© 2009 Hogan & Hartson LLP. All rights reserved. ACCA-SoCal Chapter Roundtable “The Year that Privacy and Data Security Become Priority Risk Management.

Slides:



Advertisements
Similar presentations
Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Advertisements

© Hogan & Hartson LLP. All rights reserved. Pharmaceutical Compliance Forum Clinical Trials Case Study Stephen J. Immelt Thursday, November 8, 2007.
Workplace Investigations: How the Employer Should Do Them and How the Plaintiff Can React to Them Jennifer M. Trulock University of Houston Law Foundation.
© 2009 Hogan & Hartson LLP. All rights reserved. Rebecca Armour April 2009 UK Rules on Corporate Expatriations Washington DC.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Art. 6 – 8 of the draft Unitary Patent Regulation Prof. Dr. Winfried Tilmann.
Confidentiality and HIPAA
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Springfield Technical Community College Security Awareness Training.
© Hogan & Hartson LLP. All rights reserved. NACD Capital Area Chapter Washington, DC September 9, 2008 Activist Hedge Funds in the Board Room: What Public.
Page 1 Recording of this session via any media type is strictly prohibited. Page 1 Cyber as a Boardroom Issue Date: Wednesday, April 30, 2014 Time: 9:00.
16 July 2011 The Business Case for Mediation (for “ICC Arbitration & Amicable Dispute Resolution – Focus on India”) Jonathan Leach, partner, Hogan Lovells.
BGS Customer Relationship Management Chapter 13 Privacy and Ethics Considerations Chapter 13 Privacy and Ethics Considerations Thomson Publishing 2007.
© 2009 Hogan & Hartson LLP. All rights reserved. Christopher G. Cwalina Vice President and Assistant General Counsel, Intersections Inc. Carol A. DiBattiste.
© 2013 Dechert LLP Defense Litigation Checklist September 26, 2013.
April 8, 2013 NPE litigation in Japan Activities and impact of FRAND commitments Eiichiro Kubota, Hogan Lovells Tokyo.
© 2009 Hogan & Hartson LLP. All rights reserved. Tuesday, October 6, AM – 12:30 PM EDT Webinar: Understanding the Legal Challenges of Cloud Computing.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
January 2012 Workshop on competition law aspects International Legal Expert Meeting, January 2012 Leiden University, The Netherlands Jacques Derenne.
Cyber Security Finance Forum 2012 Michael DuBose Managing Director & Practice Leader Cyber Investigations.
"The Role of Arbitration in the Dispensal of Justice" Does Arbitration Maintain the Advantages it Traditionally Enjoyed? Nathan Searle, Senior Associate.
© 2009 Hogan & Hartson LLP. All rights reserved. Joseph A. Levitt Hogan & Hartson April 21, 2009 FDA Regulation of Bottled Water An Overview.
EMPLOYEE USE OF COMPANY MONITORING & PRIVACY ISSUES.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
Nicolas Pourbaix, Senior Associate
Electronic Records Management: What Management Needs to Know May 2009.
January 2012 Workshop on Radio Frequencies International Legal Expert Meeting, January 2012 Leiden University, The Netherlands Gerry Oberst.
Protection of Intellectual Property in the Customs Union of Russia, Belarus and Kazakhstan By Natalia Gulyaeva.
27 October 2011 Competitive dialogue in UK PFI PPP Forum Perspective Andrew Briggs, Partner.
December 8, 2014 Healthcare/Privacy Current Law Affecting Uses of Health Data Melissa Bianchi Partner.
Hogan Lovells The solicitor's role Gathering the evidence –Disclosure in most cases: –Disclosure in most fraud cases: 1.
27 September 2013 Promoting Russia as a Seat of Arbitration: What Are the Best Ways Forward? Peter Pettibone.
© Hogan & Hartson LLP. All rights reserved. Transatlantic merger enforcement Catriona Hatton November 28, 2007 Brussels.
THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.
Attorney-Client Privilege and Privacy Considerations Between US Corporations & Foreign Affiliates General Counsel Conference, Washington, D.C. October.
Role of Lobbyists and Advocacy Strategy in Business Washington Campus Program January 8, 2009 Nicholas E. Calio Executive Vice President Global Government.
© Hogan & Hartson LLP. All rights reserved. Clinical Trials Track: Key Compliance Risks FDA Overview Meredith Manning November 8, 2007.
© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.
© Hogan & Hartson LLP. All rights reserved. Alice Valder Curran, Partner Tuesday, October 17, 2006 Private Prices, Public Markets: The Evolution of Price.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
Mutuals' Forum 2010 Regulators & Legislators: Appreciating the Mutual Difference John Gilbert, Consultant 4 November 2010.
© Hogan & Hartson LLP. All rights reserved. National Pharma Audioconference Bristol-Myers Squibb 2007 Settlement Stephen J. Immelt, Esq. November 26, 2007.
Alice Valder Curran, Partner October 28, 2008 Assessing Future Regulatory and Compliance Developments – The Current Landscape and Future Legislative Changes.
BEIJING BRUSSELS CHICAGO DALLAS FRANKFURT GENEVA HONG KONG LONDON LOS ANGELES NEW YORK SAN FRANCISCO SHANGHAI SINGAPORE TOKYO WASHINGTON, D.C. Dawn raids.
14.1 Chapter 14 Privacy © 2003 by West Legal Studies in Business/A Division of Thomson Learning.
Russian response to US sanctions: what has been done and what to expect? 14 August 2014.
McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 11 Employment Regulation and Labor Law.
Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.
November 2015 Presentation to South African Diamond Producers Organisation on Legal Liability Awareness – Introduction to the Mine Health & Safety Act.
Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here.
© Hogan & Hartson LLP. All rights reserved. Cartels Fines, Leniency, Settlement John Pheasant November 28, 2007 Brussels.
© Hogan & Hartson LLP. All rights reserved. Catriona Hatton, Partner 26 May 2008 Medical Device Companies Antitrust Compliance Programmes.
© Hogan & Hartson LLP. All rights reserved. Monopoly Power: Getting it and keeping it US Perspective Sharis Pozen, Partner ACCE Seminar 13 May 2008.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Privacy and Security Considerations in Research and Clinical Trials February 28, 2013 Joanna K. Napp, J.D., M.P.H. Chief Privacy Officer and Compliance.
“Kids First, New Mexico Wins!” NMPED Data Conference Spring 2016 Dan Hill General Counsel, Public Education Department Randi Johnson General Counsel, State.
New Hire HIPAA Orientation. HIPAA Overview HIPAA is an acronym that stands for the Health Insurance Portability and Accountability Act of HIPAA.
The Health Insurance Portability and Accountability Act (HIPAA) requires Plumas County to train all employees in covered departments about the County’s.
6 October 2016 Social media: do you have the right social media strategy that will impact your business’ growth? - Legal and Regulatory Issues William.
Blockchain – The Next Great Disruptor?
FSMA Enforcement: Focus on Inspections
Red Flags Rule An Introduction County College of Morris
Current Privacy Issues That May Affect Your Credit Union
Employee Privacy and Privacy of Employee Information
Single Firm Conduct: EU / US convergences and divergences
Managing Privacy Risk in Your Commercial Practices
Presentation transcript:

