Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Online Privacy

Subscribe to Online Privacy RSS Feed

An Ounce of Prevention Is Better (and Cheaper) Than a Pound of Cure: It’s time for a data protection checkup.

Posted in Cybersecurity, Incident Response, Information Governance, Online Privacy
We recently released the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. The report shows that human error was the number one cause of data security incidents we worked on last year, with employee negligence responsible… Continue Reading

Self-Regulatory Authorities Police Online Ad Industry in Another Sweep

Posted in Online Privacy
Interest-based advertising (IBA), also known as behavioral advertising, creates profiles of consumers based on their online activities over time and across services, and uses them to send consumers relevant, targeted ads. To try to prevent the kind of opt-in legal requirements imposed in other countries on this kind of Internet user tracking and targeting, the U.S.… Continue Reading

What’s on the Horizon in the Golden State?

Posted in Breach Notification, Cybersecurity, Data Breach Notification Laws, Marketing, Online Privacy
As we near the turn of the year into 2015, organizations should keep an eye on laws taking effect on the West Coast. This year, the crop of new privacy statutes includes a few without precedent anywhere in the country. The focus? Kids and security. Following are a few examples of new California laws taking… Continue Reading

#Ubergate Makes Plain That Privacy Cannot Be a Passing Thought for Start-Ups

Posted in Information Security, Online Privacy
The long-brewing behind-the-scenes tensions of privacy, big data, and mobile finally came to a head last week in the public relations disaster known as #Ubergate. Uber’s meteoric rise to the pinnacle of the rideshare start-up economy has been fueled in part by its collection and usage of sensitive consumer geolocation information. An Uber executive’s recent… Continue Reading

Privacy Policies Going Digital: The CFPB’s Final Rule Ditches Requirement to Distribute Annual Paper Copies

Posted in Online Privacy
On October 20, 2014, the Consumer Financial Protection Bureau (“CFPB”) announced that it had finalized a rule that alters the way that financial institutions provide privacy policies to their customers. Under the Gramm-Leach-Bliley Act of 1999 (“GLBA”), financial institutions are required under Regulation P to provide their customers with initial and annual notices regarding their… Continue Reading

Secret Service Raises Warning About Backoff POS Malware

Posted in Information Security, Online Privacy, Retail Industry
The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems.  The Alert notes that the attackers often gain initial network access by stealing or brute-forcing the passwords for remote desktop applications (e.g.,… Continue Reading

What Companies Can Do to Protect Themselves in the Face of Yet Another Massive Data Breach

Posted in Cybersecurity, Data Breaches, Information Security, Online Privacy
Last week it was reported that a small group of Russian computer hackers illegally obtained an unprecedented quantity of internet credentials, including 1.2 billion username and password combinations, and over 500 million unique email addresses. The compromised companies have not yet been identified, but it is believed that the information came from over 420,000 websites.… Continue Reading

Clapper Again Stymies Data Breach Class Action

Posted in Data Breaches, Online Privacy, Privacy Class Actions
Editor’s Note: This blog post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. The U.S. Supreme Court’s decision in Clapper v. Amnesty International USA again has been relied on by a federal district court to hold that the “mere loss of data” in a data breach case does not constitute an injury sufficient to… Continue Reading

Snapchat Settlement Signals Greater FTC Scrutiny for Tech Start-Up Privacy Policies

Posted in Online Privacy, Social Media
By now, you have probably heard about the FTC’s recent settlement with Snapchat, the popular mobile photo and video messaging service, over allegations that it deceived consumers with promises about the disappearing nature of messages sent through its service.  It did not take long for major media outlets to cover the story, highlighting both consumer… Continue Reading

The FTC Takes a Closer Look at Alternative Scoring Products

Posted in Online Privacy
The Federal Trade Commission (“FTC”) hosted a panel discussion, in late March on “Alternative Scoring Products” as part its 2014 Spring Privacy Series, signaling the Commission’s increased attention on this burgeoning industry. The FTC has indicated that its “goal is to study what is happening in the alternative scoring space, what may be on the horizon… Continue Reading

Moving Towards a Global Harmonized Approach to Cross-Border Data Transfers?

Posted in Information Governance, Information Security, International Privacy Law, Online Privacy
Today, data can be transferred around the world instantaneously, making the global marketplace seem almost borderless.  As any multinational company knows, however, compliance with each country’s data transfer and privacy laws can be onerous.  As the U.S. contemplates data protection legislation, the FTC last week announced a joint initiative with agency officials from the European… Continue Reading

When Can Online Terms of Use and Privacy Policies Be Changed?

