The Data Chronicles will provide:
In-depth Insights: Our videos and podcasts feature interviews hosted by Scott Loughlin, co-lead of the privacy and security group, with leading privacy, cybersecurity, data and other professionals at the forefront of their fields. We’ll share their insights, experience, and practices related to legal issues that cut across legal disciplines, geographies and regulatory regimes.
Trending Topics: Stay up-to-date with the latest developments in privacy, data protection, cybersecurity, data challenges, and emerging technologies. We analyze the implications of these trends and offer insight useful to you and your organization.
Season 2
Building the AI lawyer skillset – AI is now a competition issue
Predictions are that artificial intelligence will intersect with virtually every aspect of our lives and seemingly its impacting every legal discipline. With the issues so widespread and varied, AI lawyers seemingly need to know how to issue spot everything. Is that even possible? In this episode of The Data Chronicles, we examine relationship between US antitrust law and AI. Host Scott Loughlin leads the conversation with special guests Edith Ramirez, partner at Hogan Lovells and former chairwoman of the Federal Trade Commission (FTC), and Chris Fitzpatrick, senior associate at the firm. Together, they explore how AI is transforming market dynamics and how regulators see AI triggering antitrust legal concerns and obligations.
Maryland's comprehensive data privacy bill
Did you miss our analysis of the Maryland comprehensive privacy bill? If you prefer a quick podcast discussion, we have that too. Join Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, and Hogan Lovells associate Harsimar Dhanoa in a rapid reaction episode discussing the newly passed bill.
The EU AI Act I What you need to know
In this episode of The Data Chronicles, we dive into the groundbreaking legislation of the European Union (EU) Artificial Intelligence (AI) Act. With artificial intelligence increasingly permeating various aspects of our lives, regulating its development and deployment has become the focus of many policymakers. Host Scott Loughlin is joined by Hogan Lovells partner and co-lead of the Privacy and Cybersecurity practice, Eduardo Ustaran, to break down the key components of the EU AI Act and explore its objectives, scope, and implications for businesses around the world. Through tactical insights and analysis, we aim to shed light on how this legislation is shaping the future of artificial intelligence in Europe and beyond.
(Human) AI lawyers I A new legal discipline?
Is AI law a new legal discipline for lawyer specialization? The Data Chronicles is interested in knowing the answer. In this episode, host Scott Loughlin is joined by two AI attorneys, Tiffany Georgievski, AI, Data Privacy and IP attorney with SonyAI, and Peter Tsapatsaris, lead counsel of AI at Salesforce, as they discuss the role of an AI attorney, the essential skillset required for success, and whether AI law should be new category for the legal bar.
White House Executive Order introduces restrictions on U.S. data transfers
Host Scott Loughlin and Hogan Lovells partner James Denvil examine the recent Executive Order (EO) issued by the Biden Administration. Designed to limit access by countries of concern, including China, to personal data of Americans, this EO marks a significant development in cross-border data protection policy. Together, Scott and James explore the implications of the EO, shedding light on its potential impact on the digital ecosystem and how this game-changer in data governance will have far-reaching effects and challenges for businesses operating in the digital landscape.
Cookie consent in the EU | What you need to know
In this episode of The Data Chronicles, we exam complex legal frameworks for website cookies in the EU. Cookies, those little bits of data stored on our devices, play a significant role in shaping our online experiences, from personalization to tracking user behavior. However, with great power comes great responsibility, and cookies have found themselves at the center of various privacy and compliance debates relating to their lawful use. Host Scott Loughlin is joined by Hogan Lovells partners, Joke Bodewits and Gonzalo Gallego as they highlight the functionality, legality, and future implementation of regulations surrounding cookies in the EU.
Scraping the surface | What you need to know about data scraping
Data scraping, the automated extraction of information from websites, has become a ubiquitous practice in today's data-driven world. However, as organizations harness the power of scraped data to gain insights and drive innovation, questions arise regarding its ethical and legal implications. In this episode of The Data Chronicles, host Scott Loughlin is joined by Hogan Lovells partner Eduardo Ustaran, counsel Lauren Cury, and senior associate Alyssa Golay as they delve into the realm of intellectual property (IP) and privacy. As the appetite for data grows, so do concerns at safeguarding privacy and IP rights in an increasingly digitized world.
