Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: cloud

Posted in Health Privacy/HIPAA

New HHS Guidance Makes Clear HIPAA Applies in the Cloud

Cloud service providers are on notice: you are HIPAA business associates, even if you are unable to access the HIPAA protected information in your cloud. The Department of Health and Human Services Office for Civil Rights released guidance making clear that cloud service providers that create, receive, maintain, or transmit electronic protected health information are covered by HIPAA.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

FTC Says Listen Up When Vulnerability Reports Come In

The FTC wants companies to listen. More precisely, the FTC wants companies to pay attention to and promptly to respond to reports of security vulnerabilities. That’s a key takeaway from the Commission’s recent settlement with ASUSTek. In its complaint against the Taiwanese router manufacturer, the FTC alleged that ASUS misrepresented its security practices and failed to reasonably secure its router software, citing the company’s alleged failure to address vulnerability reports as one of the Commission’s primary concerns. The settlement reiterates the warnings contained in the FTC’s recent Start with Security Guide and prior settlements with HTC America and Fandango: the FTC expects companies to implement adequate processes for receiving and addressing security vulnerability reports within a reasonable time.

Posted in News & Events

Hogan Lovells White Paper on National Security Access to Cloud Data Updated to Add Analysis of Brazil, Italy, Spain

Hogan Lovells today published an update to the White Paper A Sober Look at National Security Access to Data in the Cloud, which compares national security access to data stored with Cloud service providers in a number of countries. The White Paper adds analyses of the laws of Brazil, Italy, and Spain, and reflects the April 2014 opinion of the European Court of Justice invalidating the EU Data Retention Directive. The updated paper now compares the national security access laws of the United States, Australia, Brazil, Canada, France, Germany, Italy, Spain, and the United Kingdom.

Posted in International/EU Privacy

Hogan Lovells White Paper Examines Governmental Access to Data in the U.S. and Latin America

Hogan Lovells today published Pan-American Governmental Access to Data in the Cloud, the fifth installment in a series of White Papers examining government access to data held by Cloud service providers. Examining the right of governments in the United States and Latin America to access data in the Cloud, the White Paper concludes that the physical location of Cloud servers does not significantly affect government access to data stored on those servers, and that it is fundamentally incorrect to assume that the United States government’s access to data in the Cloud is greater than that in the Latin American countries examined.

Posted in Consumer Privacy, International/EU Privacy, News & Events

Hogan Lovells White Paper: U.S. Provides Greater Right to Challenge Certain Government Access to Data than France, Germany, UK, and Australia

With the focus this summer on nation-states’ collection of electronic data, an important question went unanswered – what rights do individuals have to challenge government access to their data? We set out to answer that question in the fourth installment in Hogan Lovells’ White Paper series examining government access to data held by service providers. In the White Paper, available through this blog post, we compared the ability of citizens and non-citizens to challenge government access to data in the U.S., France, Germany, the UK, and Australia, concluding that of the countries surveyed, the right of redress appears strongest in the United States.

Posted in International/EU Privacy, News & Events

Hogan Lovells Publishes White Paper Analyzing Service Provider Transparency Reports: Law Enforcement Requests for Data in the U.S. Not Extraordinary When Compared with Rest of World

Hogan Lovells today published the next installment in a series of White Papers examining government access to data held by service providers. Today’s publication, An Analysis of Service Provider Transparency Reports on Government Requests for Data, examines the most recent transparency reports published by Google, Microsoft, Skype, Twitter, and LinkedIn concerning law enforcement requests for data in multiple countries, concluding that when the numbers are adjusted for population sizes and the number of Internet users in each respective country, they reveal that the U.S. government requests information from these providers at a rate comparable to — and sometimes lower than — that of several other countries, including many European Union member states.

