Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Online Privacy

Subscribe to Online Privacy RSS Feed

Secret Service Raises Warning About Backoff POS Malware

Posted in Credit Card, Information Security, Online Privacy, Retail
The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems.  The Alert notes that the attackers often gain initial network access by stealing or brute-forcing the passwords for remote desktop applications (e.g., … Continue Reading

What Companies Can Do to Protect Themselves in the Face of Yet Another Massive Data Breach

Posted in Data Breaches, Hacking, Online Privacy
Last week it was reported that a small group of Russian computer hackers illegally obtained an unprecedented quantity of internet credentials, including 1.2 billion username and password combinations, and over 500 million unique email addresses. The compromised companies have not yet been identified, but it is believed that the information came from over 420,000 websites. … Continue Reading

Clapper Again Stymies Data Breach Class Action

Posted in Data Breaches, Online Privacy, Privacy Class Actions
Editor’s Note: This blog post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. The U.S. Supreme Court’s decision in Clapper v. Amnesty International USA again has been relied on by a federal district court to hold that the “mere loss of data” in a data breach case does not constitute an injury sufficient to … Continue Reading

Snapchat Settlement Signals Greater FTC Scrutiny for Tech Start-Up Privacy Policies

Posted in Online Privacy, Privacy, Social Media
By now, you have probably heard about the FTC’s recent settlement with Snapchat, the popular mobile photo and video messaging service, over allegations that it deceived consumers with promises about the disappearing nature of messages sent through its service.  It did not take long for major media outlets to cover the story, highlighting both consumer … Continue Reading

The FTC Takes a Closer Look at Alternative Scoring Products

Posted in Online Privacy, Privacy
The Federal Trade Commission (“FTC”) hosted a panel discussion, in late March on “Alternative Scoring Products” as part its 2014 Spring Privacy Series, signaling the Commission’s increased attention on this burgeoning industry. The FTC has indicated that its “goal is to study what is happening in the alternative scoring space, what may be on the horizon … Continue Reading

Moving Towards a Global Harmonized Approach to Cross-Border Data Transfers?

Posted in Information Governance, Information Security, International Privacy Law, Online Data Tracking, Online Privacy, Privacy
Today, data can be transferred around the world instantaneously, making the global marketplace seem almost borderless.  As any multinational company knows, however, compliance with each country’s data transfer and privacy laws can be onerous.  As the U.S. contemplates data protection legislation, the FTC last week announced a joint initiative with agency officials from the European … Continue Reading

When Can Online Terms of Use and Privacy Policies Be Changed?

Posted in Online Privacy, Privacy, Social Media
Recently, a California court dismissed a plaintiff’s claims that Instagram’s updated Terms of Services constituted a breach of the covenant of good faith and fair dealing implied in all contacts because Instagram took expanded rights over user’s photos.  Rodriguez v Instagram, LLC  (California Superior Court of San Francisco Case CGC-13-532875) (February 28, 2014). We have … Continue Reading

Media Convergence and Privacy Attorney Alan Friel Joins BakerHostetler in LA

Posted in Behavioral Advertising, Marketing, Online Privacy, Social Media
BakerHostetler is proud to announce that Alan Friel has joined the firm, resident in the Los Angeles office and practicing in the Intellectual Property Group, as a key member of the Privacy and Data Protection and the Information Technology and Transaction teams. Friel’s practice focuses on intellectual property transactions, regulatory schemes, and privacy and consumer … Continue Reading

Congress Steps Up its Scrutiny of Data Brokers

Posted in Data Brokers, Online Data Tracking, Online Privacy
In keeping with Congress’s heightened focus on privacy practices in the data broker industry, Senators Jay Rockefeller (D-W.Va.) and Ed Markey (D-Mass.) introduced a bill that would require increased transparency and accountability in the collection and sale of private consumer data.  Describing data brokers as operating a “shadow industry” with “very little scrutiny and oversight,” … Continue Reading

Once Again, Clapper Defeats Data Breach Class Action

Posted in Data Breaches, Identity Theft, Litigation, Online Privacy, Privacy
Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused.  In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held … Continue Reading

Information Governance – 2013 in Review

Posted in Data Breaches, Online Data Tracking, Online Privacy, Privacy, Privacy Litigation
By: Judith A. Selby and James A. Sherer 2013 was the year that the term “Information Governance” or “IG” began to be widely used outside of technical circles. Despite that fact, the concept of IG is not well understood. Gartner, a premier information advisory company, defines IG as the specification of decision rights and an accountability framework … Continue Reading

A guide to native advertising’s legal issues

Posted in Behavioral Advertising, Online Privacy, Privacy
Native advertising has by all accounts been the darling of the digital marketing world in 2013. Although it comes in all shapes and sizes, the general consensus defines “native advertising” as the practice of designing ads to look like the natural editorial content of the website on which they appear. Native’s proponents hail it as … Continue Reading

California Data Breach Notification Laws Expand to Include Login Information

Posted in Data Breaches, Online Privacy
Authored by: Charles K. Shih On Friday, September 27, California governor Jerry Brown signed a bill, S.B. 46, which increases the online protection of potential identity theft for Californians by requiring companies to give notice when a California resident’s log in data is compromised. California’s attorney general sponsored the law, which was written by Senate … Continue Reading

