Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy

FCC Announces $10 Million Proposed Forfeiture Over Data Security Practices

The Federal Communications Commission (FCC) recently issued a Notice of Apparent Liability for Forfeiture proposing a $10 million penalty against TerraCom, Inc. and YourTel America, Inc. (collectively, the “companies”) for allegedly violating laws protecting consumers’ personal information.  Specifically, the FCC alleged that the companies placed the personal data of up to 300,000 consumers at risk by storing Social Security numbers, names, addresses, driver’s licenses, and other proprietary information (PI) on unprotected Internet servers that “anyone in the world could access.”

The decision is the FCC’s first case involving data security.  It is also informative as to the FCC’s current and evolving expectations with regard to carriers’ duties to protect sensitive consumer information, and it underscores the need for organizations in the communications sector to keep a close eye on both FCC and Federal Trade Commission (FTC) data privacy and security enforcement activity.

Continue Reading

Posted in International/EU Privacy

The Privacy Challenges of the New European Commission

The European Union’s executive branch has a brand new engine.  Following the European Parliament’s election earlier this year and after months of political manoeuvring, a new European Commission is now in place and fully operational.  The Commission’s functions remain as they were but under a revised structure of one president – Jean-Claude Juncker – seven vice-presidents responsible for designated policy areas and 20 commissioners.  As the main policy making body in the European Union, the Commission continues to be in charge of pushing forward the ongoing data protection legislative reform that will lead to a new legal framework for privacy across the EU. Continue Reading

Posted in International/EU Privacy

Recording and Deck from Webinar on New Russia Data Localization Law

Thank you to everyone who attended our webinar last Tuesday on the new Russian law introducing rules requiring the local storage of the personal data of Russian citizens.  For those who were unable to make it, here is a recording of the entire webinar (1 hr, 9 mins), including the question-and-answer portion, as well as a copy of the slide deck (PDF).

Stay tuned to the blog for future updates on the law, including insights from this Wednesday’s Fifth International Conference on Personal Data Protection, organized by Roskomnadzor, Russia’s data protection authority.  And if you have any questions, feel free to reach out to Natalia Gulyaeva (Moscow) or Bret Cohen (Washington).

Posted in International/EU Privacy

Prepare Yourself for the ‘Risk-Based’ Approach to Privacy

Assuming a fair amount of hard work and that the EU institutions are able to put their political skills to good use, 2015 may be the year that sees the culmination of a legal modernisation process that has been running for the best part of four years. It was in 2010 when the European Commission formally acknowledged that the 1995 Data Protection Directive was ready for a makeover to address the privacy and data protection needs of the 21 century. Since then, stakeholders covering a whole spectrum of views have participated in a process that is approaching a decisive stage. In early 2014, the European Parliament came forward with a bold proposal to amend the Commission’s original draft and put the ball firmly in the Council of the EU’s court. As the Council finalises its own proposal, a picture of what the new framework will look like is starting to emerge. Continue Reading

Posted in Cybersecurity & Data Breaches

Conference on Medical Device and Healthcare Cybersecurity Highlights New Challenges

The medical internet of things is coming. That was the common recognition of participants at a two-day public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” co-sponsored by the Food and Drug Administration (FDA), Department of Health and Human Services (HHS), and the Department of Homeland Security (DHS). The workshop comes during a busy month for medical device cybersecurity, with the FDA issuing final guidance earlier this month and DHS indicating that it is reviewing dozens of potential cybersecurity vulnerabilities in medical devices. Continue Reading

Posted in News & Events

Hogan Lovells Launches Unmanned Aircraft Systems Group

As commercial use of unmanned aircraft systems (UAS) begins to take flight, the Hogan Lovells Privacy and Information Management practice has partnered with colleagues across the firm to respond to the needs of manufacturers and operators of UAS.  The launch of the group comes at a time when government activity to regulate UAS is creating both new opportunities and risks in the marketplace.  Continue Reading

Posted in Financial Privacy

CFPB Finalizes Rule to Ease GLBA Privacy Notice Requirements

The Consumer Financial Protection Bureau (CFPB) has finalized a proposed rule that will eliminate the need for certain financial institutions to mail annual privacy notices to their customers, so long as the institutions publish their privacy notices online and engage only in limited sharing of customer information.  Continue Reading

Posted in International/EU Privacy, News & Events

Upcoming Webinar on Russian Data Localization Law

On Tuesday, October 28, Natalia Gulyaeva of Hogan Lovells’ Moscow office and Bret Cohen of our Washington, D.C. office will host a complimentary webinar outlining implications for businesses of the new Russian data localization law. The law, which may come into effect as early as January 2015, requires that data “operators” – organizations that process personal data of Russian citizens, including providers of Internet-based services – store the personal data of Russian citizens on databases located in the country. Continue Reading

Posted in International/EU Privacy

German Data Protection Authorities Issue Resolution on Connected Cars

The Conference of the German Federal and State Data Protection Authorities during its last meeting on 8 and 9 October adopted the resolution “Data Protection in the Car”. The resolution expresses a concern about what it describes as privacy risks involved in the growing collection and processing of personal data in cars, and the interests of various actors (car manufacturers, service providers, insurance companies, employers) in using those data. Continue Reading

Posted in Cybersecurity & Data Breaches

Hogan Lovells Partner Highlights How Boards and Management Can Prepare for a Cybersecurity Breach

Corporate boards and senior management are more focused than ever before on cyber incident prevention and preparedness. Recently thecorporatecounsel.net, an influential resource for corporate governance lawyers, addressed this topic in a program titled “Cybersecurity: Working the Calm Before the Storm,” describing what the board and senior management can do to prepare for the inevitable cybersecurity breach. The program featured Hogan Lovells Partner Harriet Pearson.

To read the transcript, click here.

To listen to “Cybersecurity: Working the Calm Before the Storm” (subscription required), click here.