The Federal Communications Commission (FCC) recently issued a Notice of Apparent Liability for Forfeiture proposing a $10 million penalty against TerraCom, Inc. and YourTel America, Inc. (collectively, the “companies”) for allegedly violating laws protecting consumers’ personal information. Specifically, the FCC alleged that the companies placed the personal data of up to 300,000 consumers at risk by storing Social Security numbers, names, addresses, driver’s licenses, and other proprietary information (PI) on unprotected Internet servers that “anyone in the world could access.”
The decision is the FCC’s first case involving data security. It is also informative as to the FCC’s current and evolving expectations with regard to carriers’ duties to protect sensitive consumer information, and it underscores the need for organizations in the communications sector to keep a close eye on both FCC and Federal Trade Commission (FTC) data privacy and security enforcement activity.
The European Union’s executive branch has a brand new engine. Following the European Parliament’s election earlier this year and after months of political manoeuvring, a new European Commission is now in place and fully operational. The Commission’s functions remain as they were but under a revised structure of one president – Jean-Claude Juncker – seven vice-presidents responsible for designated policy areas and 20 commissioners. As the main policy making body in the European Union, the Commission continues to be in charge of pushing forward the ongoing data protection legislative reform that will lead to a new legal framework for privacy across the EU. Continue Reading
Thank you to everyone who attended our webinar last Tuesday on the new Russian law introducing rules requiring the local storage of the personal data of Russian citizens. For those who were unable to make it, here is a recording of the entire webinar (1 hr, 9 mins), including the question-and-answer portion, as well as a copy of the slide deck (PDF).
Stay tuned to the blog for future updates on the law, including insights from this Wednesday’s Fifth International Conference on Personal Data Protection, organized by Roskomnadzor, Russia’s data protection authority. And if you have any questions, feel free to reach out to Natalia Gulyaeva (Moscow) or Bret Cohen (Washington).
Assuming a fair amount of hard work and that the EU institutions are able to put their political skills to good use, 2015 may be the year that sees the culmination of a legal modernisation process that has been running for the best part of four years. It was in 2010 when the European Commission formally acknowledged that the 1995 Data Protection Directive was ready for a makeover to address the privacy and data protection needs of the 21 century. Since then, stakeholders covering a whole spectrum of views have participated in a process that is approaching a decisive stage. In early 2014, the European Parliament came forward with a bold proposal to amend the Commission’s original draft and put the ball firmly in the Council of the EU’s court. As the Council finalises its own proposal, a picture of what the new framework will look like is starting to emerge. Continue Reading
The medical internet of things is coming. That was the common recognition of participants at a two-day public workshop on “Collaborative Approaches for Medical Device and Healthcare Cybersecurity” co-sponsored by the Food and Drug Administration (FDA), Department of Health and Human Services (HHS), and the Department of Homeland Security (DHS). The workshop comes during a busy month for medical device cybersecurity, with the FDA issuing final guidance earlier this month and DHS indicating that it is reviewing dozens of potential cybersecurity vulnerabilities in medical devices. Continue Reading
As commercial use of unmanned aircraft systems (UAS) begins to take flight, the Hogan Lovells Privacy and Information Management practice has partnered with colleagues across the firm to respond to the needs of manufacturers and operators of UAS. The launch of the group comes at a time when government activity to regulate UAS is creating both new opportunities and risks in the marketplace. Continue Reading
The Consumer Financial Protection Bureau (CFPB) has finalized a proposed rule that will eliminate the need for certain financial institutions to mail annual privacy notices to their customers, so long as the institutions publish their privacy notices online and engage only in limited sharing of customer information. Continue Reading
On Tuesday, October 28, Natalia Gulyaeva of Hogan Lovells’ Moscow office and Bret Cohen of our Washington, D.C. office will host a complimentary webinar outlining implications for businesses of the new Russian data localization law. The law, which may come into effect as early as January 2015, requires that data “operators” – organizations that process personal data of Russian citizens, including providers of Internet-based services – store the personal data of Russian citizens on databases located in the country. Continue Reading
The Conference of the German Federal and State Data Protection Authorities during its last meeting on 8 and 9 October adopted the resolution “Data Protection in the Car”. The resolution expresses a concern about what it describes as privacy risks involved in the growing collection and processing of personal data in cars, and the interests of various actors (car manufacturers, service providers, insurance companies, employers) in using those data. Continue Reading
Corporate boards and senior management are more focused than ever before on cyber incident prevention and preparedness. Recently thecorporatecounsel.net, an influential resource for corporate governance lawyers, addressed this topic in a program titled “Cybersecurity: Working the Calm Before the Storm,” describing what the board and senior management can do to prepare for the inevitable cybersecurity breach. The program featured Hogan Lovells Partner Harriet Pearson.
To read the transcript, click here.
To listen to “Cybersecurity: Working the Calm Before the Storm” (subscription required), click here.