Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Online Privacy

Subscribe to Online Privacy RSS Feed

Deeper Dive: Human Error Is to Blame for Most Breaches

Posted in Cybersecurity, Incident Response, Online Privacy
Each year, as companies implement the latest security technologies, attackers develop and launch new tactics, techniques, and procedures to circumvent those technologies. While investment in security defense and detection technologies is an essential component to building an effective defense-in-depth strategy, the reality is that most breaches can be traced back to human error. In our… Continue Reading

Government Access to Private Data: Microsoft Opens a New Front in the Battle for Consumer Privacy

Posted in Online Privacy
Prior to the Information Age, sensitive papers were stored in file cabinets and drawers. When home computers arrived, information was digitized and moved to hard drives or other electronic media, still possessed by the user. Today, with the general availability of high-speed Internet service, many individuals are moving information to the so-called cloud – which… Continue Reading

BakerHostetler Data Security Incident Response Report Reveals Being “Compromise Ready” Better Positions Companies to Respond to Incidents

Posted in Incident Response, News, Online Privacy
On March 30, 2016, we released our second annual Data Security Incident Response Report. Key findings show that phishing/hacking/malware was the cause of 31% of data security incidents during 2015, revealing a shift from 2014 when human error was the leading cause. The report also continues the inaugural-year theme that no industry is immune to… Continue Reading

FTC And ASUS Reach Settlement Over Risk To Consumer Privacy In ASUS-Branded Routers

Posted in Online Privacy
To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers… Continue Reading

Legal Developments in Connected Car Arena Provide Glimpse of Privacy and Data Security Regulation in Internet of Things

Posted in Cybersecurity, Online Privacy
With the holiday season in the rear view, automobiles equipped with the newest technology connecting carmakers with their vehicles, vehicles with the world around them, and drivers with the consumer marketplace – Connected Cars – have moved from the lots to driveways. Automakers are remaking their fleets to offer unprecedented choice and convenience to drivers.… Continue Reading

LabMD and Wyndham Decisions Curtail FTC’s Data Privacy and Security Reach

Posted in Children’s Privacy, HIPAA/HITECH, Online Privacy
Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute an unfair practice under Section 5 of the FTC Act. Further,… Continue Reading

Australia Introduces Draft Privacy Act Amendment Addressing Notification

Posted in Data Breaches, Online Privacy
In 2015, several countries introduced new data privacy regulations and approved new data protection regulators. As the year draws to a close, Australia joins the list of countries advancing new data privacy legislation with the Australian government’s recent release of a draft bill amending its Privacy Act to implement a new security incident notification framework.… Continue Reading

ALJ Issues Sweeping Decision Dismissing FTC’s Action Against LabMD

Posted in Medical Privacy, Online Privacy
On November 13, 2015, the chief administrative law judge (“ALJ”) handling the Federal Trade Commission’s (“FTC” or “Commission”) complaint against LabMD Inc. (“LabMD”) dismissed the case in its entirety. As we previously reported, following two data security incidents involving the disclosure of personal information, the FTC brought an action against LabMD, a clinical testing laboratory,… Continue Reading

EU Expands Reach of National Data Protection Regulators

Posted in International Privacy Law, Online Privacy, Uncategorized
The central European countries of Slovakia and Hungary are divided by a common 420-mile-long border. But that dividing line, and other European national borders, may now be a little more blurred due to a key ruling by the Court of Justice of the European Union (CJEU). The ruling, perhaps somewhat overlooked due to all of… Continue Reading

FCC Shows Hand on Regulation of Edge Providers

Posted in Online Privacy
In a prior post, we commented on how the recent expansion of the FCC’s authority to regulate the privacy practices of Internet service providers (ISPs) has ignited calls for further expansion of the FCC’s authority to cover “edge providers” – online companies that offer services, content, products, and applications over the broadband Internet service provided… Continue Reading

An Ounce of Prevention Is Better (and Cheaper) Than a Pound of Cure: It’s time for a data protection checkup.

Posted in Cybersecurity, Incident Response, Information Governance, Online Privacy
We recently released the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. The report shows that human error was the number one cause of data security incidents we worked on last year, with employee negligence responsible… Continue Reading

Self-Regulatory Authorities Police Online Ad Industry in Another Sweep

Posted in Online Privacy
Interest-based advertising (IBA), also known as behavioral advertising, creates profiles of consumers based on their online activities over time and across services, and uses them to send consumers relevant, targeted ads. To try to prevent the kind of opt-in legal requirements imposed in other countries on this kind of Internet user tracking and targeting, the U.S.… Continue Reading

What’s on the Horizon in the Golden State?

