Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in International/EU Privacy

Health Company Fined by UK’s Information Commissioner Office

shutterstock_366825284Last week, the UK’s Information Commissioner’s Office (ICO) published a monetary penalty notice which fined a private healthcare company, HCA International, £200,000 for its failure to keep sensitive data secure.

Continue Reading

Posted in News & Events

Privacy and Cybersecurity March 2017 Events

Please join us for our March 2017 Privacy and Cybersecurity Events.

March 2
Privacy Women Showcase
Julie Brill will be speaking at a NY Bar Association event on “Careers in Privacy.”
Location: New York, New York

 

March 14
Connected Car Technologies and Trends
Tim Tobin will speak on “Protecting the Connected Car” at Automotive Megatrends’ Connected Car Detroit 2017.
Location: Dearborn, Michigan

 

Continue Reading

Posted in Consumer Privacy

FCC Chairman Announces Intent to Stay Broadband Data Security Rules

shutterstock_123802696The Federal Communications Commission’s (FCC) Media Relations Office has released a statement announcing Chairman Pai’s intention to stay a data security rule adopted by the Commission late last year in its Broadband Privacy Order.  Absent a stay, the rule is set to go into effect on March 2.

Continue Reading

Posted in International/EU Privacy

Australia Introduces Mandatory Data Breach Notification Scheme

Australian flagOn 13 February 2017, the Australian Senate passed into law the Privacy Amendment (Notifiable Data Breaches) Bill 2016. This law amends the primary privacy and data protection legislation in Australia, Privacy Act 1988 (Cth), to introduce the long-anticipated mandatory data breach notification scheme. Under this scheme, all agencies and businesses that are regulated by the Privacy Act are required to provide notice to the Australian Information Commissioner and affected individuals of certain data breaches that are likely to result in “serious harm.”

Continue Reading

Posted in Cybersecurity & Data Breaches

The “Final Final” is Here: NYDFS Cybersecurity Regulations

shutterstock_71527090As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On February 16, NYDFS issued its Final Rules, following the initial proposed rules published in September 2016 and two rounds of feedback via industry complaints and public comment. The Final Rules set forth requirements for a risk-based approach to cybersecurity, and include expectations for reporting on cybersecurity risks and events to senior management and NYDFS.

Click here to learn more about how to prepare for the new requirements, timing and implementation details, changes to the rules since the December announcement, and other related cybersecurity developments.

Posted in International/EU Privacy

Polish DPA Releases Data Privacy Inspection Plans – Targets Health, Shopping

shutterstock_283429205The Polish Data Protection Authority (GIODO) has just released its inspection plans for 2017. This year, the GIODO has decided to target its review of compliance with data protection laws on the health services and consumer sectors, with particular attention to certain profiling activities taking place in stores and shopping malls.

Continue Reading

Posted in News & Events

Your Cyber Minute: Watch Our Topline Digest of Today’s Cybersecurity Issues

offset_202677 Retouched 300x254With cybersecurity issues evolving rapidly, every minute counts. Our new video series, Your Cyber Minute, is specifically designed for busy in-house counsel to gain practical perspectives – fast. This multi-part series is an extension of our Ready, Set, Respond resource portal and highlights today’s hottest topics in cybersecurity. To watch in real time, follow us on LinkedIn and Twitter, where we post a new video on Monday and Thursday.

The two installments we’ve released so far feature cybersecurity practice lead and partner Harriet Pearson speaking with:

  • Former financial crimes enforcement lawyer and Hogan Lovells partner Greg Lisa about the NY Department of Financial Services’ (NY DFS) proposed cybersecurity regulations
  • Hogan Lovells Cyber Risk Services managing principal Jeff Lolley about major cyber threats facing organizations in 2017

Tune in to get the latest in what you need to know and how to better be prepared.

Continue Reading

Posted in International/EU Privacy

ICO Turns Spotlight on Data Broker Industry

shutterstock_187697849Data brokers are organisations that obtain data from a variety of sources and then sell or license it to third parties. Many trade in personal data, which is purchased by their customers for several purposes, most commonly to support marketing campaigns. In 2012, data brokers’ trade in personal data was reported to have generated over $150 billion in revenue.

The UK data protection regulator (the “ICO”) has for some time been actively enforcing against organisations who buy individuals’ personal data for direct marketing purposes without first conducting appropriate due diligence to ensure that those individuals have adequately consented to receiving marketing communications.

Continue Reading

Posted in Consumer Privacy

NTIA Highlights Promise and Policy Challenges of IoT, Seeks Additional Comments

iStock_000050783348_DoubleOn January 12, 2017, prior to the new administration taking power, the National Telecommunications and Information Administration (NTIA) within the Department of Commerce (Department) released a Green Paper on “Fostering the Advancement of the Internet of Things,” which assesses the technological and policy landscape of the Internet of Things (IoT). The Green Paper is expansive in scope, reflecting the broad range of issues raised in comments submitted by stakeholders in the private sector, academia, government, and civil society following NTIA’s April 2016 request for public comment. The Green Paper identifies key issues, and provides recommendations and assessments on the potential benefits and risks that IoT portends. The NTIA identifies cybersecurity, privacy and cross-border data flows as the most significant policy issues. It also proposes four principles for future policy engagement in which the Department would play a central role in creating conditions that would foster IoT growth. The agency also requested additional comments on the issues raised by the Green Paper.

Continue Reading

Posted in International/EU Privacy

“Cybersecurity Review” Takes Shape in China

shutterstock_293627249On 4 February 2017, the Cyberspace Administration of China issued a draft of the Network Products and Services Security Review Measures (“Draft Measures”) for public comment: the Draft Measures remain open for comments until 4 March 2017.  The Draft Measures are follow-on legislation to China’s Cyber Security Law adopted on 7 November 2016, which will take effect on 1 June 2017.

Continue Reading