© 2009 Hogan & Hartson LLP. All rights reserved. ACCA-SoCal Chapter Roundtable “The Year that Privacy and Data Security Become Priority Risk Management Issues” January 27, 2010

2 © 2009 Hogan & Hartson LLP. All rights reserved. Panelists Jon Avila Vice President - Counsel, Chief Privacy Officer, The Walt Disney Company Neil O’Hanlon Partner, Hogan & Hartson LLP, Los Angeles Christopher Wolf Partner, Hogan & Hartson LLP, Washington, DC

3 © 2009 Hogan & Hartson LLP. All rights reserved. Agenda Welcome and Introduction An Overview of the Privacy and Data Security Legal Risks Faced by Business in 2010 The Perspectives of an In-House Privacy Professional Hot Topics in Privacy and Data Security Law Hypotheticals Question and Answer

4 © 2009 Hogan & Hartson LLP. All rights reserved. An Overview of the Privacy and Data Security Legal Risks Faced by Business in 2010 Privacy and data security risks for business include regulatory enforcement, litigation exposure, public embarrassment/loss of trust, and negative impact on the bottom line To understand why these risks exist (and are growing), need to understand the framework of privacy law in the United States Privacy is regulated at the federal, state and local levels And despite the absence of privacy protection per se in the United States Constitution, the California Constitution was amended to include privacy as an “inalienable right” Compliance in the United States is complicated, because ours is a patchwork quilt of regulation (cf. law in the European Union)

5 © 2009 Hogan & Hartson LLP. All rights reserved. The Evolution of Privacy Law Information privacy law in the modern era has been spurred by the advance of technology – Warren and Brandeis and the Right to Privacy – The Telephone and Wiretapping – Responses to the Rise of the Computer Fair Credit Reporting Act Family Educational Rights and Privacy Act of 1974 Foreign Intelligence Surveillance Act of 1978 Growth of Federal Privacy Protection in the 1980’s and 1990’s – Cable Act – Video Privacy Protection Act of 1988 – Telephone Consumer Protection Act of 1991 – Health Insurance Portability and Accountability Act of 1996 (HIPAA) – Children’s Online Privacy Protection Act of 1998 – Gramm Leach Bliley Act of 1999

