislation in Australia, Privacy Act 1988 (Cth), to introduce the long-anticipated mandatory data breach notification scheme. Under this scheme, all agencies and businesses that are regulated by the Privacy Act are required to provide notice to the Australian Information Commissioner and affected individuals of certain data breaches that are likely to result in “serious harm.”
As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On February 16, NYDFS issued its Final Rules, following the initial proposed rules published in September 2016 and two rounds of feedback via industry complaints and public comment. The Final Rules set forth requirements for a risk-based approach to cybersecurity, and include expectations for reporting on cybersecurity risks and events to senior management and NYDFS.
Click here to learn more about how to prepare for the new requirements, timing and implementation details, changes to the rules since the December announcement, and other related cybersecurity developments.
The Polish Data Protection Authority (GIODO) has just released its inspection plans for 2017. This year, the GIODO has decided to target its review of compliance with data protection laws on the health services and consumer sectors, with particular attention to certain profiling activities taking place in stores and shopping malls.
With cybersecurity issues evolving rapidly, every minute counts. Our new video series, Your Cyber Minute, is specifically designed for busy in-house counsel to gain practical perspectives – fast. This multi-part series is an extension of our Ready, Set, Respond resource portal and highlights today’s hottest topics in cybersecurity. To watch in real time, follow us on LinkedIn and Twitter, where we post a new video on Monday and Thursday.
The two installments we’ve released so far feature cybersecurity practice lead and partner Harriet Pearson speaking with:
- Former financial crimes enforcement lawyer and Hogan Lovells partner Greg Lisa about the NY Department of Financial Services’ (NY DFS) proposed cybersecurity regulations
- Hogan Lovells Cyber Risk Services managing principal Jeff Lolley about major cyber threats facing organizations in 2017
Tune in to get the latest in what you need to know and how to better be prepared.
Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue.
The UK data protection regulator (the “ICO”) has for some time been actively enforcing against organisations who buy individuals’ personal data for direct marketing purposes without first conducting appropriate due diligence to ensure that those individuals have adequately consented to receiving marketing communications.
On January 12, 2017, prior to the new administration taking power, the National Telecommunications and Information Administration (NTIA) within the Department of Commerce (Department) released a Green Paper on “Fostering the Advancement of the Internet of Things,” which assesses the technological and policy landscape of the Internet of Things (IoT). The Green Paper is expansive in scope, reflecting the broad range of issues raised in comments submitted by stakeholders in the private sector, academia, government, and civil society following NTIA’s April 2016 request for public comment. The Green Paper identifies key issues, and provides recommendations and assessments on the potential benefits and risks that IoT portends. The NTIA identifies cybersecurity, privacy and cross-border data flows as the most significant policy issues. It also proposes four principles for future policy engagement in which the Department would play a central role in creating conditions that would foster IoT growth. The agency also requested additional comments on the issues raised by the Green Paper.
On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures”) for public comment: the Draft Measures remain open for comments until 4 March 2017. The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect on 1 June 2017.