Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy, Cybersecurity & Data Breaches

IPTF Seeks Public Input on Key Cybersecurity Challenges Facing the Digital Economy

iptf_logosOn March 16, the U.S. Commerce Department’s Internet Policy Task Force (IPTF) published a Request for Public Comment for input on the key cybersecurity issues affecting the digital ecosystem and digital economic growth.  The IPTF aims to coordinate and facilitate consensus-based multistakeholder processes to generate collective guidance and identify best practices.  Through this effort, the IPTF seeks to broaden the focus of federal cybersecurity efforts beyond securing critical infrastructure.  A number of key cybersecurity challenges have been identified in the Request for Public Comment, and the IPTF is inviting commenters to highlight other topic areas that the IPTF should consider including as part of this process. Continue Reading

Posted in International/EU Privacy

Regulators Write to Manufacturers to Highlight Concerns Over Connected Devices

IoT-cloud-lockThe UK and Canadian data protection regulators have written to webcam manufacturers to highlight concerns about the safety of internet-connected devices and to enlist their assistance in reducing the risks posed by their products.  In particular, the regulators call for manufacturers to roll out privacy-friendly default settings, implement “privacy by design” – whereby data protection and privacy considerations are built into the design and manufacturing process – and provide increased guidance to consumers about ensuring the security of devices.  Continue Reading

Posted in International/EU Privacy

CNIL Releases BYOD Guidelines

France-BYODSecurity concerns and the need to increase cyber security measures have recently boosted the use of Bring Your Own Device (BYOD) policies in France. Recent events have exacerbated fears of data breaches and hacking for IT managers who were not overly concerned before. As a consequence, IT security teams are seeking to apply the same security and device management systems that apply to their own company’s equipment to employees’ devices when employees use their devices for work purposes.  Continue Reading

Posted in International/EU Privacy

UK Parliamentary Report Calls for a New Legal Framework for UK Secret Intelligence Agencies

UK FlagThe Intelligence and Security Committee (ISC) of the UK Parliament today published its much anticipated report on the secret capabilities of the UK intelligence and security agencies (MI6, MI5 and GCHQ), in particular their powers to intercept electronic communications and acquire communications data. Continue Reading

Posted in Consumer Privacy, Cybersecurity & Data Breaches

NIST Releases Discussion Draft on Cyber-Physical Systems Framework

500px-NIST_logo.svgThis week, the National Institute of Standards and Technology (NIST) released a preliminary discussion draft of its Framework for Cyber-Physical Systems. The draft has an ambitious goal: to create an integrated framework of standards that will form the blueprint for the creation of a massive interoperable network of cyber-physical systems (CPS), also known as the “Internet of Things.” In 2014, NIST established the cyber-physical systems public working group (CPS PWG)—an open public forum which includes representatives from government, industry, and academia—to develop the CPS framework. By creating a common framework at an early stage of the Internet of Things, the CPS PWG hopes to ensure the development of a secure, integrated, and interoperable ecosystem of connected devices. The CPS PWG will continue to solicit input as it refines the draft and works to finalize the framework for use in multiple industry sectors. Continue Reading

Posted in Consumer Privacy

NTIA Launches Multistakeholder Process to Develop Privacy Best Practices for Commercial and Private Unmanned Aircraft Systems

shutterstock_149083385On March 4, the U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) announced it is seeking comments on how to structure a new multistakeholder process to develop best practices for commercial and private unmanned aircraft systems (UAS) use. NTIA also announced that it will likely hold its first multistakeholder meeting within 90 days.

As we previously reported, the NTIA action follows the White House’s February 15 Presidential Memorandum directing NTIA to lead private sector groups toward the creation of commercial UAS standards. Companies will be free to choose whether to participate in any resulting code of conduct or standards. However, by an individual company so publicly committing, it might then become subject to Federal Trade Commission (FTC) enforcement if it then fails to do so. The FTC’s enforcement authority would be based on its jurisdiction to enforce an unfair or deceptive trade practice under Section 5 of the FTC Act, although FTC enforcement authority might not be the right approach for all entities in the UAS ecosystem, for example, UAS manufacturers or those involved in business-to-business UAS services. Continue Reading

Posted in Consumer Privacy

The Auto Industry Is Serious About Connected Car Privacy

shutterstock_203285494 [Converted]-01This article was originally posted on March 4, 2015 to The Hill’s “Congress Blog.” To access the original posting, click here.