Posted in International/EU Privacy

IAPP Piece Compares U.S. and EU Government Surveillance Practices

Recent work done by Hogan Lovells on EU national security access to data shows that the American intelligence-gathering framework imposes at least as much, if not more, due process and oversight on foreign intelligence surveillance than other countries afford in similar circumstances. In a detailed analysis of the misconceptions related to U.S. government intelligence-gathering for the IAPP Privacy Perspectives blog, Chis Wolf outlines “A Sober Look at National Security Access to Data in the Cloud,” a recently published Hogan Lovells white paper comparing U.S. intelligence-gathering under the FISA Amendments Act to the practices of five European countries.

Posted in International/EU Privacy, News & Events

Hogan Lovells White Paper Examines National Security Access to Personal Data in the Cloud Around the World

Hogan Lovells has published a White Paper demonstrating that, contrary to recent reports, the limitations applied to U.S. law enforcement access to data stored in the Cloud during national security and foreign intelligence investigation surpass in many cases restrictions applied during similar investigations in other countries. “A Sober Look at National Security Access to Data in the Cloud,” written by Christopher Wolf and Winston Maxwell, lawyers in Hogan Lovells’ Privacy and Information Management Practice based out of the Washington D.C. and Paris offices, was released today at a panel of the authors which was presented by the OpenForum Academy in Brussels. The authors also will discuss the paper tomorrow in Paris at a roundtable discussion comparing U.S. and French government access to data in the cloud presented by the American Chamber of Commerce in France.

Posted in International/EU Privacy

WP 29 Opinion on Cloud Computing Issued

On the 1st July, the Article 29 data Protection Working Party adopted an opinion on cloud computing. The Working Party Opinion analyses the “hot topics” on data protection arising from cloud computing services .It also provides guidelines for providers of cloud computing services and their clients. The Opinion is summarized (and linked to) in this blog entry drafted by Hogan Lovells privacy lawyers in London and Madrid.

Posted in International/EU Privacy

Hogan Lovells White Paper on Governmental Access to Data in the Cloud Debunks Faulty Assumption That US Access is Unique

Hogan Lovells has published a White Paper with the results of a study about governmental access to data in the cloud around the world. The White Paper debunks the frequently-expressed assumption that the United States is alone in permitting governmental access to data for law enforcement or national security reasons. The White Paper concludes that businesses are misleading themselves and their customers if they believe that restricting Cloud service providers to one jurisdiction better insulates data from governmental access. It is incorrect to assume that the United States government’s access to data in the Cloud is greater than that of other advanced economies. The White Paper examines the laws of the ten countries, including the United States, with respect to governmental authorities’ ability to access data stored in or transmitted through the Cloud, and documents the similarities and differences among the various legal regimes. The paper was written by Christopher Wolf, co-director of Hogan Lovells’ Privacy and Information Management practice, and Paris Office partner Winston Maxwell. It was released today at a program presented by the Openforum Academy in Brussels at which both Wolf and Maxwell spoke. This blog post links to a copy of the White Paper and summarizes its findings.

Posted in International/EU Privacy

German DPAs Issue Rules for Cloud Computing Use

The German data protection authorities on September 26, 2011 adopted an “Orientation guide – cloud computing.” The guide sets out mandatory and recommended content for any agreement between German users of cloud computing services and cloud computing serving providers. It highlights the customer’s responsibility for full compliance with German data protection requirements for the cloud. Based on this orientation guide, customers and providers will have to review existing agreements in the German market.

Posted in International/EU Privacy, News & Events

Upcoming EU Cloud Strategy Announced: Application of Local Privacy Laws Remain an Issue, To Be Explored at IAPP Navigate on September 14

An announcement came this week from EC Digital Agenda VP Neelie Kroes of an EU Cloud Strategy (described in this blog entry), for which the former US CIO Vivek Kundra will be an advisor, and it once again raises questions about the application of the EU Directive in the cloud. This is an issue that will be explored through a Moot Court problem at IAPP’s Navigate in Dallas on September 14, also described and shared in this entry.