Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2009 Hogan & Hartson LLP. All rights reserved. ACCA-SoCal Chapter Roundtable “The Year that Privacy and Data Security Become Priority Risk Management.

Published byRuth Morton Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2009 Hogan & Hartson LLP. All rights reserved. ACCA-SoCal Chapter Roundtable “The Year that Privacy and Data Security Become Priority Risk Management."— Presentation transcript:

1 © 2009 Hogan & Hartson LLP. All rights reserved. ACCA-SoCal Chapter Roundtable “The Year that Privacy and Data Security Become Priority Risk Management Issues” January 27, 2010

2 2 © 2009 Hogan & Hartson LLP. All rights reserved. Panelists Jon Avila Vice President - Counsel, Chief Privacy Officer, The Walt Disney Company Neil O’Hanlon Partner, Hogan & Hartson LLP, Los Angeles Christopher Wolf Partner, Hogan & Hartson LLP, Washington, DC

3 3 © 2009 Hogan & Hartson LLP. All rights reserved. Agenda Welcome and Introduction An Overview of the Privacy and Data Security Legal Risks Faced by Business in 2010 The Perspectives of an In-House Privacy Professional Hot Topics in Privacy and Data Security Law Hypotheticals Question and Answer

4 4 © 2009 Hogan & Hartson LLP. All rights reserved. An Overview of the Privacy and Data Security Legal Risks Faced by Business in 2010 Privacy and data security risks for business include regulatory enforcement, litigation exposure, public embarrassment/loss of trust, and negative impact on the bottom line To understand why these risks exist (and are growing), need to understand the framework of privacy law in the United States Privacy is regulated at the federal, state and local levels And despite the absence of privacy protection per se in the United States Constitution, the California Constitution was amended to include privacy as an “inalienable right” Compliance in the United States is complicated, because ours is a patchwork quilt of regulation (cf. law in the European Union)

5 5 © 2009 Hogan & Hartson LLP. All rights reserved. The Evolution of Privacy Law Information privacy law in the modern era has been spurred by the advance of technology – Warren and Brandeis and the Right to Privacy – The Telephone and Wiretapping – Responses to the Rise of the Computer Fair Credit Reporting Act Family Educational Rights and Privacy Act of 1974 Foreign Intelligence Surveillance Act of 1978 Growth of Federal Privacy Protection in the 1980’s and 1990’s – Cable Act – Video Privacy Protection Act of 1988 – Telephone Consumer Protection Act of 1991 – Health Insurance Portability and Accountability Act of 1996 (HIPAA) – Children’s Online Privacy Protection Act of 1998 – Gramm Leach Bliley Act of 1999

6 6 © 2009 Hogan & Hartson LLP. All rights reserved. The Evolution of Privacy Law The First Decade of the 21 st Century – Fair and Accurate Credit Transactions Act of 2003 – National Do Not Call Registry – CAN-SPAM Act of 2003 The “Common Law” of Privacy – As developed at the FTC: vigorous enforcement of privacy promises and unfair data security practices – As not developed in litigation: private lawsuits thwarted due to lack of standing/lack of injury The States as Incubators of Privacy Law – Data security breach notification laws had their start in California and now exist in 45 states and in DC and territories – Regulation of data security is becoming more granular, e.g. Massachusetts 201 CMR 12:00, Nevada data security law

7 7 © 2009 Hogan & Hartson LLP. All rights reserved. The Evolution of Privacy Law The Second Decade of the Twenty-First Century – Is the self-regulatory model here to stay? Are notice and choice enough in our complex technological era? – The era of the Smart Grid: Will your power meter be spying on you? Was the FTC enforcement in the Sears case a harbinger of things to come? What will the outcome be of the FTC Privacy Roundtables? – How does “Cloud Computing” affect compliance with privacy and data security laws? – What will the rules be regarding online data collection to deliver tailored ads? – Will new rules emerge regarding retention of personal data? – Will the litigation dam be breached?

