HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Blog Authors

Latest from HL Chronicle of Data Protection

Regulators provided key insights into enforcement trends and potential changes to HIPAA regulations at the 11th Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference in October co-hosted by the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services (HHS), Office for Civil Rights (OCR).…
The draft text of the EU-UK withdrawal agreement was published by the UK Government and the European Union yesterday, providing some of the first concrete indicators of the possible direction of travel in the area of data protection. Analysis of the text has barely started, but some of our initial conclusions are outlined below.…
On June 12, 2018, the Vietnamese National Assembly passed the Law on Cybersecurity (the “Cybersecurity Law“), which will take effect on January 1, 2019. Among other aims, the law seeks to regulate data processing methods of technology companies that operate in Vietnam and restrict the Internet connections of users who post “prohibited” content. The seemingly broad application of the law’s provisions understandably caused concern among foreign tech companies serving Vietnamese end-users with fears of mandatory…
On December 29, 2017, the Standardization Administration of China, jointly with the PRC General Administration of Quality Supervision, Inspection and Quarantine, issued the Information Security Technology – Personal Information Security Specification (GB/T 35273-2017, “Specification”), which officially came into effect on May 1, 2018. Although the Specification is only a recommended (as opposed to a mandatory) national standard, we have in the months since its introduction seen regulatory authorities in China point to the Standard as…
A U.S. court has recently ruled that an EU citizen’s privacy rights and the GDPR do not trump a U.S. litigant’s right to obtain discovery, including video-taped depositions. In d’Amico Dry d.a.c. v. Nikka Finance, Inc., CA 18-0284-KD-MU, Dkt. No. 140 (Adm. S.D. Ala. Oct. 19, 2018), a federal magistrate denied an EU citizen’s motion for protective order, holding that the deponent could not rely on EU privacy law to withhold consent to a…
Please join us for our November 2018 events. November 8 Cyber Risk Paul Otto will discuss cybersecurity risk assessment on the panel, “Evaluating ‘Reasonable’ Cyber Risk Using the Center for Internet Security Risk Assessment Method,” at the NIST Cybersecurity Risk Management Conference. Location: Baltimore, Maryland   November 8 Privacy Issues Mark Brennan will lead a discussion on privacy issues at the EEI’s Fall Cybersecurity Law Conference. Location: Phoenix, Arizona   November 8 Current State…
This is the seventh installment in Hogan Lovells’ series on the California Consumer Privacy Act. The application of the California Consumer Privacy Act of 2018 (“CCPA”) to employee data has been the subject of much debate since the first version of the bill was introduced on June 21, 2018 (just days prior to its enactment on June 28). Under a plain language reading of the CCPA, the law likely applies to employee data. However, it…
October is National Cybersecurity Awareness Month and the Food and Drug Administration (FDA or the agency) has been busy. On October 18, 2018, FDA issued a long-awaited draft revision to its existing guidance “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices“(premarket cybersecurity guidance). This coincided with release of the FDA-supported “Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook” for health delivery organizations (HDOs), the announcement of two…
On October 2, 2018, Hogan Lovells hosted the most recent installment in its Internet of Things Webinar (IoT) Series. Two of our experienced litigation partners, Christine Gateau in Paris and Michelle Kisloff in Washington DC, discussed current regulatory actions and cutting-edge IoT litigation debates in the U.S. and Europe, as well as litigation risks to keep in mind when designing IoT products. To hear more on this topic, please access the full webinar recording using…
Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. Starting on January 1, 2020, manufacturers of regulated connected devices are required to equip such devices with “reasonable security features” designed to protect a connected device and any information it holds from “unauthorized access, destruction, use, modification, or disclosure.” This legislation was prompted by what the bill’s sponsor viewed as…