Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy

Straight Talks Podcast: Data Privacy and Cybersecurity in the Age of Rolling Smart Devices

The U.S. Environmental Protection Agency was created in 1970 to safeguard the environment against pollutants. The tidal wave of environmental regulations that followed impacted every industry in the United States, especially the automotive market. Decades later, organizations have internalized these regulations into their culture.

Today, the European Union’s General Data Protection Regulation (GDPR) is driving a regulatory wave of similar scope, but now the need is to safeguard data against cyber attacks and privacy breaches. And once again, the automobile industry will feel the regulatory impact. Autonomous and connected vehicles are essentially “rolling smart devices,” and as they enter the mainstream in the EU and United States, automakers are increasingly reliant on data for safe, efficient vehicle operations. But security and privacy concerns and penalties for regulatory noncompliance demand that manufacturers review their policies — and perspectives — on data storage and use.

In this podcast, Tim Tobin and Winston Maxwell, partners at Hogan Lovells, discuss how cybersecurity, data privacy, and ownership concerns are influencing the development of connected and autonomous vehicles. Continue Reading

Posted in Consumer Privacy

FCC Seeks to Refresh the TCPA Record

Now that the dust has settled from the D.C. Circuit’s highly anticipated Telephone Consumer Protection Act decision in ACA International, et al, v. FCC, the Federal Communications Commission is going back to the drawing board in a new Public Notice that seeks comment on foundational TCPA issues.

Continue Reading

Posted in News & Events

Upcoming Webinar: Worried about the GDPR? Don’t Panic!

With the GDPR about to come into effect, join our experts for a live webinar on May 23 to learn what you should be focusing on now. The GDPR becomes applicable on 25 May and will affect organisations worldwide. It is a complex and strict law with dozens of obligations which will be fiercely enforced. Getting it right will be essential for business success in the digital economy.

In this complimentary webinar, Hogan Lovells’ Eduardo Ustaran will be joined by Nicola Howell, Lien Ceulemans, and Michael Millar to consider:

Continue Reading

Posted in International/EU Privacy

The True Global Effect of the GDPR

“European data protection rules will become a trademark people recognise and trust worldwide”. That is how, in January 2012, Viviane Reding – then Vice-President of the European Commission and EU Justice Commissioner – ended her announcement of the widest reform of privacy and data protection law ever attempted. Six years later, this ambitious aim is becoming a reality. Organisations from around the world and well beyond Europe are grappling with the new European General Data Protection Regulation (GDPR) and its impact on their data activities. From Australian banks and South American insurers to US universities and Asian telecoms companies, determining the applicability of the GDPR to their operations has become a critical business decision. As many global companies ponder over the right strategy to privacy compliance, a key question has emerged: which organisations, and under which circumstances, are subject to the territorial scope of the GDPR?

Continue Reading

Posted in News & Events

Privacy and Cybersecurity May 2018 Events

May 1
MedTech Intelligence
Paul Otto will co-present with a FDA panelist on “Medical Device Cybersecurity Preparedness and Response” at the MedTech Intelligence Medical Cybersecurity Vulnerability & Patch Management conference.
Location: Washington, D.C.

 

May 10
IoT’s Impact on Health Care
Paul Otto will be a speaker in a Marsh webinar titled, “From Disruptive to Transformative: Preparing for IoT’s Impact on Health Care.” He will discuss why IoT is important to transforming health care and how it is impacting markets globally.
To register, click here

 

Continue Reading

Posted in Cybersecurity & Data Breaches, Financial Privacy

SEC Issues New Interpretive Guidance on Cybersecurity Disclosures

On February 21, the Securities and Exchange Commission (SEC) published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. The Commission’s release follows shorter cybersecurity “disclosure guidance” issued in 2011 by the staff of the SEC’s Division of Corporation Finance. The new guidance was prompted by the agency’s concern over the increase in the risks and frequency of data breach incidents and other cyber-attacks affecting public companies. The Commission’s release addresses many of the matters raised in the staff’s guidance, while expanding the discussion to cover additional disclosure and compliance considerations.

Continue Reading

Posted in Consumer Privacy

Hogan Lovells Represents Sears in Achieving First-Ever Modification to FTC Privacy Consent Order

The FTC has approved the first-ever petition to reopen and modify a privacy-related consent order.  The petition, filed by Sears Holdings Management Corporation, sought to amend the terms of Sears’ 2009 consent order (the “Order”), which settled allegations that Sears did not adequately disclose the extent to which desktop software it distributed collected information from consumers.  After reviewing Sears’ petition and public comments, the Commission agreed with Sears that, as a result of changes in the mobile application marketplace, the Order’s requirements as applied to Sears’ mobile apps were “burdensome and counterproductive, both for consumers and Sears.”  Hogan Lovells Partner Michelle Kisloff, Senior Associate Paul Otto, and Associate Joe Vladeck represented Sears in its petition.

Continue Reading

Posted in International/EU Privacy

New Fee Charging Structure to Fund the UK Information Commissioner’s Office

The UK Government has announced a new three-tier charging structure for data controllers to ensure the continued funding of the Information Commissioner’s Office (ICO) to come into effect on 25 May 2018 to coincide with the GDPR coming into force.

Currently, organisations that are controllers of personal data are legally required to register details of their processing activities with the ICO and pay a notification fee of £35 or £500, unless they are exempt.

This two-tier structure will be replaced by a three-tier annual fee structure based on the relative risk to the data that an organisation processes.  This will be measured according to a number of factors, including size, turnover, and whether an organisation is a public authority or charity.

Continue Reading

Posted in Consumer Privacy

Is Artificial Intelligence the Ultimate Test for Privacy?

Nothing challenges the effectiveness of data protection law like technological innovation. You think you have cracked a technology neutral framework and then along comes the next evolutionary step in the chain to rock the boat. It happened with the cloud. It happened with social media, with mobile, with online behavioural targeting and with the Internet of Things. And from the combination of all of that, artificial intelligence is emerging as the new testing ground. 21st century artificial intelligence relies on machine learning, and machine learning relies on…? You guessed it: Data. Artificial intelligence is essentially about problem solving and for that we need data, as much data as possible. Against this background, data privacy and cybersecurity legal frameworks around the world are attempting to shape the use of that data in a way that achieves the best of all worlds: progress and protection for individuals. Is that realistically achievable?

Continue Reading

Posted in News & Events

Privacy and Cybersecurity March 2018 Events

Please join us for our March 2018 Privacy and Cybersecurity Events.

March 6
Standing Post-Spokeo
Hogan Lovells will host a webinar aimed at highlighting strategies companies can employ to defend against consumer, privacy, or data breach lawsuits in the post-Spokeo world. The speakers include Michelle Kisloff, Mark Brennan, Adam Cooke, and Alicia Paller.
Location: Washington, D.C.

 

March 6
Infosecurity Leadership Summit 2018
Eduardo Ustaran is leading a presentation entitled, “Lightening Talk Last Chance Saloon: Are You Ready & Prepared for EU GDPR?,” at the 5th Infosecurity Leadership Summit at the Savoy Hotel.
Location: London

 

March 21
Autonomous Vehicle Privacy
Tim Tobin will present on autonomous vehicle privacy and cybersecurity issues at an autonomous vehicle event at the University of Virginia Law School.
Location: Charlottesville, Virginia

 

Continue Reading