8 8 © 2009 Hogan & Hartson LLP. All rights reserved. Jon Avila, Vice President - Counsel, Chief Privacy Officer, The Walt Disney Company The Perspectives of an In-House Privacy Professional

9 9 © 2009 Hogan & Hartson LLP. All rights reserved. Hot Topics in Privacy and Data Security Law “Ripped from the headlines….”

10 10 © 2009 Hogan & Hartson LLP. All rights reserved. Workplace Issues including Employee Monitoring

11 11 © 2009 Hogan & Hartson LLP. All rights reserved. Employee Access to Data

12 12 © 2009 Hogan & Hartson LLP. All rights reserved. E-Discovery Issues

13 13 © 2009 Hogan & Hartson LLP. All rights reserved. Data Security Breach Developments

14 14 © 2009 Hogan & Hartson LLP. All rights reserved. Federal Data Security Law Coming?

15 15 © 2009 Hogan & Hartson LLP. All rights reserved. Red Flags Rule

16 16 © 2009 Hogan & Hartson LLP. All rights reserved. COPPA Enforcement

17 17 © 2009 Hogan & Hartson LLP. All rights reserved. Data Security Regulation

18 18 © 2009 Hogan & Hartson LLP. All rights reserved. Privilege Issues

19 19 © 2009 Hogan & Hartson LLP. All rights reserved. HIPAA Developments

20 20 © 2009 Hogan & Hartson LLP. All rights reserved. Developments in the EU

21 21 © 2009 Hogan & Hartson LLP. All rights reserved. Unmasking Anonymous Speakers

22 22 © 2009 Hogan & Hartson LLP. All rights reserved. Blogging Privacy vs. Disclosures

23 23 © 2009 Hogan & Hartson LLP. All rights reserved. Hypotheticals Salahi and Celebrity Surfing Steven Salahi was, until recently, a member of the IT staff at Party Crashers, Inc., a party planning company in Irvine. He was fired last week for “celebrity surfing” the company files – looking at contracts and event documents relating to parties hosted by famous people. Nothing in his job would require (or entitle) him to see these files normally. While his access to company systems was terminated immediately upon his discharge, it appears that Salahi used a “thumb drive” to download sensitive personnel information (including the salaries of top executives) and to take that information with him when he left. He gave it all back when caught. Corporate counsel now wants to do an investigation of any other misdeeds Salahi may have committed and has asked IT to look at Salahi’s work computer and, if possible, to access social networking sites and commercial e-mail sites (like Gmail) Salahi may have visited using the company computer. One additional fact: Salahi used his company computer to communicate via e-mail with his lawyer regarding an employment discrimination charge he was thinking of filing against the company. – What are the data security breach notification issues raised by this episode? – What right does the company have to do the kind of investigation corporate counsel wants to do? – What about the e-mail communications Salahi had with his lawyer?

24 24 © 2009 Hogan & Hartson LLP. All rights reserved. Hypotheticals Salahi Has Sued Following his termination, Salahi filed a charge with the EEOC for national origin discrimination, claiming that many employees “celebrity surf” the files at the company, but only he was disciplined, because of his Indian national origin. The EEOC has asked for all company files pertaining to employee discipline for celebrity surfing, and has threatened an administrative subpoena if voluntary cooperation is not provided. The company uses a cloud computing arrangement for the storage of its personnel records, and the servers with the required data are located in France – where the company also has offices and provides party planning services. What are the discovery and production issues presented by the EEOC request?

25 25 © 2009 Hogan & Hartson LLP. All rights reserved. Questions and Answers

26 26 © 2009 Hogan & Hartson LLP. All rights reserved. Abu Dhabi Baltimore Beijing Berlin Boulder Brussels Caracas Colorado Springs Denver Geneva Hong Kong Houston London Los Angeles Miami Moscow Munich New York Northern Virginia Paris Philadelphia San Francisco Shanghai Silicon Valley Tokyo Warsaw Washington, DC www.hhlaw.com For more information on Hogan & Hartson, please visit us at

Download ppt "© 2009 Hogan & Hartson LLP. All rights reserved. ACCA-SoCal Chapter Roundtable “The Year that Privacy and Data Security Become Priority Risk Management."

