Posted on January 4, 2012 by Christopher Wolf

Announcing Our New Hogan Lovells Privacy Partner Tim Tobin

We are delighted to announce that Tim Tobin, a key player in the Hogan Lovells Privacy and Information Management practice, has become a partner at our firm.

Tim Tobin’s entire professional career, even before law school, has had a privacy law focus. As an early practitioner in the relatively new field of privacy law, Tim has established himself as a "go-to guy" in the entire range of privacy law.  

Tim graduated from the George Mason University School of Law in May 2001 in the top 10% of his class, magna cum laude. Tim attended the evening program at George Mason law, working full time throughout law school. At law school, he was on the Law Review and served as Articles Editor of the Law Review. 

Tim had a professional career prior to, and during law school. He worked at the U.S. Parole Commission within the U.S. Department of Justice, from 1992 to January 2000.  It was in this government job that Tim first became familiar with, and handled privacy issues relating to the Freedom of Information Act (FOIA), the Privacy Act, and similar issues relating to victim privacy and Government records.          

Tim joined Hogan Lovells practice director Chris Wolf at their previous firm, after a stint at a communications law-focused firm, and he assisted in all manner of privacy and data security issues for clients.  At the previous firm,  Tim served as senior editor of a comprehensive legal treatise on privacy law published by the Practising Law Institute (PLI) that has been highly praised.  

Throughout his legal career, Tim has focused on a wide range of privacy and data security law matters. He provides compliance counselling to clients on the wide array of privacy and data security laws, and is deeply experienced in litigation, regulatory agency investigations, agency rulemaking processes, and public policy issues. Tim has worked with clients across a range of industries including those involved with the Internet, new media and communications as well as financial services, airlines, hotel, transportation, sports and entertainment, among many others.

Tim writes and speaks frequently on privacy law topics, including recently at the Los Angeles Auto Show on the topic of new automobile technologies and privacy.  He is the Smart Grid expert for the Future of Privacy Forum, and he leads the firm's pro bono efforts in a new privacy pro bono initiative spearheaded by IBM and the IAPP.

Tim has distinguished himself by his prodigious work ethic, his comprehensive knowledge of privacy law which he translates into thorough and practical advice for clients, and for his strategic insights on contested matters.  He also is known as a really nice guy.

We are delighted to announce his advancement to partner.

 

Tags: , , , , , , ,
Posted on August 20, 2009 by Scott Loughlin

Possible Health Information Trend in State Data Protection Statutes

With the compliance date for the federal health data breach notifications in the HITECH Act looming, more states are amending their data breach notification statutes to cover health information. The possible trend is evident in the newly-enacted laws of three states – Missouri, New Hampshire and Texas – all of which have been enacted since June 2009. 

  • Missouri – Within the key definition of “Personal Information,” Missouri’s new data breach notification law includes both “medical information” and “health insurance information,” which if disclosed in combination with an individual’s name, may trigger notification rights. 
  • New Hampshire– In a separate provision from its general data breach notification law, disclosure of HIPAA protected health information by health care providers and business associates may trigger notice requirements even if the disclosure is permitted under federal law or does not create a risk of harm.
  • TexasExpanding its existing data breach notification statute, Texas specifically amended the definition of “sensitive personal information” to include types of health information not previously covered.

These states join California, Arkansas and Puerto Rico as the only jurisdictions to protect health data under their data breach notification statutes. Still, compliance with these statutes may be costly and burdensome.  Businesses must carefully monitor access, acquisition and disclosure of health and medical information in addition to other types of sensitive information – social security number numbers, financial account numbers, etc. – routinely protected under these statutes. Definitions of health and medical information vary, but can be quite broad to cover, among other things, information relating to:

  • physical or mental health or conditions and medical histories; 
  •  provision of health care;
  •  treatment and diagnosis; 
  •  payments for health care; and 
  •  insurance policy numbers and subscriber IDs.

Although the interaction of these state laws with the federal data breach notification regulations under the HITECH Act is unsettled, state laws must continue to be monitored and analyzed closely, especially if the number of states protecting health information continues to grow and their notification obligations are consistent with, but extend beyond, the federal requirements.

Tags: , , , , , , , , , , , ,