Paul Otto

Paul Otto

Hogan Lovells

Contact
View Bio
RSS

Latest Publications

Share:

HIPAA Penalty Caps to Be Reduced and Tied to Culpability Level

In a dramatic turn, the US Department of Health and Human Services (HHS) has announced that effective immediately, penalties for many HIPAA violations will be subject to substantially reduced limits. ...more

4/30/2019  /  Data Breach , Department of Health and Human Services (HHS) , Electronic Medical Records , Electronic Protected Health Information (ePHI) , Enforcement Actions , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , HIPAA Breach , HITECH Act , Penalties

Life Sciences and Health Care Horizons - 2019

Innovation in the life sciences and health care industries is occurring at a dizzying pace. Five years ago, anti-PD-1 antibodies from Merck and BMS had yet to be approved, CAR-T therapies were still in small-scale clinical...more

3/18/2019  /  Artificial Intelligence , Asia , Biologics , Biotechnology , Data Breach , Digital Health , Information Technology , Life Sciences , Pharmaceutical Industry , Prescription Drugs , Supply Chain

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

The Federal Trade Commission (“FTC”) issued notices on March 5 seeking public comment on proposed amendments to the regulations implementing the Gramm-Leach-Bliley Act (“GLBA”), commonly known as the Safeguards Rule and...more

3/14/2019  /  Chief Information Security Officer (CISO) , Data Management , Data Security , Federal Trade Commission (FTC) , Financial Institutions , Gramm-Leach-Blilely Act , Incident Response Plans , Privacy Rule , Public Comment , Regulatory Agenda , Regulatory Standards , Risk Assessment , Rulemaking Process , Safeguards Rule , WISP

California Consumer Privacy Act: The Challenge Ahead – The CCPA’s “Reasonable” Security Requirement

This is the eleventh installment in Hogan Lovells’ series on the California Consumer Privacy Act. Much of the focus on the California Consumer Protection Act (“CCPA”) has been on the new rights that it affords California...more

2/8/2019  /  California Consumer Privacy Act (CCPA) , Consumer Privacy Rights , Data Security , Personal Data , Private Right of Action , Risk Mitigation , Security Standards , Statutory Penalties

Recap of the OCR/NIST Conference on Safeguarding Health Information

Regulators provided key insights into enforcement trends and potential changes to HIPAA regulations at the 11th Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference in October...more

11/19/2018  /  Cybersecurity , Data Protection , Electronic Medical Records , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , NIST , OCR , Personally Identifiable Information , PHI , Security Risk Assessments

Proposed changes to FDA guidance for the content of premarket submissions for management of cybersecurity in medical devices: What...

On October 18, 2018, FDA issued a long-awaited draft revision to its existing guidance "Content of Premarket Submissions for Management of Cybersecurity in Medical Devices"(premarket cybersecurity guidance). This coincided...more

10/22/2018  /  Cybersecurity , Food and Drug Administration (FDA) , Life Sciences , Medical Devices , Pharmaceutical Industry , Popular , Premarket Approval Applications , Regulatory Oversight , Regulatory Requirements

California Passes First-Of-Its-Kind Law Focused on Internet of Things Cybersecurity

Late last month, California Governor Jerry Brown signed the first US Internet of Things (IoT) cybersecurity legislation: Senate Bill 327 and Assembly Bill 1906. ...more

10/18/2018  /  Connected Items , Cyber Attacks , Cybersecurity , Data Protection , Hackers , Information Technology , Internet of Things , Mobile Devices , New Legislation , Popular , Risk Management , Security Standards , State and Local Government

FDA signals increasing focus on cybersecurity requirements

With the continued explosion of software and software-controlled medical devices, including the growing use of machine learning and artificial intelligence, the FDA (the Agency) Medical Device Safety Action Plan (the Plan)...more

4/26/2018  /  Connected Items , Cybersecurity , Data Breach , Food and Drug Administration (FDA) , Medical Devices , Patient Safety , Personal Data , Pharmaceutical Industry , Popular , Regulatory Standards , Risk Management

Hogan Lovells Represents Sears in Achieving First-Ever Modification to FTC Privacy Consent Order

The FTC has approved the first-ever petition to reopen and modify a privacy-related consent order. The petition, filed by Sears Holdings Management Corporation, sought to amend the terms of Sears’ 2009 consent order (the...more

3/14/2018  /  Brick-and-Mortar Stores , Consent Order , Customer Information , Data Collection , Data Privacy , Disclosure Requirements , Enforcement Actions , Federal Trade Commission (FTC) , Mobile Apps , Retail Market , Retail Tracking , Retailers , Sears , Software

Best practices for managing cybersecurity risks related to IoT-connected medical devices

Connected medical devices deliver numerous benefits not available before, including improved monitoring of patient welfare and a wealth of vital data. But for all the advantages available through these devices, their...more

3/12/2018  /  Best Practices , Connected Items , Cyber Attacks , Cybersecurity , Data Security , Federal Trade Commission (FTC) , Food and Drug Administration (FDA) , General Data Protection Regulation (GDPR) , Hackers , Health Care Providers , Health Insurance Portability and Accountability Act (HIPAA) , Internet of Things , Life Sciences , Medical Devices , Patient Safety , Personal Data , Pharmaceutical Industry , Popular , Regulatory Oversight , Risk Management , Security Risk Assessments , Training