Privacy in the granite state | New Hampshire's upcoming privacy law
Live free or die can now can be applied to consumer privacy. New Hampshire is the latest state to pass comprehensive consumer privacy legislation. Listen in to join host Scott Loughlin and Hogan Lovells associate Harsimar Dhanoa for a rapid-fire analysis of the newly passed bill.
Health privacy | New state consumer health privacy laws
Several states have passed consumer health privacy laws that include unique obligations for a wide array of health-related data. In this episode, host Scott Loughlin is joined by Hogan Lovells counsel Donald DePass and associate Paige Papandrea to discuss the background of these laws, what requirements and trends are in motion, and the challenges that await.
Health privacy | Geofencing
In the post-Dobbs era, concerns have arisen regarding the potential for organizations or governments to gather data from smartphones, revealing information about individuals' visits to medical facilities. Join host Scott Loughlin in this episode as he delves into the pressing issue of geofencing with Hogan Lovells associate, Paige Papandrea. Together, they navigate through the landscape of emerging state laws concerning health privacy and explore the jurisdictions where these laws are emerging, and provide insights into the implications these new requirements hold for organizations navigating the intricacies of health data privacy.
Research data in the EU | Challenges and opportunities
Navigating the intricacies around the secondary use of research data in the European Union (EU) can be daunting. Building upon a previous episode on this subject under U.S. law, in this episode we delve into the EU regulatory landscape governing data usage in research. Scott Loughlin is joined by Hogan Lovells partner, Patrice Navarro, to unravel the complexities, shedding light on the nuanced rules governing data collection and its secondary use for research.
AI governance | What you need to know
Companies are excited about AI and the many benefits it can offer. Meanwhile, the many risks are real and legal teams are looking for ways to manage them. What’s the answer? It starts with AI governance, and that’s the focus of this episode of the Data Chronicles podcast. Host Scott Loughlin is joined by Kimberly Zink, a privacy professional with a long history in leading privacy, data governance and, now, AI teams. Together, they explore how businesses and their legal advisors can transition from merely assessing risks to actively addressing them at scale, including the establishment of the right internal infrastructure and processes to make responsible and risk-based use of AI.
Data protection in Africa
With more than 30 African countries adopting data protection legal frameworks and the rapid development of privacy laws in the Middle East, organizations operating in the Middle East and African (MEA) region need to understand their obligations and compliance risks. On this episode of the Data Chronicles, host Scott Loughlin is joined by Hogan Lovells Senior Associate, Aissatou Sylla, to discuss the general overview for the data protection laws in place in the MEA region, highlight the key privacy considerations and obligations and spotlight enforcement trends for each jurisdiction with respect to consent, direct marketing, DPA registration, data transfers, localization, sensitive data, children's data, breach notification requirements, and more.
Rapid Alert | Responding to zero day found in popular VPN software
Addressing zero-day security vulnerabilities requires fast work. In this 10-minute episode, we highlight a newly announced vulnerability in Ivanti's Connect Secure VPN software that has the government and cyber professionals concerned. Since recording on January 15, 2024, this dynamic threat has rapidly evolved. Professionals report the potential for multiple waves of attempted exploitation. The Data Chronicles is here to help and provide you what you need to know to take action. Host Scott Loughlin is joined by Charles Carmakal, Chief Technology Officer at Mandiant, a prominent cybersecurity firm to discuss the vulnerability, the nature of the threat and immediate mitigation steps.
New Jersey's expected comprehensive privacy bill – instant reactions
Did you miss our analysis of the comprehensive New Jersey consumer privacy bill? If you prefer a quick podcast discussion, we have that too. Join Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, and Hogan Lovells associate Harsimar Dhanoa in a quick reaction episode of The Data Chronicles. They discuss the bill, what’s new, what’s the same, what’s different and what you need to know.
Conducting secondary use of research data in the U.S.
Researchers and sponsors often want to use data from research studies for research not necessarily contemplated in the protocol or informed consent from the study. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, is joined by counsel Melissa Levine to discuss the complex interaction of U.S. federal and state research and privacy laws that affect the secondary use of research data. They tackle what organizations should consider when evaluating whether to proceed with a secondary research use, the compliance considerations, and approaches to obtaining consent for secondary use from the start of the study and ways to mitigate risk when the consent obtained does not cover the intended secondary uses.
