Download presentation
Presentation is loading. Please wait.
Published byRuth Morton Modified over 8 years ago
1
© 2009 Hogan & Hartson LLP. All rights reserved. ACCA-SoCal Chapter Roundtable “The Year that Privacy and Data Security Become Priority Risk Management Issues” January 27, 2010
2
2 © 2009 Hogan & Hartson LLP. All rights reserved. Panelists Jon Avila Vice President - Counsel, Chief Privacy Officer, The Walt Disney Company Neil O’Hanlon Partner, Hogan & Hartson LLP, Los Angeles Christopher Wolf Partner, Hogan & Hartson LLP, Washington, DC
3
3 © 2009 Hogan & Hartson LLP. All rights reserved. Agenda Welcome and Introduction An Overview of the Privacy and Data Security Legal Risks Faced by Business in 2010 The Perspectives of an In-House Privacy Professional Hot Topics in Privacy and Data Security Law Hypotheticals Question and Answer
4
4 © 2009 Hogan & Hartson LLP. All rights reserved. An Overview of the Privacy and Data Security Legal Risks Faced by Business in 2010 Privacy and data security risks for business include regulatory enforcement, litigation exposure, public embarrassment/loss of trust, and negative impact on the bottom line To understand why these risks exist (and are growing), need to understand the framework of privacy law in the United States Privacy is regulated at the federal, state and local levels And despite the absence of privacy protection per se in the United States Constitution, the California Constitution was amended to include privacy as an “inalienable right” Compliance in the United States is complicated, because ours is a patchwork quilt of regulation (cf. law in the European Union)
5
5 © 2009 Hogan & Hartson LLP. All rights reserved. The Evolution of Privacy Law Information privacy law in the modern era has been spurred by the advance of technology – Warren and Brandeis and the Right to Privacy – The Telephone and Wiretapping – Responses to the Rise of the Computer Fair Credit Reporting Act Family Educational Rights and Privacy Act of 1974 Foreign Intelligence Surveillance Act of 1978 Growth of Federal Privacy Protection in the 1980’s and 1990’s – Cable Act – Video Privacy Protection Act of 1988 – Telephone Consumer Protection Act of 1991 – Health Insurance Portability and Accountability Act of 1996 (HIPAA) – Children’s Online Privacy Protection Act of 1998 – Gramm Leach Bliley Act of 1999
6
6 © 2009 Hogan & Hartson LLP. All rights reserved. The Evolution of Privacy Law The First Decade of the 21 st Century – Fair and Accurate Credit Transactions Act of 2003 – National Do Not Call Registry – CAN-SPAM Act of 2003 The “Common Law” of Privacy – As developed at the FTC: vigorous enforcement of privacy promises and unfair data security practices – As not developed in litigation: private lawsuits thwarted due to lack of standing/lack of injury The States as Incubators of Privacy Law – Data security breach notification laws had their start in California and now exist in 45 states and in DC and territories – Regulation of data security is becoming more granular, e.g. Massachusetts 201 CMR 12:00, Nevada data security law
7
7 © 2009 Hogan & Hartson LLP. All rights reserved. The Evolution of Privacy Law The Second Decade of the Twenty-First Century – Is the self-regulatory model here to stay? Are notice and choice enough in our complex technological era? – The era of the Smart Grid: Will your power meter be spying on you? Was the FTC enforcement in the Sears case a harbinger of things to come? What will the outcome be of the FTC Privacy Roundtables? – How does “Cloud Computing” affect compliance with privacy and data security laws? – What will the rules be regarding online data collection to deliver tailored ads? – Will new rules emerge regarding retention of personal data? – Will the litigation dam be breached?
8
8 © 2009 Hogan & Hartson LLP. All rights reserved. Jon Avila, Vice President - Counsel, Chief Privacy Officer, The Walt Disney Company The Perspectives of an In-House Privacy Professional
9
9 © 2009 Hogan & Hartson LLP. All rights reserved. Hot Topics in Privacy and Data Security Law “Ripped from the headlines….”
10
10 © 2009 Hogan & Hartson LLP. All rights reserved. Workplace Issues including Employee Monitoring
11
11 © 2009 Hogan & Hartson LLP. All rights reserved. Employee Access to Data
12
12 © 2009 Hogan & Hartson LLP. All rights reserved. E-Discovery Issues
13
13 © 2009 Hogan & Hartson LLP. All rights reserved. Data Security Breach Developments
14
14 © 2009 Hogan & Hartson LLP. All rights reserved. Federal Data Security Law Coming?
15
15 © 2009 Hogan & Hartson LLP. All rights reserved. Red Flags Rule
16
16 © 2009 Hogan & Hartson LLP. All rights reserved. COPPA Enforcement
17
17 © 2009 Hogan & Hartson LLP. All rights reserved. Data Security Regulation
18
18 © 2009 Hogan & Hartson LLP. All rights reserved. Privilege Issues
19
19 © 2009 Hogan & Hartson LLP. All rights reserved. HIPAA Developments
20
20 © 2009 Hogan & Hartson LLP. All rights reserved. Developments in the EU
21
21 © 2009 Hogan & Hartson LLP. All rights reserved. Unmasking Anonymous Speakers
22
22 © 2009 Hogan & Hartson LLP. All rights reserved. Blogging Privacy vs. Disclosures
23
23 © 2009 Hogan & Hartson LLP. All rights reserved. Hypotheticals Salahi and Celebrity Surfing Steven Salahi was, until recently, a member of the IT staff at Party Crashers, Inc., a party planning company in Irvine. He was fired last week for “celebrity surfing” the company files – looking at contracts and event documents relating to parties hosted by famous people. Nothing in his job would require (or entitle) him to see these files normally. While his access to company systems was terminated immediately upon his discharge, it appears that Salahi used a “thumb drive” to download sensitive personnel information (including the salaries of top executives) and to take that information with him when he left. He gave it all back when caught. Corporate counsel now wants to do an investigation of any other misdeeds Salahi may have committed and has asked IT to look at Salahi’s work computer and, if possible, to access social networking sites and commercial e-mail sites (like Gmail) Salahi may have visited using the company computer. One additional fact: Salahi used his company computer to communicate via e-mail with his lawyer regarding an employment discrimination charge he was thinking of filing against the company. – What are the data security breach notification issues raised by this episode? – What right does the company have to do the kind of investigation corporate counsel wants to do? – What about the e-mail communications Salahi had with his lawyer?
24
24 © 2009 Hogan & Hartson LLP. All rights reserved. Hypotheticals Salahi Has Sued Following his termination, Salahi filed a charge with the EEOC for national origin discrimination, claiming that many employees “celebrity surf” the files at the company, but only he was disciplined, because of his Indian national origin. The EEOC has asked for all company files pertaining to employee discipline for celebrity surfing, and has threatened an administrative subpoena if voluntary cooperation is not provided. The company uses a cloud computing arrangement for the storage of its personnel records, and the servers with the required data are located in France – where the company also has offices and provides party planning services. What are the discovery and production issues presented by the EEOC request?
25
25 © 2009 Hogan & Hartson LLP. All rights reserved. Questions and Answers
26
26 © 2009 Hogan & Hartson LLP. All rights reserved. Abu Dhabi Baltimore Beijing Berlin Boulder Brussels Caracas Colorado Springs Denver Geneva Hong Kong Houston London Los Angeles Miami Moscow Munich New York Northern Virginia Paris Philadelphia San Francisco Shanghai Silicon Valley Tokyo Warsaw Washington, DC www.hhlaw.com For more information on Hogan & Hartson, please visit us at
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.