Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: cybersecurity

Posted in Cybersecurity & Data Breaches, Health Privacy/HIPAA

Proposed Changes to FDA Guidance for the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices: What you Should Know

On October 18, 2018, FDA issued a long-awaited draft revision to its existing guidance “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”(premarket cybersecurity guidance). This coincided with release of the FDA-supported incident preparedness and response playbook, the announcement of two new Information Sharing Analysis Organizations (ISAOs), and FDA’s recent news release discussing the agency’s enhanced cybersecurity partnership with the U.S. Department of Homeland Security (DHS) earlier this month. FDA’s recent flurry of activity focuses on providing additional clarity about when to interact with FDA, what information would be useful in submissions, and what level of documentation is expected. Cybersecurity clearly is a high priority issue for FDA and the agency is working hard to bring together stakeholders and provide the best information it can so that all entities that are involved in managing the multifaceted and evolving area of cybersecurity have the best and most current information to manage the risks of a cybersecurity intrusion.

Posted in Consumer Privacy

California Passes First-Of-Its-Kind Law Focused on Internet of Things Cybersecurity

Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. Starting on January 1, 2020, manufacturers of regulated connected devices are required to equip such devices with “reasonable security features” designed to protect a connected device and any information it holds from “unauthorized access, destruction, use, modification, or disclosure.” This legislation was prompted by what the bill’s sponsor viewed as a “lack of security features on internet connected devices undermin[ing] the privacy and security of California’s consumers.”

Posted in News & Events

Privacy and Cybersecurity October 2018 Events

Join us in October as we will discuss a number of topics including examining evolving issues regarding the California Consumer Privacy Act, the status of Asia-Pacific data protection regulation, how to prevent internal cybersecurity threats, and the implications of collecting workplace diversity data.

Posted in Consumer Privacy

National Science Foundation Seeks Comments on Artificial Intelligence, Continuing Policy Makers’ Focus on AI

The National Science Foundation is seeking public comment on US policy for artificial intelligence, according to the Federal Register Notice of Request for Information (RFI) filed in September 26, 2018.  Specifically, the RFI requests input from the public as to whether the National Artificial Intelligence Research and Development Strategic Plan (AI Strategic Plan) should be updated or improved.  Comments to the RFI are due to the National Science Foundation by October 26, 2018.

Posted in Consumer Privacy

California Consumer Privacy Act: The Challenge Ahead — Data Mapping and the CCPA

The California Consumer Privacy Act of 2018 (“CCPA”) provides a series of new compliance obligations and operational challenges for companies doing business in California. A vital first step for any company subject to the CCPA and looking to forge a practical path forward is to inventory the personal information (“PI”) that the company collects, stores, and shares with others. As part of our ongoing series on the CCPA and its implications, this post sets out key issues and questions to consider when contemplating a data mapping exercise.

Posted in Consumer Privacy

California Consumer Privacy Act: The Challenge Ahead — Introduction to Hogan Lovells’ Blog Series

We have heard the California Consumer Privacy Act of 2018 (CCPA) called many things since its enactment on June 28, 2018. Our experience to date has confirmed the compliance challenge ahead for organizations that engage with the residents of the world’s fifth-largest economy. We will explore the ramifications for businesses of this seminal legislation in this multi-part series, “The Challenge Ahead” authored by members of Hogan Lovells’ CCPA team. In this first installment, we describe recent activity to enact so-called “technical” amendments to the CCPA.

Posted in International/EU Privacy

Asia Pacific Data Protection and Cybersecurity Regulation: 2017 in Review and Looking Ahead to 2018

2017 was a momentous year for data protection and cyber security regulation globally, and it is noteworthy how significant the developments in the Asia-Pacific region were over the course of the year. Our Asia Pacific Data Protection and Cybersecurity Guide 2018: Shifting landscapes across the Asia-Pacific region provides an overview of regional developments in 2017 and what to look out for in 2018. It features a “heat map” comparing the regulatory environments in Asia’s key jurisdictions, individual country spotlights, and a guide with considerations for businesses setting up compliance programs.

Posted in International/EU Privacy

Hogan Lovells Updates Practical GDPR Guide

With the coming into effect of the GDPR on 25 May 2018, the modernisation of European privacy laws has reached a critical milestone. Hogan Lovells has updated our guide “Future-proofing privacy,” which aims to be a useful starting point for organisations seeking to understand the GDPR and comply with it. Twenty-four authors from 10 European Hogan Lovells offices have contributed their knowledge, efforts, and advice to compile a unique resource of practical guidance. We have identified the key issues and explained why they matter. Crucially, we have approached the new framework with a practical mindset, providing concrete suggestions for actions to take now.

Posted in Consumer Privacy

Straight Talks Podcast: Data Privacy and Cybersecurity in the Age of Rolling Smart Devices

The European Union’s General Data Protection Regulation is driving a regulatory wave to safeguard data against cyber attacks and privacy breaches, and the automobile industry will feel the impact. Autonomous and connected vehicles are essentially “rolling smart devices,” and as they enter the mainstream in the EU and United States, automakers are increasingly reliant on data for safe, efficient vehicle operations. But security and privacy concerns and penalties for regulatory noncompliance demand that manufacturers review their policies — and perspectives — on data storage and use. In this podcast, we will discuss how cybersecurity, data privacy, and ownership concerns are influencing the development of connected and autonomous vehicles.