Posted in Online Privacy, Social Media
Recently, a California court dismissed a plaintiff’s claims that Instagram’s updated Terms of Services constituted a breach of the covenant of good faith and fair dealing implied in all contacts because Instagram took expanded rights over user’s photos.  Rodriguez v Instagram, LLC  (California Superior Court of San Francisco Case CGC-13-532875) (February 28, 2014). We have… Continue Reading

Media Convergence and Privacy Attorney Alan Friel Joins BakerHostetler in LA

Posted in Behavioral Advertising, Marketing, Online Privacy, Social Media
BakerHostetler is proud to announce that Alan Friel has joined the firm, resident in the Los Angeles office and practicing in the Intellectual Property Group, as a key member of the Privacy and Data Protection and the Information Technology and Transaction teams. Friel’s practice focuses on intellectual property transactions, regulatory schemes, and privacy and consumer… Continue Reading

Congress Steps Up its Scrutiny of Data Brokers

Posted in Online Privacy
In keeping with Congress’s heightened focus on privacy practices in the data broker industry, Senators Jay Rockefeller (D-W.Va.) and Ed Markey (D-Mass.) introduced a bill that would require increased transparency and accountability in the collection and sale of private consumer data.  Describing data brokers as operating a “shadow industry” with “very little scrutiny and oversight,”… Continue Reading

Once Again, Clapper Defeats Data Breach Class Action

Posted in Data Breaches, Identity Theft, Online Privacy, Privacy Litigation
Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused.  In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held… Continue Reading

iBeacons Usher in New Era of Mobile Advertising in 2014, Raise Old Privacy Concerns

Posted in Behavioral Advertising, Marketing, Mobile Privacy, Online Privacy
Editor’s Note: This blog post was originally published on February 6, 2014 courtesy of iMedia Connection’s Blog. It is repurposed with permission. Remember that scene from Minority Report? The one where John Anderton (Tom Cruise) takes a trip to GAP, virtual billboards call out his name and bombard him with offers as he walks through… Continue Reading

Information Governance – 2013 in Review

Posted in Data Breaches, Online Privacy, Privacy Litigation
By: Judith A. Selby and James A. Sherer 2013 was the year that the term “Information Governance” or “IG” began to be widely used outside of technical circles. Despite that fact, the concept of IG is not well understood. Gartner, a premier information advisory company, defines IG as the specification of decision rights and an accountability framework… Continue Reading

California Data Breach Notification Laws Expand to Include Login Information

Posted in Data Breaches, Online Privacy
Authored by: Charles K. Shih On Friday, September 27, California governor Jerry Brown signed a bill, S.B. 46, which increases the online protection of potential identity theft for Californians by requiring companies to give notice when a California resident’s log in data is compromised. California’s attorney general sponsored the law, which was written by Senate… Continue Reading

California’s New “Eraser Button” Law Allows Regretful Teens to Remove Embarrassing Internet Postings

Posted in Children’s Privacy, Online Privacy
Authored by: Charles K. Shih California became the first state to sign into law a bill that requires websites and apps to provide an “eraser button” to its users under the age of 18.  The law, S.B. 568 signed by California Governor Jerry Brown, has two main elements.  First, it requires Internet companies to provide… Continue Reading

Legal concepts every social media marketer should know: Part IV – User Generated Content (Content Treasure Trove v. Legal Pandora’s Box)

Posted in Marketing, Online Privacy, Social Media
Editor’s Note: This blog post was originally published on September 30, 2013, courtesy of iMedia Connection’s Blog. It is repurposed with permission. This post is co-authored by Alan M. Pate The most valuable resource in a marketing campaign can often be the very audience you are trying to reach. “User generated content,” or UGC, be… Continue Reading

Legal concepts every social media marketer should know: Part II — Rules of the road for online advertising

Posted in Children’s Privacy, Marketing, Online Privacy
Editor’s Note: This blog post was originally published on August 26, 2013, courtesy of iMedia Connection’s Blog. It is repurposed with permission. This post is co-authored by Alan M. Pate. As long as we have sold stuff, we’ve used images or stories to help sell them. As Calvin Coolidge of all people once said in… Continue Reading

Legal concepts every social media marketer should know: Part I — Consumer privacy

Posted in Children’s Privacy, Marketing, Mobile Privacy, Online Privacy, Social Media
Editor’s Note: This blog post was originally published on August 12, 2013, courtesy of iMedia Connection’s Blog. It is repurposed with permission. This post is co-authored by Alan M. Pate. There are three things a social media website operator or digital marketer probably hates to hear most before  launching an online ad campaign: 1. Can you make… Continue Reading