With cybersecurity now ranked as the top concern for general counsel and corporate board members, and with the regulatory and legislative landscape so active (e.g., the House’s passage of CISPA and the President’s Executive Order), Hogan Lovells is proud to be a sponsor of the inaugural Cybersecurity Law Institute, to be held at the Georgetown University Law Center in Washington, DC, on May 22–23, 2013.
Tag Archives: data security
Podcast Interview with Harriet Pearson on Cybersecurity Issues
The February 21 edition of The Corporate Counsel.Net blog presents an audio interview with Hogan Lovells partner Harriet Pearson in which the following topics are addressed: Why cybersecurity is a hot topic for lawyers now, and not just IT staff. The signficance of recent interactions on this topic between Senator Rockefeller and the CEOs of the… Continue Reading
New Safeguarding Requirements for Government Contractor Information Systems
Government contractors soon may be compelled to protect against the compromise of information that is resident on their network and computer systems. The Federal Acquisition Regulatory Council (FAR Council) issued on August 24 a proposed rule on “Basic Safeguarding of Contractor Information Systems”. The proposal would add a new FAR subpart and contract clause requiring small and large contractors, including commercial items contractors, to employ basic security measures to protect information from unauthorized disclosure, loss, or compromise.
FTC Provides Guidance to (All) Mobile App Developers
Following up on a public workshop held earlier this year, today the Federal Trade Commission (FTC) issued a set of truth-in-advertising and privacy guidelines for mobile device application (app) developers. Titled “Marketing Your Mobile App: Get it Right From the Start,” the guidelines provide an overview of key issues for all app developers to consider.
US Executive Branch to Ramp Up Cybersecurity Actions as Federal Legislation Stalls
Widely-reported efforts to craft compromise cybersecurity legislation failed 52-46 in a key Senate vote on August 2 despite bipartisan engagement and the Obama Administration’s vocal support.
Parties Divided Over FCC Involvement in Mobile Privacy
Comments filed recently with the Federal Communications Commission (FCC) show a deep divide over whether the agency should pursue further action to address privacy and security of information stored on mobile devices. Reply comments are due soon.
Report from the Congressional Internet Caucus Advisory Board Privacy Program
On May 14, Hogan Lovells’ partner Chris Wolf moderated a panel discussion presented by the Congressional Internet Caucus Advisory Committee entitled, “New Internet Privacy Legislation: What the White House, Federal Trade Commission and the European Commission Are Recommending.” The FTC’s Maneehsa Mithal began the event with a brief overview of the FTC’s Commission Report on protecting consumer privacy, and the panelists, led by Mr. Wolf, engaged in a discussion about the FTC Report, the White House’s privacy white paper, and the proposed EU Data Protection Regulation.
Hong Kong Guidance on the Use of Portable Storage Devices
Late last year, the Hong Kong Privacy Commissioner for Personal Data published a Guidance Note to assist data users with properly handling and protecting personal data contained in portable storage devices, including USB memory sticks, tablet/notebook computers, mobile/smart phones, personal digital assistants, portable hard drives and optical discs such as DVDs. This post reviews practical recommendations set forth by the Privacy Commissioner to help data users manage the security risks associated with the use of portable storage devices.
Insurance Company Sues, Seeking Declaration of No Coverage in Data Security Matter
Companies facing claims for failing to properly secure their customers’ data may also find themselves in litigation with their insurance carriers over whether the claims that arise from such data security incidents are covered under their existing insurance policies. This entry describes one such recent lawsuit.
Upcoming Compliance Deadline for Massachusetts Service Provider Contracts
Massachusetts information security regulations took effect on March 1, 2010. In approximately five weeks, covered companies face a compliance deadline relating to their third party service provider contracts.
District Court Dismisses Most Claims Related to Heartland Data Breach
A federal judge dismissed all but one of the claims financial institutions brought against Heartland Payment Systems for the breach of Heartland’s computer systems that affected approximately 130 million consumers, demonstrating that it may be difficult to hold companies legally responsible for breaches of their data. The financial institution plaintiffs balked at Heartland’s settlement offers and instead sought relief from the court, but only the alleged violation of Florida’s consumer-protection statute survived Heartland’s motion to dismiss, an outcome which may deter future plaintiffs affected by data breaches from rejecting settlement offers to litigate their claims.
