With cybersecurity now ranked as the top concern for general counsel and corporate board members, and with the regulatory and legislative landscape so active (e.g., the House’s passage of CISPA and the President’s Executive Order), Hogan Lovells is proud to be a sponsor of the inaugural Cybersecurity Law Institute, to be held at the Georgetown University Law Center in Washington, DC, on May 22–23, 2013.
The February 21 edition of The Corporate Counsel.Net blog presents an audio interview with Hogan Lovells partner Harriet Pearson in which the following topics are addressed: Why cybersecurity is a hot topic for lawyers now, and not just IT staff. The signficance of recent interactions on this topic between Senator Rockefeller and the CEOs of the… Continue Reading
Government contractors soon may be compelled to protect against the compromise of information that is resident on their network and computer systems. The Federal Acquisition Regulatory Council (FAR Council) issued on August 24 a proposed rule on “Basic Safeguarding of Contractor Information Systems”. The proposal would add a new FAR subpart and contract clause requiring small and large contractors, including commercial items contractors, to employ basic security measures to protect information from unauthorized disclosure, loss, or compromise.
Following up on a public workshop held earlier this year, today the Federal Trade Commission (FTC) issued a set of truth-in-advertising and privacy guidelines for mobile device application (app) developers. Titled “Marketing Your Mobile App: Get it Right From the Start,” the guidelines provide an overview of key issues for all app developers to consider.
Widely-reported efforts to craft compromise cybersecurity legislation failed 52-46 in a key Senate vote on August 2 despite bipartisan engagement and the Obama Administration’s vocal support.
Comments filed recently with the Federal Communications Commission (FCC) show a deep divide over whether the agency should pursue further action to address privacy and security of information stored on mobile devices. Reply comments are due soon.
On May 14, Hogan Lovells’ partner Chris Wolf moderated a panel discussion presented by the Congressional Internet Caucus Advisory Committee entitled, “New Internet Privacy Legislation: What the White House, Federal Trade Commission and the European Commission Are Recommending.” The FTC’s Maneehsa Mithal began the event with a brief overview of the FTC’s Commission Report on protecting consumer privacy, and the panelists, led by Mr. Wolf, engaged in a discussion about the FTC Report, the White House’s privacy white paper, and the proposed EU Data Protection Regulation.
Late last year, the Hong Kong Privacy Commissioner for Personal Data published a Guidance Note to assist data users with properly handling and protecting personal data contained in portable storage devices, including USB memory sticks, tablet/notebook computers, mobile/smart phones, personal digital assistants, portable hard drives and optical discs such as DVDs. This post reviews practical recommendations set forth by the Privacy Commissioner to help data users manage the security risks associated with the use of portable storage devices.
Companies facing claims for failing to properly secure their customers’ data may also find themselves in litigation with their insurance carriers over whether the claims that arise from such data security incidents are covered under their existing insurance policies. This entry describes one such recent lawsuit.
Massachusetts information security regulations took effect on March 1, 2010. In approximately five weeks, covered companies face a compliance deadline relating to their third party service provider contracts.
A federal judge dismissed all but one of the claims financial institutions brought against Heartland Payment Systems for the breach of Heartland’s computer systems that affected approximately 130 million consumers, demonstrating that it may be difficult to hold companies legally responsible for breaches of their data. The financial institution plaintiffs balked at Heartland’s settlement offers and instead sought relief from the court, but only the alleged violation of Florida’s consumer-protection statute survived Heartland’s motion to dismiss, an outcome which may deter future plaintiffs affected by data breaches from rejecting settlement offers to litigate their claims.
Data stored in the cloud will be subject to numerous data security laws, explains Hogan Lovells partner Phil Porter in a recent article. Specific types of data will trigger different security regulations, ranging from HIPAA rules for health data, to Gramm-Leach-Bliley Act rules for financial service data, to COPPA for data about children. Data hosted in the cloud in the U.S. might also subject the data to U.S. national security rules, including USA Patriot Act. Cloud service providers and customers need to tailor their contractual provisions to match these regulatory imperatives.
This week, Germany started a new Volkszählung – the first count and registration of Germany’s, its federal states’ and communities’ population since 1987. The census 2011 has precititated privacy concerns and legal challenges, described in the blog entry.
News of an innovative client program, a strategic risk management relationship with Hogan Lovells offering proactive resources and advice to manage privacy and data security risks, as well as just in time support and access to counseling in the event of an information breach.
Comments are due December 29th on a proposal that would require banks and money transmitters to report information to the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) regarding international fund transfers, including the Social Security numbers of individuals that send or receive such funds.
On September 15th, the Federal Deposit Insurance Corporation (FDIC) issued guidance urging banks under its supervision to ensure that they have robust written policies and procedures for the erasure or destruction of sensitive or confidential information stored in office equipment.
Complimentary Webcast of a Presentation by Hogan & Hartson’s Privacy Practice Lead Chris Wolf on New Directions in Enforcement and Policy at the FTC and the Impact on Businesses
The recent effective data for enforcement of the new HIPAA/HITECH data-security breach notification law, and continued passage of and amendments to state notification laws, make compliance with data-security breach notification requirements more challenging than ever.
The H&H Chronicle of Data Protection thought it would be useful to provide this Short Guide to Responding to Data Security Breaches as a refresher for some and as a wake-up call for others.
The Federal Trade Commission has warned one hundred businesses and organizations that peer-to-peer software (typically used by employees to download and share copyrighted music, software and movie files over the Internet) is exposing information on customers and employees, including health and financial data, Social Security numbers and driver’s license numbers.
CNIL issues data security recommendations, which are rudimentary compared to ENISA work on the subject
UPS Ltd has joined the ever-increasing number of companies featuring in the ‘Enforcement’ section of the UK Information Commissioner’s website, for failing to ensure the adequate security of personal data, which was held on an unencrypted laptop. Security is one of the key data protection principles set out in Schedule 1, Part 1, of the… Continue Reading
On August 17, 2009, the Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”) issued a second set of revisions to the Standards for the Protection of Personal Information of Residents of the Commonwealth (“Massachusetts Standards”), 201 CMR 17.00. In support of the revisions, the OCABR also issued Frequently Asked Questions (“FAQs”) to clarify the regulators’ views… Continue Reading