This week, two thousand members of the International Association of Privacy Professionals (IAPP), will gather in Washington, D.C. to discuss the most pressing privacy and data security issues of the day. One issue that has started to appear on the privacy agenda is privacy and the “connected car.” Continue Reading

Posted in Consumer Privacy

The Law of Securing Consumer Data on Networked Computers

Cohen article 1The status of consumer data security law in the United States is at a crossroads.  Last week, the White House released a discussion draft of its Consumer Privacy Bill of Rights Act of 2015, which would require businesses collecting personal information to maintain safeguards reasonably designed to ensure the security of that information.  And yesterday, the Third Circuit held oral argument in FTC v. Wyndham Worldwide Corp., in which the district court last April denied Wyndham’s challenge to the Federal Trade Commission’s data security enforcement efforts. Continue Reading

Posted in Consumer Privacy, Employment Privacy, Privacy & Security Litigation

Insights on the Consumer Privacy Bill of Rights Act of 2015

WhiteHouse_LogoOn Friday, February 27, the White House released its promised draft privacy and data security legislation. The proposed Consumer Privacy Bill of Rights Act of 2015 (the “Act”) contains few, if any, surprises and would codify the framework that the White House proposed in 2012, imposing privacy and data security requirements across sectors and industries (our analysis of the 2012 proposal can be found here). The proposal has drawn criticism from the Federal Trade Commission and privacy advocates for not containing enough consumer protections, and from the business community for a lack of clarity and the potential to stifle innovation and to create other unintended consequences.  Continue Reading

Posted in Consumer Privacy

Hogan Lovells at IAPP Global Privacy Summit 2015!

HoganLovells Logo_382


Hogan Lovells’ leading Privacy and Information ‎Management practice will actively participate at this week’s IAPP Global Privacy Summit 2015. Below is a listing of events in which our lawyers will be featured:

March 4

  • Harriet Pearson, Partner, Certified Information Privacy Professional U.S., Hogan Lovells US LLP,  will be a featured panelist on “Piecing Together the Privacy Engineering Puzzle” from 9:00 a.m. – 1:00 p.m.
  • Hogan Lovells is sponsoring refreshments for the IAPP’s first ever LGBT Networking Happy Hour in conjunction with the IAPP Summit in Washington, D.C. To RSVP, click here.

March 5

  • Christopher Wolf, Director, Global Privacy and Information Management Practice, Hogan Lovells US LLP, will “Talk Privacy and Beyond” with FTC Commissioner Julie Brill from 2:30 p.m. – 3:30 p.m.

March 6

  • Mark Brennan, Partner, Hogan Lovells US LLP, will moderate “Privacynomics: The Proper Role of Economics in Privacy Policymaking” with FTC Commissioner Josh Wright and James Cooper, Director, Research and Policy, Law and Economics Center; Lecturer in Law, George Mason University School of Law. The discussion will take place from 8:30 a.m.– 9:30 a.m..
  • Eduardo Ustaran, Partner, Certified Information Privacy Professional Europe, Hogan Lovells International LLP, will discuss “The Future of Privacy – Your Job Tomorrow” from 11:10 a.m. – 11:30 a.m.
  • Timothy Tobin, Partner, Hogan Lovells US LLP, will moderate a panel on Connected Cars entitled “Driving Privacy Forward” from 11:30 a.m. – 12:30 p.m.
  • Sian Rudgard, Of Counsel, Certified Information Privacy Professional Europe, Hogan Lovells International LLP will discuss “Are You Ready for BCR? A Practical Guide to Find Out if You Have What It Takes” from 11:30 a.m. – 12:30 p.m.

 Please come and visit us at Booth 208!