SEC Issues New Interpretive Guidance on Cybersecurity Disclosures

Prompted by concern over the increase in the risks and frequency of data breach incidents and other cyber-attacks affecting public companies, the Securities and Exchange Commission recently published interpretive guidance to...more

3/6/2018  /  Cyber Threats , Cybersecurity , Data Breach , Disclosure Requirements , Financial Statements , Insider Trading , Interpretive Rule , Non-Public Information , Publicly-Traded Companies , Regulation FD , Regulation S-K , Risk Management , Securities and Exchange Commission (SEC)

A guide to NYDFS Cybersecurity Regulation's March 1 implementation deadline

It’s been almost a year since the New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect. Since that time, a series of key dates have marked the implementation of...more

2/28/2018  /  Banking Sector , Chief Information Security Officer (CISO) , Cybersecurity , Cybersecurity Framework , Data Protection , Financial Institutions , Financial Services Industry , Information Technology , Insurance Industry , NYDFS , Popular , Risk Assessment , Risk Management , Vulnerability Assessments

Working Together: FDA Releases Final Guidance on Interoperability

On September 6, 2017, the Food and Drug Administration (FDA or the Agency) released its final guidance document, Design Considerations and Pre-Market Submission Recommendations for Interoperable Medical Devices (Final...more

10/3/2017  /  Cybersecurity , Final Guidance , Food and Drug Administration (FDA) , Labeling , Medical Devices , Popular , Regulatory Oversight , Risk Management , Safety Standards

The Internet of Things Cybersecurity Improvement Act of 2017: A potential mandate for security standards applicable to...

On 1 August 2017, a bipartisan group of four U.S. senators (Steve Daines (R-MT), Cory Gardner (R-CO), Mark Warner (D-VA), and Ron Wyden (D-OR) introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2017....more

8/24/2017  /  Connected Items , Cybersecurity , Data Protection , Federal Contractors , Internet of Things , NIST , NTIA , OEM , Popular , Proposed Legislation , Risk Management

Bipartisan Group of Senators Introduce Bill to Impose Baseline Security Requirements for IoT Devices Provided to U.S. Government

On August 1, a bipartisan group of four senators introduced a bill that would impose specific cybersecurity requirements on providers of Internet of Things (IoT) devices when doing business with the U.S. Government and...more

8/3/2017  /  Computer Fraud and Abuse Act (CFAA) , Connected Items , Cybersecurity , Data Protection , Information Technology , Internet of Things , Proposed Legislation , Risk Management , Vendors , Vulnerability Assessments , Wireless Devices

National Association of Corporate Directors Updates Cyber-Risk Oversight Handbook

Earlier this year, the National Association of Corporate Directors (NACD) released an updated version of its Director’s Handbook on Cyber-Risk Oversight (Handbook). The updates add 16 pages of content to the previously...more

7/19/2017  /  Board of Directors , Corporate Counsel , Corporate Governance , Cyber Threats , Cybersecurity , Cybersecurity Framework , Data Protection , Handbooks , Information Technology , National Association of Corporate Directors (NACD) , Risk Management

Changing Cybersecurity Threats in the Context of the Internet of Things: Don’t Blink or You’ll Miss It

In this hoganlovells.com interview, Washington, D.C.-based Hogan Lovells senior associate Paul Otto talks about security issues created by the exponential growth of the Internet of Things (IoT). ...more

7/10/2017  /  Connected Items , Cyber Attacks , Cyber Threats , Cybersecurity , Data Protection , Hackers , Internet of Things , Popular

The “Final Final” is Here: NYDFS Cybersecurity Regulations

As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On...more

2/27/2017  /  Banking Sector , Chief Information Security Officer (CISO) , Confidential Information , Cybersecurity , Cybersecurity Framework , Data Protection , Disclosure Requirements , Financial Institutions , Financial Services Industry , Information Technology , Insurance Industry , Notice Requirements , NYDFS , Personally Identifiable Information , Popular , Risk Assessment , Risk Management , Third-Party Service Provider

NTIA Highlights Promise and Policy Challenges of IoT, Seeks Additional Comments

On January 12, 2017, prior to the new administration taking power, the National Telecommunications and Information Administration (NTIA) within the Department of Commerce (Department) released a Green Paper on “Fostering the...more

2/15/2017  /  Best Practices , Comment Period , Connected Items , Cybersecurity , Internet , Internet of Things , Internet Privacy , NIST , NTIA , Popular , Privacy Concerns , Risk Management , Technology , Technology Sector , U.S. Commerce Department

NIST Updates Cybersecurity Framework Guidance

In the past month, the National Institute of Standards and Technology (NIST) has issued a draft update to its flagship cybersecurity framework as well as new standalone guidance on how organizations can plan to recover from...more

1/26/2017  /  Comment Period , Critical Infrastructure Sectors , Cyber Attacks , Cybersecurity , Cybersecurity Framework , Data Breach , Data Protection , NIST , Ransomware , Risk Management , Supply Chain
70 Results
 / 
View per page
« Previous
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide