Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy

Destroy Securely: Delaware Adopts New Data Destruction Law

Delaware recently adopted a new law that will add requirements related to the destruction of records containing “personal identifying information.”  With that law, Delaware joined a number of other states that place restrictions on the ways in which entities destroy or dispose of personal information. The Delaware law will become effective January 1, 2015. Continue Reading

Posted in Consumer Privacy

Hogan Lovells Partner Engages in NY Times on Big Data and Inequality

Writing for the New York Times “Room for Debate,” Christopher Wolf, Hogan Lovells partner and co-director of the firm’s global Privacy and Information Management group, focuses on the potential positive uses for Big Data, observing that “Big Data can also advance the interests of minorities and actually fight discrimination.”  Wolf cites examples such as Entelo Diversity, an employee recruiting platform that promises to diversify workplaces by using powerful algorithms to analyze public data and find qualified candidates who are also members of underrepresented classes.

In Is Big Data Spreading Inequality?, Wolf’s Times column is joined by contributions from academia, civil society, and businesses who each offer reflection on the future of Big Data’s impact on inequality.

Posted in Health Privacy/HIPAA

California Appeals Court Rules that Mere Possession of Medical Information by Unauthorized Person is Insufficient to Support Breach Claims Under the CMIA

In a ruling that was welcome news to health care providers, insurers, and others that maintain medical information of California residents, the California Court of Appeals recently held that the mere possession of medical information by an unauthorized person, without actual viewing of the information, is not sufficient to establish a breach of confidentiality under the California Confidentiality of Medical Information Act (CMIA), Cal. Civ. Code §§ 56 et seq.  Continue Reading

Posted in Consumer Privacy

The Hidden Mini-Dissents in the Data Broker Report of Federal Trade Commissioner Wright

On May 27, the Federal Trade Commission (FTC) issued a report on the data broker industry that found data brokers operate with a “fundamental lack of transparency.” The commission unanimously recommended that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the immense amounts of personal information about them that are collected and shared by data brokers. Not well-recognized at the time were a number of concerns, mini-dissents if you will, expressed by Federal Trade Commissioner Josh Wright. I recently asked Commissioner Wright some questions about his “dissent by footnotes.” Continue Reading

Posted in International/EU Privacy

EU Data Protection Supervisor’s Workshop Examines Role of Privacy in Merger Reviews and Competition Investigations

In a recent client alert, Hogan Lovells partners from the firm’s London and Washington, D.C. offices highlighted key takeaways for businesses following the European Data Protection Supervisor’s (EDPS) Workshop on Privacy, Consumers, Competition and Big Data.

The workshop, hosted by EDPS in the European Parliament in Brussels on 2 June 2014, discussed the technological advances and market for ‘big data’ analytics and the policy implications for the fields of data protection, competition and consumer protection of the rapidly expanding digital economy in the EU and in other regions, particularly the in US. Around 70 experts attended, including representatives from the European regulators and the US Federal Trade Commission. Continue Reading

Posted in International/EU Privacy

Cookie Consent—What’s Changed?

Almost five years ago, EU legislators shocked the Internet world by changing the legal requirement for the use of cookies and similar device identification techniques from “notice and opt-out” to “notice and consent.” At first, there was a sense of disbelief about whether this sudden legal twist was for real. As the dust settled, it became clear that what had been common practice until then—sticking a generic paragraph about the use of cookies in the privacy policy and referring users to the browser’s menu for further control—was no longer enough to comply with the new requirement. Continue Reading

Posted in Cybersecurity & Data Breaches

2014 Intelligence Authorization Act Requires Contractors to Report Cybersecurity Breaches

On Monday, 7 July, the president signed into law the Intelligence Authorization Act for Fiscal Year (FY) 2014 (Pub. L. 113-126), which requires intelligence contractors with security clearances to promptly report network and information system penetrations and provide government investigators access to such systems. This new statutory cybersecurity reporting requirement for cleared intelligence contractors is largely consistent with a reporting requirement applicable to cleared U.S. Department of Defense contractors under the National Defense Authorization Act for FY 2013.

Read our detailed advisory opinion here.

This post was originally published on the Hogan Lovells Focus on Regulation blog.

Posted in News & Events

Hogan Lovells White Paper on National Security Access to Cloud Data Updated to Add Analysis of Brazil, Italy, Spain

Hogan Lovells today published an update to the White Paper A Sober Look at National Security Access to Data in the Cloud, which compares national security access to data stored with Cloud service providers in a number of countries. The White Paper adds analyses of the laws of Brazil, Italy, and Spain, and reflects the April 2014 opinion of the European Court of Justice invalidating the EU Data Retention Directive. The updated paper now compares the national security access laws of the United States, Australia, Brazil, Canada, France, Germany, Italy, Spain, and the United Kingdom. Continue Reading

Posted in International/EU Privacy

Russia Enacts Data Localization Requirement; New Rules Restricting Online Content Come into Effect

Two developments in Russian law this summer could significantly limit the ability of cloud and other online services to publish online content and to make Russian data remotely available online.  The first is the advancement of legislation requiring data operators to store locally in Russia information of Russian citizens.  The second is the countdown to the effective date of new rules that impose onerous registration, content, and censorship requirements on certain website operators and electronic communication services.  We address each here in turn. Continue Reading

Posted in International/EU Privacy

Hogan Lovells White Paper Examines Governmental Access to Data in the U.S. and Latin America

Hogan Lovells today published Pan-American Governmental Access to Data in the Cloud, the fifth installment in a series of White Papers examining government access to data held by Cloud service providers. Examining the right of governments in the United States and Latin America to access data in the Cloud, the White Paper concludes that the physical location of Cloud servers does not significantly affect government access to data stored on those servers, and that it is fundamentally incorrect to assume that the United States government’s access to data in the Cloud is greater than that in the Latin American countries examined. Continue Reading