New Guidelines Released for Mobile App Privacy Policies
Amid increasing media and regulator scrutiny over location-based services, the Mobile Marketing Association has released a set of draft privacy policy guidelines for mobile applications (“apps”). These guidelines address key data privacy and security issues and provide a helpful “starting point” for companies that develop or deploy mobile apps. With assistance from Hogan Lovells, the Future of Privacy Forum participated in the development of these guidelines.
Cloud Computing for Regulated Industries: Security Requirements Differ
Data stored in the cloud will be subject to numerous data security laws, explains Hogan Lovells partner Phil Porter in a recent article. Specific types of data will trigger different security regulations, ranging from HIPAA rules for health data, to Gramm-Leach-Bliley Act rules for financial service data, to COPPA for data about children. Data hosted in the cloud in the U.S. might also subject the data to U.S. national security rules, including USA Patriot Act. Cloud service providers and customers need to tailor their contractual provisions to match these regulatory imperatives.
German Census 2011 Raises Privacy Concerns and Court Challenges
This week, Germany started a new Volkszählung – the first count and registration of Germany’s, its federal states’ and communities’ population since 1987. The census 2011 has precititated privacy concerns and legal challenges, described in the blog entry.
Insurer Announces Innovative Risk Management Relationship with Hogan Lovells Privacy Practice
News of an innovative client program, a strategic risk management relationship with Hogan Lovells offering proactive resources and advice to manage privacy and data security risks, as well as just in time support and access to counseling in the event of an information breach.
FinCEN Considers Proposed Rule to Require Reporting of Cross-Border Electronic Fund Transfers
Comments are due December 29th on a proposal that would require banks and money transmitters to report information to the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) regarding international fund transfers, including the Social Security numbers of individuals that send or receive such funds.
FDIC Requires Banks to Adopt Policies on Disposal of Information Stored on Office Equipment
On September 15th, the Federal Deposit Insurance Corporation (FDIC) issued guidance urging banks under its supervision to ensure that they have robust written policies and procedures for the erasure or destruction of sensitive or confidential information stored in office equipment.
Complimentary Webcast of a Presentation by Hogan & Hartson’s Privacy Practice Lead Chris Wolf on New Directions in Enforcement and Policy at the FTC and the Impact on Businesses
Complimentary Webcast of a Presentation by Hogan & Hartson’s Privacy Practice Lead Chris Wolf on New Directions in Enforcement and Policy at the FTC and the Impact on Businesses
Short Guide to Responding to Data Security Breaches
The recent effective data for enforcement of the new HIPAA/HITECH data-security breach notification law, and continued passage of and amendments to state notification laws, make compliance with data-security breach notification requirements more challenging than ever.
The H&H Chronicle of Data Protection thought it would be useful to provide this Short Guide to Responding to Data Security Breaches as a refresher for some and as a wake-up call for others.
FTC Sends Warning Shot to Organizations Allowing Peer-to-Peer Software on their Networks
The Federal Trade Commission has warned one hundred businesses and organizations that peer-to-peer software (typically used by employees to download and share copyrighted music, software and movie files over the Internet) is exposing information on customers and employees, including health and financial data, Social Security numbers and driver’s license numbers.
French CNIL Issues Data Security Tips
CNIL issues data security recommendations, which are rudimentary compared to ENISA work on the subject
UPS Ltd Subject of UK Data Security Enforcement
UPS Ltd has joined the ever-increasing number of companies featuring in the ‘Enforcement’ section of the UK Information Commissioner’s website, for failing to ensure the adequate security of personal data, which was held on an unencrypted laptop. Security is one of the key data protection principles set out in Schedule 1, Part 1, of the… Continue Reading
Latest Revision of Massachusetts Data Security Regulations Attempts to Increase Flexibility
On August 17, 2009, the Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”) issued a second set of revisions to the Standards for the Protection of Personal Information of Residents of the Commonwealth (“Massachusetts Standards”), 201 CMR 17.00. In support of the revisions, the OCABR also issued Frequently Asked Questions (“FAQs”) to clarify the regulators’ views… Continue Reading