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
© Hogan & Hartson LLP. All rights reserved. Pharmaceutical Compliance Forum Clinical Trials Case Study Stephen J. Immelt Thursday, November 8, 2007.

© Hogan & Hartson LLP. All rights reserved. Pharmaceutical Compliance Forum Clinical Trials Case Study Stephen J. Immelt Thursday, November 8, 2007.
Workplace Investigations: How the Employer Should Do Them and How the Plaintiff Can React to Them Jennifer M. Trulock University of Houston Law Foundation.

Workplace Investigations: How the Employer Should Do Them and How the Plaintiff Can React to Them Jennifer M. Trulock University of Houston Law Foundation.
© 2009 Hogan & Hartson LLP. All rights reserved. Rebecca Armour April 2009 UK Rules on Corporate Expatriations Washington DC.

© 2009 Hogan & Hartson LLP. All rights reserved. Rebecca Armour April 2009 UK Rules on Corporate Expatriations Washington DC.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Art. 6 – 8 of the draft Unitary Patent Regulation Prof. Dr. Winfried Tilmann.

Art. 6 – 8 of the draft Unitary Patent Regulation Prof. Dr. Winfried Tilmann.
Confidentiality and HIPAA

Confidentiality and HIPAA
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
© Hogan & Hartson LLP. All rights reserved. NACD Capital Area Chapter Washington, DC September 9, 2008 Activist Hedge Funds in the Board Room: What Public.

© Hogan & Hartson LLP. All rights reserved. NACD Capital Area Chapter Washington, DC September 9, 2008 Activist Hedge Funds in the Board Room: What Public.
Page 1 Recording of this session via any media type is strictly prohibited. Page 1 Cyber as a Boardroom Issue Date: Wednesday, April 30, 2014 Time: 9:00.

Page 1 Recording of this session via any media type is strictly prohibited. Page 1 Cyber as a Boardroom Issue Date: Wednesday, April 30, 2014 Time: 9:00.
16 July 2011 The Business Case for Mediation (for “ICC Arbitration & Amicable Dispute Resolution – Focus on India”) Jonathan Leach, partner, Hogan Lovells.

16 July 2011 The Business Case for Mediation (for “ICC Arbitration & Amicable Dispute Resolution – Focus on India”) Jonathan Leach, partner, Hogan Lovells.
BGS Customer Relationship Management Chapter 13 Privacy and Ethics Considerations Chapter 13 Privacy and Ethics Considerations Thomson Publishing 2007.

BGS Customer Relationship Management Chapter 13 Privacy and Ethics Considerations Chapter 13 Privacy and Ethics Considerations Thomson Publishing 2007.
© 2009 Hogan & Hartson LLP. All rights reserved. Christopher G. Cwalina Vice President and Assistant General Counsel, Intersections Inc. Carol A. DiBattiste.

© 2009 Hogan & Hartson LLP. All rights reserved. Christopher G. Cwalina Vice President and Assistant General Counsel, Intersections Inc. Carol A. DiBattiste.
© 2013 Dechert LLP Defense Litigation Checklist September 26, 2013.

© 2013 Dechert LLP Defense Litigation Checklist September 26, 2013.
April 8, 2013 NPE litigation in Japan Activities and impact of FRAND commitments Eiichiro Kubota, Hogan Lovells Tokyo.

April 8, 2013 NPE litigation in Japan Activities and impact of FRAND commitments Eiichiro Kubota, Hogan Lovells Tokyo.
© 2009 Hogan & Hartson LLP. All rights reserved. Tuesday, October 6, 2009 11 AM – 12:30 PM EDT Webinar: Understanding the Legal Challenges of Cloud Computing.

© 2009 Hogan & Hartson LLP. All rights reserved. Tuesday, October 6, AM – 12:30 PM EDT Webinar: Understanding the Legal Challenges of Cloud Computing.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
January 2012 Workshop on competition law aspects International Legal Expert Meeting, 19-20 January 2012 Leiden University, The Netherlands Jacques Derenne.

January 2012 Workshop on competition law aspects International Legal Expert Meeting, January 2012 Leiden University, The Netherlands Jacques Derenne.

Similar presentations

Ads by Google