Posted in News & Events

Privacy and Cybersecurity May 2018 Events

Join us this month as our Privacy and Cybersecurity team will discuss medical device cybersecurity preparedness and response, employee monitoring, IoT’s impact on health care, and key legal and compliance issues for insider threat programs.

Posted in Consumer Privacy

Is Artificial Intelligence the Ultimate Test for Privacy?

Nothing challenges the effectiveness of data protection law like technological innovation. You think you have cracked a technology neutral framework and then along comes the next evolutionary step in the chain to rock the boat. It happened with the cloud. It happened with social media, with mobile, with online behavioural targeting and with the Internet of Things. And from the combination of all of that, artificial intelligence is emerging as the new testing ground. 21st century artificial intelligence relies on machine learning, and machine learning relies on…? You guessed it: Data. Artificial intelligence is essentially about problem solving and for that we need data, as much data as possible. Against this background, data privacy and cybersecurity legal frameworks around the world are attempting to shape the use of that data in a way that achieves the best of all worlds: progress and protection for individuals. Is that realistically achievable?

Posted in Cybersecurity & Data Breaches, Privacy & Security Litigation

CPR Appoints New Cyber Panel Ahead of Anticipated Increase in Data Security Disputes

The International Institute for Conflict Prevention and Resolution, a New York-based organisation offering Alternative Dispute Resolution services, has recently announced the launch of a new specialised panel of neutrals, commissioned to deal with cybersecurity disputes. The Cyber Panel is composed of experts in cyber-related areas such as data breaches and subsequent insurance claims. In a press release, Noah Hanft, President of CPR, described the new panel as guiding the “critical effort” by businesses to “prevent and/or resolve cyber-related disputes in a manner that best protects operations, customers and reputation” due to attacks now occurring with increased frequency and sophistication.

Posted in Cybersecurity & Data Breaches

The FTC and Industry Propose Best Practices for IoT Security Updates

How do you ensure that an Internet-connected sensor or device—often inexpensive and designed for lifespans of up to 20 years or more—can be secured against not only the intrusions of today but also those of the future? This question has taken on new urgency as low-cost Internet-connected devices are increasingly being co-opted into massive networks, known as “botnets,” that are capable of causing widespread disruption.

Posted in Cybersecurity & Data Breaches

National Association of Corporate Directors Updates Cyber-Risk Oversight Handbook

Earlier this year, the National Association of Corporate Directors released an updated version of its Director’s Handbook on Cyber-Risk Oversight. The NACD’s issuance of an update to its Handbook in just three years signals that cybersecurity-related governance expectations of companies and directors are evolving. While the use of and compliance with the Handbook is not mandatory, the Handbook is influential in shaping governance practices and thus it is prudent for those involved in corporate governance to familiarize themselves with the changes.

Posted in Cybersecurity & Data Breaches

Malware Capable of Shutting Down Electric Grids Confirmed

Malware was recently identified that appears to have been designed and deployed by a nation-state to target and shut down electric grids. According to published reports, this malware currently appears to be capable of attacking the European grids, and parts of the Middle East and Asia grids, by targeting the specific industrial control system network protocols used to operate those grids. With small modifications, the malware reportedly also appears to be capable of attacking the North American power grid, as well as other industries that use ICS networks (e.g., oil, gas, water, data) around the globe. This post discusses the malware as well as vulnerability management.

Posted in Cybersecurity & Data Breaches

Federal Financial Institutions Examination Council Releases Updated Cybersecurity Assessment Tool

The Federal Financial Institutions Examination Council recently released an updated version of its Cybersecurity Assessment Tool, which, according to FFIEC, is designed to help the financial institutions voluntarily using the tool to “identify their cyber risks and determine their cybersecurity preparedness.” We explore the changes to the CAT in this post.

Posted in Consumer Privacy

Consumer Protection Enforcement is #trending: How to Avoid FTC and State Investigations, and What to do When You Get the Knock on the Door

Join us for a discussion of hot topics in Federal Trade Commission (FTC) and state consumer protection enforcement. Partners Bret Cohen, Meghan Rissmiller, and Steven Steinborn will cover recent developments and enforcement trends in data privacy/security, advertising/endorsements, and claim substantiation in practice before the FTC and state authorities.

Posted in News & Events

Upcoming Webinar on Cybersecurity & the Internet of Things

“Connected” products—not just traditional IT products—are increasingly subject to cyber attacks globally. The question companies are (and should be) asking is no longer whether there will be an attack involving Internet of Things devices and infrastructure, but when. Join us on May 24 for the third installment of our 2017 IoT webinar series and get practical guidance from our international team of cybersecurity lawyers, who will present key elements of Hogan Lovells’ well-received client workshop on this rapidly evolving topic.

Posted in International/EU Privacy

State of the Cyber Nation: UK Government Report on Cybersecurity Breaches

On 19 April 2017, the UK Government’s Department for Culture, Media and Sport (DCMS) published a report on cyber security breaches and how they affected UK companies in the last year. The report indicates that a number of UK companies have not implemented comprehensive cybersecurity policies or implemented strong safeguards to protect against cyber attacks. The General Data Protection Regulation — in particular the requirement to ensure all personal data is protected by appropriate technical and organisational measures — provides a real opportunity for any organisation to build a new cyber security strategy. Documenting the decisions taken on these measures will be useful for showing compliance with the new requirements for data protection by design and by default.