6 © 2009 Hogan & Hartson LLP. All rights reserved. The Evolution of Privacy Law The First Decade of the 21 st Century – Fair and Accurate Credit Transactions Act of 2003 – National Do Not Call Registry – CAN-SPAM Act of 2003 The “Common Law” of Privacy – As developed at the FTC: vigorous enforcement of privacy promises and unfair data security practices – As not developed in litigation: private lawsuits thwarted due to lack of standing/lack of injury The States as Incubators of Privacy Law – Data security breach notification laws had their start in California and now exist in 45 states and in DC and territories – Regulation of data security is becoming more granular, e.g. Massachusetts 201 CMR 12:00, Nevada data security law

7 © 2009 Hogan & Hartson LLP. All rights reserved. The Evolution of Privacy Law The Second Decade of the Twenty-First Century – Is the self-regulatory model here to stay? Are notice and choice enough in our complex technological era? – The era of the Smart Grid: Will your power meter be spying on you? Was the FTC enforcement in the Sears case a harbinger of things to come? What will the outcome be of the FTC Privacy Roundtables? – How does “Cloud Computing” affect compliance with privacy and data security laws? – What will the rules be regarding online data collection to deliver tailored ads? – Will new rules emerge regarding retention of personal data? – Will the litigation dam be breached?

8 © 2009 Hogan & Hartson LLP. All rights reserved. Jon Avila, Vice President - Counsel, Chief Privacy Officer, The Walt Disney Company The Perspectives of an In-House Privacy Professional

9 © 2009 Hogan & Hartson LLP. All rights reserved. Hot Topics in Privacy and Data Security Law “Ripped from the headlines….”

10 © 2009 Hogan & Hartson LLP. All rights reserved. Workplace Issues including Employee Monitoring

11 © 2009 Hogan & Hartson LLP. All rights reserved. Employee Access to Data

12 © 2009 Hogan & Hartson LLP. All rights reserved. E-Discovery Issues

13 © 2009 Hogan & Hartson LLP. All rights reserved. Data Security Breach Developments

14 © 2009 Hogan & Hartson LLP. All rights reserved. Federal Data Security Law Coming?

15 © 2009 Hogan & Hartson LLP. All rights reserved. Red Flags Rule

16 © 2009 Hogan & Hartson LLP. All rights reserved. COPPA Enforcement

17 © 2009 Hogan & Hartson LLP. All rights reserved. Data Security Regulation

18 © 2009 Hogan & Hartson LLP. All rights reserved. Privilege Issues

19 © 2009 Hogan & Hartson LLP. All rights reserved. HIPAA Developments

20 © 2009 Hogan & Hartson LLP. All rights reserved. Developments in the EU

21 © 2009 Hogan & Hartson LLP. All rights reserved. Unmasking Anonymous Speakers

22 © 2009 Hogan & Hartson LLP. All rights reserved. Blogging Privacy vs. Disclosures

23 © 2009 Hogan & Hartson LLP. All rights reserved. Hypotheticals Salahi and Celebrity Surfing Steven Salahi was, until recently, a member of the IT staff at Party Crashers, Inc., a party planning company in Irvine. He was fired last week for “celebrity surfing” the company files – looking at contracts and event documents relating to parties hosted by famous people. Nothing in his job would require (or entitle) him to see these files normally. While his access to company systems was terminated immediately upon his discharge, it appears that Salahi used a “thumb drive” to download sensitive personnel information (including the salaries of top executives) and to take that information with him when he left. He gave it all back when caught. Corporate counsel now wants to do an investigation of any other misdeeds Salahi may have committed and has asked IT to look at Salahi’s work computer and, if possible, to access social networking sites and commercial sites (like Gmail) Salahi may have visited using the company computer. One additional fact: Salahi used his company computer to communicate via with his lawyer regarding an employment discrimination charge he was thinking of filing against the company. – What are the data security breach notification issues raised by this episode? – What right does the company have to do the kind of investigation corporate counsel wants to do? – What about the communications Salahi had with his lawyer?

24 © 2009 Hogan & Hartson LLP. All rights reserved. Hypotheticals Salahi Has Sued Following his termination, Salahi filed a charge with the EEOC for national origin discrimination, claiming that many employees “celebrity surf” the files at the company, but only he was disciplined, because of his Indian national origin. The EEOC has asked for all company files pertaining to employee discipline for celebrity surfing, and has threatened an administrative subpoena if voluntary cooperation is not provided. The company uses a cloud computing arrangement for the storage of its personnel records, and the servers with the required data are located in France – where the company also has offices and provides party planning services. What are the discovery and production issues presented by the EEOC request?

25 © 2009 Hogan & Hartson LLP. All rights reserved. Questions and Answers

26 © 2009 Hogan & Hartson LLP. All rights reserved. Abu Dhabi Baltimore Beijing Berlin Boulder Brussels Caracas Colorado Springs Denver Geneva Hong Kong Houston London Los Angeles Miami Moscow Munich New York Northern Virginia Paris Philadelphia San Francisco Shanghai Silicon Valley Tokyo Warsaw Washington, DC For more information on Hogan & Hartson, please visit us at

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.