Posted in Breach Notification, Cybersecurity, Data Breach Notification Laws, Marketing, Online Privacy
As we near the turn of the year into 2015, organizations should keep an eye on laws taking effect on the West Coast. This year, the crop of new privacy statutes includes a few without precedent anywhere in the country. The focus? Kids and security. Following are a few examples of new California laws taking… Continue Reading

#Ubergate Makes Plain That Privacy Cannot Be a Passing Thought for Start-Ups

Posted in Information Security, Online Privacy
The long-brewing behind-the-scenes tensions of privacy, big data, and mobile finally came to a head last week in the public relations disaster known as #Ubergate. Uber’s meteoric rise to the pinnacle of the rideshare start-up economy has been fueled in part by its collection and usage of sensitive consumer geolocation information. An Uber executive’s recent… Continue Reading

Privacy Policies Going Digital: The CFPB’s Final Rule Ditches Requirement to Distribute Annual Paper Copies

Posted in Online Privacy
On October 20, 2014, the Consumer Financial Protection Bureau (“CFPB”) announced that it had finalized a rule that alters the way that financial institutions provide privacy policies to their customers. Under the Gramm-Leach-Bliley Act of 1999 (“GLBA”), financial institutions are required under Regulation P to provide their customers with initial and annual notices regarding their… Continue Reading

Secret Service Raises Warning About Backoff POS Malware

Posted in Information Security, Online Privacy, Retail Industry
The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems.  The Alert notes that the attackers often gain initial network access by stealing or brute-forcing the passwords for remote desktop applications (e.g.,… Continue Reading

What Companies Can Do to Protect Themselves in the Face of Yet Another Massive Data Breach

Posted in Cybersecurity, Data Breaches, Information Security, Online Privacy
Last week it was reported that a small group of Russian computer hackers illegally obtained an unprecedented quantity of internet credentials, including 1.2 billion username and password combinations, and over 500 million unique email addresses. The compromised companies have not yet been identified, but it is believed that the information came from over 420,000 websites.… Continue Reading

Clapper Again Stymies Data Breach Class Action

Posted in Data Breaches, Online Privacy, Privacy Class Actions
Editor’s Note: This blog post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. The U.S. Supreme Court’s decision in Clapper v. Amnesty International USA again has been relied on by a federal district court to hold that the “mere loss of data” in a data breach case does not constitute an injury sufficient to… Continue Reading

Snapchat Settlement Signals Greater FTC Scrutiny for Tech Start-Up Privacy Policies

Posted in Online Privacy, Social Media
By now, you have probably heard about the FTC’s recent settlement with Snapchat, the popular mobile photo and video messaging service, over allegations that it deceived consumers with promises about the disappearing nature of messages sent through its service.  It did not take long for major media outlets to cover the story, highlighting both consumer… Continue Reading

The FTC Takes a Closer Look at Alternative Scoring Products

Posted in Online Privacy
The Federal Trade Commission (“FTC”) hosted a panel discussion, in late March on “Alternative Scoring Products” as part its 2014 Spring Privacy Series, signaling the Commission’s increased attention on this burgeoning industry. The FTC has indicated that its “goal is to study what is happening in the alternative scoring space, what may be on the horizon… Continue Reading

Moving Towards a Global Harmonized Approach to Cross-Border Data Transfers?

Posted in Information Governance, Information Security, International Privacy Law, Online Privacy
Today, data can be transferred around the world instantaneously, making the global marketplace seem almost borderless.  As any multinational company knows, however, compliance with each country’s data transfer and privacy laws can be onerous.  As the U.S. contemplates data protection legislation, the FTC last week announced a joint initiative with agency officials from the European… Continue Reading

When Can Online Terms of Use and Privacy Policies Be Changed?

Posted in Online Privacy, Social Media
Recently, a California court dismissed a plaintiff’s claims that Instagram’s updated Terms of Services constituted a breach of the covenant of good faith and fair dealing implied in all contacts because Instagram took expanded rights over user’s photos.  Rodriguez v Instagram, LLC  (California Superior Court of San Francisco Case CGC-13-532875) (February 28, 2014). We have… Continue Reading

Media Convergence and Privacy Attorney Alan Friel Joins BakerHostetler in LA

Posted in Behavioral Advertising, Marketing, Online Privacy, Social Media
BakerHostetler is proud to announce that Alan Friel has joined the firm, resident in the Los Angeles office and practicing in the Intellectual Property Group, as a key member of the Privacy and Data Protection and the Information Technology and Transaction teams. Friel’s practice focuses on intellectual property transactions, regulatory schemes, and privacy and consumer… Continue Reading