Season 1
The predictions episode
In the final episode of season 1, Scott Loughlin and Eduardo Ustaran, co-leads of the Privacy and Cybersecurity practice discuss their privacy and cybersecurity predictions for 2024 in the EU and US. Among trending topics such as generative AI and automated decisionmaking, they touch on the use of technology for employee monitoring, the evolution of international data transfers, the intersection of data security and antitrust, and cybersecurity vulnerabilities in the supply chain. Scott and Eduardo share their forecast on enforcement trends, sensitive data, and privacy and cybersecurity litigation, arising from the delayed discovery of how the internet works.
The DSA's impact on the future of data regulation in Europe
Novel in design and comprehensive in scope, the Digital Services Act is a major reform package that will regulate all online intermediary businesses offering services to EU users starting in 2024. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, is joined by partner Anthonia Ghalamkarizadeh to discuss the new compliance obligations online marketplaces, social media sites, app stores, search engines, and other services hosting and/or disseminating user generated / third party content will be made subject to. They discuss what digital platforms should know as the law matures and starts to take a more broad effect on data regulation in Europe.
Insider Threats | Conducting an investigation from a global perspective
Insider threat remains one of the most challenging cybersecurity issues companies face today. Over the course of this new Data Chronicles series, Hogan Lovells colleagues from across of our firm practice groups will share insights garnered from deep experience working on insider threat investigations and discuss key issues touching everything from privacy and cybersecurity to employment and IP. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, and Hogan Lovells partner Christine Gateau and senior associate Dr. Thore Feil discuss what is unique about conducting an insider threat investigation, particularly with respect to global approaches and different jurisdictional sensitivities.
Insider Threats | Conducting an investigation from a U.S. perspective
Insider threat remains one of the most challenging cybersecurity issues companies face today. Over the course of this new Data Chronicles series, Hogan Lovells colleagues from across of our firm practice groups will share insights garnered from deep experience working on insider threat investigations and discuss key issues touching everything from privacy and cybersecurity to employment and IP. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, and partner Vassi Iliadis and counsel Adam Cooke delve into the differences and difficulties that come with conducting an insider threat investigation from a U.S. perspective, touching on attorney-client privilege, key stakeholders, and more.
The U.S. health privacy landscape
This special episode, originally recorded at this year’s CAQH Connect conference, features a conversation on the hotlist of issues that touched the health data environment in 2023. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, sits down with partner, co-founder of the Hogan Lovells Privacy and Cybersecurity practice, and former lead lawyer in the development of HIPAA regulations, Marcy Wilder. Together, they discuss the complex U.S. health privacy landscape, the changing enforcement environment, the use of generative AI in the health care sector, and the rise of ransomware and extortion cybersecurity incidents.
President Biden’s AI Executive Order | What you need to know
The Biden Administration has issued an extensive Executive Order establishing new standards for artificial intelligence (AI) safety and security. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, is joined by Mark Brennan, lead of the Hogan Lovells Technology and Telecoms sector group, and Harsimar Dhanoa, associate in the Privacy and Cybersecurity practice, to discuss the landmark efforts made by the White House as part of a comprehensive U.S. strategy for responsible AI innovation. The episode covers how this EO and other shifting frameworks will impact both developers and users of AI, how organizations can start preparing today, and what the future of AI regulation may look like.
Implementing governance | What companies and their boards need to know
In this episode, we delve into the realm of cybersecurity, with a particular focus on the concept of cybersecurity governance. Cybersecurity governance entails managing the human elements within organizations, uniting multiple departments, diverse personalities, and various dynamics to address a common challenge. Scott Loughlin, co-lead of the Hogan Lovells Privacy & Cybersecurity practice, is accompanied by Mike Priest, Chief Information Security Officer at Globe Life, and Jason Fruge, former Chief Information Security Officer at Upbound Group. Together, they explore various guidance documents, frameworks and methods through which cybersecurity professionals can deliver significant value to their executive teams and their boards.
Data, innovation, and tech in public spaces
In this episode we embark on a fascinating journey into the heart of Miami, where innovative technology and data-driven insights are transforming the urban landscape. The Underline, a 10-mile linear park designed by the world-renowned architects of New York’s High Line, is redefining Miami's public spaces and connectivity, transforming the city's underutilized spaces into vibrant, green, and connected corridors. Scott Loughlin, co-lead of the Hogan Lovells Privacy & Cybersecurity practice, is joined by Hogan Lovells Counsel and Pro Bono Counsel to The Underline, Daniel Balmori, and The Underline's Chief Innovation Officer, Jake Moskowitz, to discuss how data and technology can shape a more connected, sustainable, and inclusive city.
