Please join us for our November 2016 Privacy and Cybersecurity Events.
Part 10 of Future-Proofing Privacy: Enforcement and the Risk of Non-Compliance. One of the major purposes of the Regulation is to ensure a consistent application of data protection law throughout the EU, not only to provide a high level of data protection but also to guarantee legal certainty for businesses when handling personal data. This has presented legislators with one of their biggest challenges: how to maintain the existing network of independent national DPAs, whilst ensuring that they promote a consistent interpretation of the Regulation and minimising the number of different DPAs which a controller has to deal with. It remains to be seen whether they have devised a workable solution.
Anyone reading this blog already knows that cybersecurity is a team sport. No longer does the IT security department bear sole responsibility for protecting a company’s data and systems. Today companies are setting up enterprise-wide councils to oversee cybersecurity that include lawyers, risk managers, technical professionals, and other leaders. And if a breach occurs, that […]
Spain is well known for having one of the most restrictive data protection regimes in the European Union. It also counts with some of the highest penalties (fines are up to € 600,000 per infringement), and a data protection authority – the Spanish Data Protection Agency – with a reputation for being one of the fiercest of the EU. Moreover, the penalties envisaged are not only on paper; they are applied on a regular basis by the AEPD. For instance, in the past few years, it has imposed fines of € 450,000, € 900,000 and € 1,400,000.
Earlier this month, the Payment Card Industry Security Standards Council (PCI SSC) released Version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS), which includes several enhanced security requirements that will affect how businesses protect payment card data in their systems. The updated standard calls upon businesses to take a more active role in security compliance. It also addresses several common vulnerabilities in the cardholder data environment, including weak passwords, fallible authentication methods, unpatched malware protection, and inadequate threat monitoring practices. The end result is a standard that gives businesses a clearer, yet more stringent, set of baseline requirements for protecting cardholder data. Compliance with Version 3.0 is required as of January 1, 2015, although some of the new requirements will not go into effect until July 1, 2015. Until then, they are recommended as best practices.
In the most significant change to HIPAA since the law was enacted, the Department of Health and Human Services issued an omnibus HIPAA regulation, which will require substantial operational changes for HIPAA covered entities and their business associates. Ten important changes are: Changes to the data breach rule will make more incidents reportable. Business associates are […]
France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), released on November 14, 2012 English-language versions of its compliance guides for businesses. The first guide, “Methodology for Privacy Risk Management”, provides a step-by-step guide for identifying risks and prioritising remedial actions. The second guide, “Measures for the Privacy Risk Treatment“, provides practical guidance on […]
Hogan Lovells privacy leader Chris Wolf has authored an article in Inside Counsel magazine, a journal providing insights for law department leaders. The piece is entitled “The Risks of Neglecting Privacy” and explains how privacy concerns likely will result in a stricter legal and regulatory framework, meaning that companies should act now to bolster consumer protection. This blog entry contains excerpts from and a link to the full article.
A financial services industry group recently released guidance on managing the risks associated with using social media such as Facebook and Twitter. The guidance, titled “Social Media Risks and Mitigation,” was released this week by BITS, a division of the Financial Services Roundtable, which represents 100 of the largest financial services companies. The guidance includes tips on managing numerous concerns specific to financial institutions, which are increasingly using social media in their marketing and customer relationship activities.
The FTC just unveiled an extremely useful web site with compliance tools that include a robust selection of privacy-related materials.