Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in News & Events

Privacy and Cybersecurity June 2018 Events

Please join us for our June 2018 Privacy and Cybersecurity Events

June 12
Data Breach Response & Notification
Harriet PearsonMichelle KisloffJoke Bodewits, and Martin Strauch will host a webinar entitled, “Data Breach Response & Notification Under the EU GDPR and U.S. laws.” They will address the GDPR’s breach notification requirements, compare to U.S. breach notification requirements, provide compliance tips and benchmarks, discuss litigation strategies for when an incident occurs, and look ahead at notification requirements under the EU’s Network and Information Systems (NIS) Directive.

 

June 21
Breach Notification Under the GDPR and Privacy and Cybersecurity Litigation
Michelle Kisloff will speak on two panels at the ABA’s Third National Institute on Cybersecurity Law. The first panel, “Breach Notifications under the GDPR,” will cover data breach response under the GDPR. The second panel, “Litigation Round-Up,” will discuss privacy and cybersecurity litigation developments. Tim Tobin will moderate both panels.
Location: New York

 

Continue Reading

Posted in International/EU Privacy

GDPR Guidance – European Data Protection Board Adopts Art. 29 Working Papers

Data protection authorities set out guidelines for the application of the new EU General Data Protection Regulation

The European Data Protection Board (EDPB) is the joint coordination body of the EU data protection authorities. The EDPB provides guidance on the application of the EU Data Protection Regulation (GDPR). With the GDPR having come into force, the EDPB thus replaces the Art. 29 Data Protection Working Party (Art. 29 Group) which was established under the EU Data Protection Directive and other previously applicable data protection laws. More information about the EDPB can be found on its website.

Continue Reading

Posted in Cybersecurity & Data Breaches, International/EU Privacy

Data Class Actions: The Era of Mass Data Litigation

Class actions are commonplace in the United States but relatively rare in Europe. The European Union wants to change that, by facilitating class actions for mass privacy and data breaches.

With the development of big data, the scope and impact of potential data breaches or losses have indeed significantly increased. In the EU, the GDPR comes into effect. Due to its extraterritorial applicability, it will affect business globally. Every day, somewhere in the world, the media report that data for large numbers of individuals, often millions of people, have been breached. It seems then only natural that public authorities would consider class actions as a potential remedy for these breaches, if not a way to prevent them.

Continue Reading

Posted in International/EU Privacy

GDPR Is In Effect: The French Bill Has Been Adopted…But Referred to the French Constitutional Council

The General Data Protection Regulation (GDPR) entered into force on 25 May 2018. In light of the urgency to adapt Law no. 78-17 dated 6 January 1978 to the new European Union law, the French Government has initiated an accelerated procedure. This procedure led to the adoption in final reading by the French National Assembly of the bill on personal data protection on 14 May 2018. However, some French Senators lodged a constitutional complaint against the said law on 16 May 2018.

The bill on personal data protection aims to adapt the “French Data Protection” Act to the new legal framework called “European data protection package” made of the GDPR and the directive on the processing of personal data implemented in police and judicial matters.

Continue Reading

Posted in Consumer Privacy

Straight Talks Podcast: Data Privacy and Cybersecurity in the Age of Rolling Smart Devices

The U.S. Environmental Protection Agency was created in 1970 to safeguard the environment against pollutants. The tidal wave of environmental regulations that followed impacted every industry in the United States, especially the automotive market. Decades later, organizations have internalized these regulations into their culture.

Today, the European Union’s General Data Protection Regulation (GDPR) is driving a regulatory wave of similar scope, but now the need is to safeguard data against cyber attacks and privacy breaches. And once again, the automobile industry will feel the regulatory impact. Autonomous and connected vehicles are essentially “rolling smart devices,” and as they enter the mainstream in the EU and United States, automakers are increasingly reliant on data for safe, efficient vehicle operations. But security and privacy concerns and penalties for regulatory noncompliance demand that manufacturers review their policies — and perspectives — on data storage and use.

In this podcast, Tim Tobin and Winston Maxwell, partners at Hogan Lovells, discuss how cybersecurity, data privacy, and ownership concerns are influencing the development of connected and autonomous vehicles. Continue Reading

Posted in Consumer Privacy

FCC Seeks to Refresh the TCPA Record

Now that the dust has settled from the D.C. Circuit’s highly anticipated Telephone Consumer Protection Act decision in ACA International, et al, v. FCC, the Federal Communications Commission is going back to the drawing board in a new Public Notice that seeks comment on foundational TCPA issues.

Continue Reading

Posted in News & Events

Upcoming Webinar: Worried about the GDPR? Don’t Panic!

With the GDPR about to come into effect, join our experts for a live webinar on May 23 to learn what you should be focusing on now. The GDPR becomes applicable on 25 May and will affect organisations worldwide. It is a complex and strict law with dozens of obligations which will be fiercely enforced. Getting it right will be essential for business success in the digital economy.

In this complimentary webinar, Hogan Lovells’ Eduardo Ustaran will be joined by Nicola Howell, Lien Ceulemans, and Michael Millar to consider:

Continue Reading

Posted in International/EU Privacy

The True Global Effect of the GDPR

“European data protection rules will become a trademark people recognise and trust worldwide”. That is how, in January 2012, Viviane Reding – then Vice-President of the European Commission and EU Justice Commissioner – ended her announcement of the widest reform of privacy and data protection law ever attempted. Six years later, this ambitious aim is becoming a reality. Organisations from around the world and well beyond Europe are grappling with the new European General Data Protection Regulation (GDPR) and its impact on their data activities. From Australian banks and South American insurers to US universities and Asian telecoms companies, determining the applicability of the GDPR to their operations has become a critical business decision. As many global companies ponder over the right strategy to privacy compliance, a key question has emerged: which organisations, and under which circumstances, are subject to the territorial scope of the GDPR?

Continue Reading

Posted in News & Events

Privacy and Cybersecurity May 2018 Events

May 1
MedTech Intelligence
Paul Otto will co-present with a FDA panelist on “Medical Device Cybersecurity Preparedness and Response” at the MedTech Intelligence Medical Cybersecurity Vulnerability & Patch Management conference.
Location: Washington, D.C.

 

May 10
IoT’s Impact on Health Care
Paul Otto will be a speaker in a Marsh webinar titled, “From Disruptive to Transformative: Preparing for IoT’s Impact on Health Care.” He will discuss why IoT is important to transforming health care and how it is impacting markets globally.
To register, click here

 

Continue Reading

Posted in Cybersecurity & Data Breaches, Financial Privacy

SEC Issues New Interpretive Guidance on Cybersecurity Disclosures

On February 21, the Securities and Exchange Commission (SEC) published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. The Commission’s release follows shorter cybersecurity “disclosure guidance” issued in 2011 by the staff of the SEC’s Division of Corporation Finance. The new guidance was prompted by the agency’s concern over the increase in the risks and frequency of data breach incidents and other cyber-attacks affecting public companies. The Commission’s release addresses many of the matters raised in the staff’s guidance, while expanding the discussion to cover additional disclosure and compliance considerations.

Continue Reading