Insider Threats | The start
Insider threat remains one of the most challenging cybersecurity issues companies face today. Over the course of this new Data Chronicles series, Hogan Lovells colleagues from across of our firm practice groups will share insights garnered from deep experience working on insider threat investigations and discuss key issues touching everything from privacy and cybersecurity to employment and IP. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, discusses with Hogan Lovells partners James Denvil and David Sharfstein, and senior associate, Alicia Paller, how to kick off an insider threat investigation and factors companies should keep in mind.
Insider Threats | The overview
Insider threat remains one of the most challenging cybersecurity issues companies face today. Over the course of this new Data Chronicles series, Hogan Lovells colleagues from across of our firm practice groups will share insights garnered from deep experience working on insider threat investigations and discuss key issues touching everything from privacy and cybersecurity to employment and IP. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, and Hogan Lovells partners Pete Marta and Stephanie Yonekura lay the foundation for how insider threats may present within organizations and how companies may prepare to mitigate the associated risks.
CCPA draft regulations | Part 2: Cybersecurity audits
In our second installment of our two-part series, we discuss the proposed rules issued by the California Privacy Protection Agency (the CPPA) focusing on cybersecurity and the requirement to conduct cybersecurity assessments. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, is joined by Hogan Lovells associates Dan Ongaro and Alaa Salaheldin as they explore the implications these cybersecurity requirements will have on data professionals, businesses, as well as corporate boards.
CCPA draft regulations | Part 1: Risk assessments
In September, the Board of the California Privacy Protection Agency (CPPA) announced the first public drafts of two forthcoming sets of regulations relating to the California Consumer Privacy Act and California Privacy Rights Act. These “discussion” drafts focus on new requirements related to cybersecurity audits, privacy risk assessments, AI, and automated decision-making. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, is joined by Hogan Lovells senior associate Aaron Lariviere to explain the context for the draft regulations, to walk through key features of the privacy risk assessment regulations, and to explore the potential impacts these regulations will have for businesses.
The role of Data Protection Officers from a European perspective
The role of a Data Protection Officer (DPO) has been well-known under data protection laws in Europe, currently under the EU GDPR, and prior to that, the EU Data Protection Directive. The role goes as far back as the 1970s, however, despite its established history, numerous questions continue to revolve around the responsibilities of a DPO. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, sits down with Hogan Lovells partner Christian Tinnefeld to discuss the ever-evolving role of a DPO and provide some practical tips for those serving in the function.
The False Claims Act & cybersecurity
In this episode of The Data Chronicles, we delve into the emerging realm of cyber risk and liability and its connection to the False Claims Act. Join us as Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, engages in a conversation with Hogan Lovells partner Mike Scheimer and counsel Stacy Hadeka. Together, they explore the implications when organizations holding government contracts face allegations of breaching their cybersecurity commitments. Discover why this is a vital concern, particularly for defense contractors, universities, and any entity providing products and services to the United States Government receiving CUI or subject to unique cybersecurity requirements such as CMMC.
Meeting the mark | FCC proposed cybersecurity labeling program for IoT devices
The Federal Communications Commission (FCC) has proposed a voluntary cybersecurity labeling program to address unique cybersecurity concerns associated with the growing number of Internet of Things (IoT) devices. Against the backdrop of the FCC’s Notice of Proposed Rulemaking (NPRM), Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, discusses with Hogan Lovells partners Ari Fitzgerald and Katy Milner the scope of the FCC’s proposed program (covering everything from mobile phones and computers to Internet-connected refrigerators, cars, and speakers) and how manufacturers of these devices should be thinking about the new requirements.
Data breach litigation | Navigating arbitration risk
In the second installment of our two-episode series, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, interviews Hogan Lovells litigation partner Vassi Iliadis and associate Laura Penaranda for an in-depth discussion on arbitration risks and class action waivers. They delve into the effects these provisions have on consumer-facing companies after a data security issue, resulting in an increase in arbitration demands due to clauses that are included in common terms of use contracts. The discussion provides an overview of arbitration risks, the impact of mass arbitration, and what companies should consider when revising their arbitration agreements.
Burning issues | Understanding SEC's cybersecurity rules
This episode explores the recently adopted rules from the U.S. Securities and Exchange Commission (SEC) on cybersecurity disclosures for publicly traded companies. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, chats with Hogan Lovells partners John Beckman, Allison Holt Ryan, and Paul Otto as they uncover key elements of these rule changes, including enhanced disclosure requirements for certain cybersecurity incidents, cyber risk management expectations, and updated processes for cybersecurity oversight and reporting.
