Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy

NIST Continues to Make Progress on its Privacy Framework

While eyes focus on the privacy legislative debate now underway in the United States, the development of a new Privacy Framework by the influential National Institute of Standards and Technology (“NIST”) is also worthy of attention. On May 13-14, 2019, NIST hosted its second workshop on the recently released discussion draft of its “Privacy Framework: An Enterprise Risk Management Tool” (“Privacy Framework”). The workshop brought together stakeholders to provide feedback on the draft and suggest areas for revision. NIST had previously hosted a workshop in October 2018 to kick off the development of the Privacy Framework and had presented its thinking at other fora such as the Brookings Institution. Continue Reading

Posted in News & Events

Amsterdam Seminar: Protect Your Data!

Joke Bodewits

Ruud van der Velden

 

 

 

 

 

On 23 May 2019, Hogan Lovells’ Amsterdam office will host the in-person seminar “Bescherm je data!” (“Protect Your Data!”). Joke Bodewits and Ruud van der Velden will discuss recent EU legislation, and focus on “lessons learned” for companies with respect to privacy, cybersecurity, and trade secrets.

Continue Reading

Posted in Cybersecurity & Data Breaches

Cybersecurity Standards for the Insurance Sector – A New Patchwork Quilt in the US?

In the past two years, multiple state bills that have been introduced in the US to provide for cybersecurity requirements and standards to the insurance sector, with recent legislative activity taking place in particular within the States of Ohio, South Carolina, and Michigan. The entering into effect of multiple state laws in this area may present challenges for insurance providers operating in states where such cybersecurity requirements are provided for. Continue Reading

Posted in News & Events

Hogan Lovells Privacy and Cybersecurity Practice Ranked as a Top-Tier Practice by Chambers USA for 8th Consecutive Year

Chambers USA recently released its 2019 rankings and we are pleased to announce that Hogan Lovells’ Privacy and Cybersecurity (PaC) practice once again received Band 1 recognition by Chambers USA. Chambers noted that PaC “[r]emains one of the country’s preeminent privacy and data security practices. A highly talented roster of attorneys advising clients on major data breaches and complex policy matters across a multitude of industries, including retail, automotive and media.” Continue Reading

Posted in International/EU Privacy

GDPR – The Work Ahead

The sky has not fallen. The Internet has not stopped working. The multi-million euro fines have not happened (yet). It was always going to be this way. A year has gone by since the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) became effective and the digital economy is still going and growing. The effect of the GDPR has been noticeable, but in a subtle sort of way. However, it would be hugely mistaken to think that the GDPR was just a fad or a failed attempt at helping privacy and data protection survive the 21st century. The true effect of the GDPR has yet to be felt as the work to overcome its regulatory challenges has barely begun. So what are the important areas of focus to achieve GDPR compliance? Continue Reading

Posted in News & Events

Webinar on Hacking 101: How it works and how to mitigate risk

Please join the Hogan Lovells Privacy and Cybersecurity team on May 15 for our webinar, Hacking 101: How it Works and How to Mitigate Risk. We will explore how certain common hacks work from a technical perspective and how to mitigate related risks from a legal and compliance perspective. Continue Reading

Posted in Consumer Privacy

NIST Seeking Input on AI Technical Standards by May 31, 2019

On May 1, 2019, the National Institute of Standards and Technology (NIST) announced a Request for Information (RFI) in the Federal Register regarding ongoing efforts to develop technical standards for artificial intelligence (AI) technologies and the identification of priority areas for federal involvement in AI standards-related activities. Responses to the RFI are due by May 31, 2019.
Continue Reading

Posted in News & Events

Privacy and Cybersecurity May 2019 Events

Please join us for our May events

May 1
IAPP Global Summit
Bret Cohen will speak on the Privacy Bar Section Forum panels, “Working Across Borders: Partnering and Vetting,” and “Case Study: How Working Across Borders Worked for Me,” during the 2019 IAPP Global Summit.
Location: Washington, D.C.

 

May 3
IAPP Global Summit
Eduardo Ustaran will discuss the Binding Corporate Rules (BCR) journey from the key strategic decision for success to the practical aspects of obtaining regulatory approval under the GDPR framework during the panel, “Binding Corporate Rules – Gold Standard Within Reach,” at the 2019 IAPP Global Summit.
Location: Washington, D.C.

 

May 3
IAPP Global Summit
James Denvil will examine the privacy risk management approach organizations can use when adopting AI-enabled enterprise systems on the panel, “Artificial Intelligence in Enterprise Systems: Tech Advances and Privacy Risks,” during the 2019 IAPP Global Summit.
Location: Washington, D.C.

 

Continue Reading

Posted in Health Privacy/HIPAA

HIPAA Penalty Caps to Be Reduced and Tied to Culpability Level

In a dramatic turn, the US Department of Health and Human Services (HHS) has announced that effective immediately, penalties for many HIPAA violations will be subject to substantially reduced limits. After a record year of collecting high-dollar settlements, the agency has pulled back and tied its own hands through a Notification of Enforcement Discretion that will likely result in lower penalties and settlement agreement amounts.

Continue Reading

Posted in International/EU Privacy

South Africa Data Protection Regulations Expected to Take Effect in 2019

Although South Africa’s first comprehensive piece of data protection legislation, the Protection of Personal Information Act (POPIA), was originally signed into law in November 2013, the substantive provisions of the law have not yet taken legal effect. That is likely to change since South Africa’s data protection authority, the Information Regulator, published the final draft of its POPIA regulations in December 2018. Continue Reading