California’s New “Eraser Button” Law Allows Regretful Teens to Remove Embarrassing Internet Postings

Posted in COPPA, Online Privacy, Privacy
Authored by: Charles K. Shih California became the first state to sign into law a bill that requires websites and apps to provide an “eraser button” to its users under the age of 18.  The law, S.B. 568 signed by California Governor Jerry Brown, has two main elements.  First, it requires Internet companies to provide … Continue Reading

Legal concepts every social media marketer should know: Part IV – User Generated Content (Content Treasure Trove v. Legal Pandora’s Box)

Posted in Marketing, Miscellaneous, Online Privacy, Privacy, Social Media
Editor’s Note: This blog post was originally published on September 30, 2013, courtesy of iMedia Connection’s Blog. It is repurposed with permission. This post is co-authored by Alan M. Pate The most valuable resource in a marketing campaign can often be the very audience you are trying to reach. “User generated content,” or UGC, be … Continue Reading

Legal concepts every social media marketer should know: Part II — Rules of the road for online advertising

Posted in COPPA, Marketing, Online Privacy
Editor’s Note: This blog post was originally published on August 26, 2013, courtesy of iMedia Connection’s Blog. It is repurposed with permission. This post is co-authored by Alan M. Pate. As long as we have sold stuff, we’ve used images or stories to help sell them. As Calvin Coolidge of all people once said in … Continue Reading

Legal concepts every social media marketer should know: Part I — Consumer privacy

Posted in COPPA, Marketing, Mobile Privacy, Online Privacy, Privacy, Social Media
Editor’s Note: This blog post was originally published on August 12, 2013, courtesy of iMedia Connection’s Blog. It is repurposed with permission. This post is co-authored by Alan M. Pate. There are three things a social media website operator or digital marketer probably hates to hear most before  launching an online ad campaign: 1. Can you make … Continue Reading

Federal Prosecutors Indict Accused Data Thieves

Posted in Data Breaches, Enforcement, Online Privacy, Payment Card Industry, Privacy
Federal prosecutors announced yesterday the arrest and indictment of five men accused of involvement in the theft of over 160 million credit card numbers. According to prosecutors, thefts by this group involved some of the largest and most notable U.S. data breaches of recent years, including Global Payments, Heartland Payment Systems, Hannaford, and NASDAQ, among … Continue Reading

HHS Office of Civil Rights Hosts Webinar on Final Rule

Posted in HIPAA/HITECH, Information Security, Medical Privacy, Mobile Privacy, Online Privacy
Today, the Department of Health and Human Services, Office of Civil Rights (OCR), joined with the Workgroup for Electronic Data Interchange and hosted an online seminar discussing HITECH requirements in the new Final Rule. The presentations covered many points about the Final Rule previously outlined on this blog (see here, here, and here). Rachel Seeger, … Continue Reading

Mobile Apps and Websites Face New COPPA Requirements Starting July 1

Posted in COPPA, Online Privacy
Authored by Benjamin D. Pergament In one month, on July 1, 2013, the Federal Trade Commission’s most recent amendments to its Children’s Online Privacy Protection Act Rule (“COPPA Rule”) will go into effect. These changes include a variety of requirements intended to keep up with advances in technology and how children interact with mobile apps … Continue Reading

New gTLDs Raise Data Security Concerns

Posted in Online Privacy
Authored by: David A. Einhorn and Alan Pate ICANN is well on its way to the launch of new generic top-level domains (gTLDs) with the first ones being approved as early as April 23rd.  The handful of TLDs currently in use, such as “.com”, “.org”, and “.edu”, may soon be joined by over 1000 gTLDs … Continue Reading

The New FTC Dot Com Disclosures – the FTC Updates its Digital Advertising Guidelines for the Twitter and Facebook Age

Posted in Online Privacy
In what seems like a lifetime ago –and in the fast moving world of the Internet maybe it is –  in May 2000 the Federal Trade Commission issued “Dot Com Disclosures: Information about Online Advertising” to provide guidelines on the applicability of the FTC’s rules to online activities. Back then, the top of mind issues … Continue Reading

FTC Databook Highlights Consumer Fraud

Posted in Cybersecurity, Identity Theft, Information Security, Online Privacy
The FTC last week announced the release of the Consumer Sentinel Network Databook for January – December 2012.  The “Consumer Sentinel Network” is the FTC’s platform for law enforcement collaboration on issues affecting consumers. The program collects data from a wide range of sources, providing a comprehensive, nationwide picture of consumer complaints. Given the possible existence … Continue Reading

International Compendium of Data Privacy Laws

Posted in Miscellaneous, Online Privacy
Privacy and data protection issues confront all organizations—whether you handle employee information, credit card data, sensitive financial information or trade secrets. Securing data is a daunting task that is further complicated by cross-border transfer issues and the differences in privacy laws around the world. These laws are complex and can pose myriad and sometimes conflicting … Continue Reading