Data breach litigation | Navigating the shifting landscape
In today's digital age, the challenges of cybersecurity are increasing and evolving. When a data breach happens, the legal aftermath can be both complex and costly. In the first installment of a two part series, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, interviews Hogan Lovells litigation partner Allison Holt Ryan and counsel Adam Cooke as they discuss the ins and outs of data breach litigation, focusing on the current environment, a recent Fourth Circuit decision and its implications, and steps businesses can consider as they work to mitigate data breach litigation risk.
The Data Privacy Framework | Importer’s perspective
The European Commission’s adoption of its adequacy decision for the EU-U.S. Data Privacy Framework cleared the way for U.S.-based entities to certify their participation and begin importing EU personal data. In this second installment of a two-episode series, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, chats with U.S.-based colleagues, partner Bret Cohen, and senior associates Julian Flamant and Natalie Perez, to discuss the history of Trans-Atlantic data flows and unpack how U.S. importers can leverage the Framework.
FTC's proposed changes highlight heightened scrutiny of health & wellness tech
The explosive growth of direct-to-consumer health and wellness technologies that increase the amount of health data collected from consumers has triggered further action by state legislators and federal regulators. Scott Loughlin, co-lead of the Privacy and Cybersecurity practice, is joined by Hogan Lovells senior associate Alyssa Golay and associate Fleur Oké to discuss the proposed changes to the FTC’s Health Breach Notification Rule (HBNR), recent enforcement actions, regulator guidance, and what these actions mean for health and wellness technologies and their use of consumer data.
Initial reactions to India’s new Digital Personal Data Protection Bill
India will have a new comprehensive privacy law, which will shake up the data protection world in the region and require companies to rethink their global privacy compliance programs. In this episode, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice is joined by Stephen Mathias, Partner and Co-Chair of the Technology Practice at Kochhar & Co, a leading law firm in India, to discuss the new law, which is named the Digital Personal Data Protection Bill 2023 (DPDPB). Scott and Stephen go into detail regarding the DPDPB’s areas of focus, how it compares to the GDPR, and what significant obligations and ramifications the bill has for global compliance programs and those who oversee them.
The early days of privacy law and an outlook for the future
In this episode, Scott Loughlin, co-lead of the Privacy and Cybersecurity practice, is joined by senior counsel and co-founder of the Hogan Lovells Privacy and Cybersecurity practice, Christopher Wolf, for a discussion the beginnings of privacy law. Chris details how he, along with other key originators, drove the creation of privacy as a distinct legal practice area. He provides great insight on the evolution of the industry, and more importantly, his forecast on where privacy is headed and what new attorneys or law students should know as they consider a focused practice in privacy.
The FCC’s role in privacy & cybersecurity law
This episode explores the launch of the Federal Communications Commission (FCC) first-ever privacy and data protection task force, developed to address broader data privacy concerns. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, hosts a discussion with Hogan Lovells partner Katy Milner and senior counsel Charles Mathias regarding the creation of the task force and what this means for the future of privacy regulation and oversight in the telecommunications industry and beyond.
The Data Privacy Framework | Exporter's perspective
Earlier in July, the European Commission adopted its eagerly anticipated adequacy decision on international data transfers under the EU-U.S. Data Privacy Framework. The adequacy decision was preceded by substantial changes to U.S. intelligence-gathering requirements that have cleared the path for transfers of EU personal data. In the first installment of a two part series, Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, interviews Hogan Lovells partner Eduardo Ustaran and senior associate Julie Schwartz highlighting what the adequacy decision means for EU-based data exporters and the future of the framework in light of expected legal challenges. Stay tuned for a second episode that covers the U.S. importer’s perspective on the Framework.
Automotive biometrics drive innovation and litigation risk
Automobile original equipment manufacturers (OEMs) are increasingly incorporating biometric trackers and analytics into a broad array of vehicle features to improve security and safety. Scott Loughlin, co-lead of the Hogan Lovells Privacy and Cybersecurity practice, interviews Hogan Lovells partner James Denvil, senior associate Alicia Paller, and associate Jay Ettinger on how the use of biometric data continues to play an increasingly prominent role in the automotive industry, U.S. legal traps for unwary, and how litigation is likely to follow.
