Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Privacy

Subscribe to Privacy RSS Feed

Kentucky Enacts Data Breach Notification Statute

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Education, Information Security, Privacy
On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  Prior to H.B. 232, Kentucky was one of only four states—including Alabama, New Mexico, and South Dakota—that had not adopted data breach notification legislation.  H.B. 232 also includes a separate section … Continue Reading

Ill Conceived California Privacy Bill Threatens Viability Of Commercial Educational Online Services

Posted in Education, Privacy
SB 1177, the Student Online Privacy Protection Act was recently introduced in the California legislature.  This is a bad bill for the private educational industry, and ultimately for parents and students.  It would drastically expand the privacy protections of the Federal Educational Rights and Privacy Act (FERPA), and state equivalents, which impose reasonable limits on … Continue Reading

Privacy Law in a Nutshell

Posted in Cybersecurity, Federal Legislation, Information Security, International Privacy Law, Marketing, Privacy
BakerHostetler Privacy and Data Protection Partner Erica Gann Kitaev is a co-author of the recently published Privacy Law in a Nutshell, Second Edition, through West Academic Publishing. Legal issues related to privacy are exploding in the U.S., and virtually all businesses face privacy considerations, particularly as technology and the law evolves.  The Privacy Nutshell is … Continue Reading

ONC’s Security Risk Assessment Tool Is Useful but Could Be Improved

Posted in HIPAA/HITECH, Privacy
The Office of the National Coordinator for Health Information Technology (ONC) released a Security Risk Assessment Tool (SRA Tool) on March 28.  According to the User Guide for the SRA Tool (available here), the Tool is designed to help small and medium-sized healthcare practices “evaluate risks, vulnerabilities, and adherence to the HIPAA Security Rule.”  User … Continue Reading

The FTC Takes a Closer Look at Alternative Scoring Products

Posted in Online Privacy, Privacy
The Federal Trade Commission (“FTC”) hosted a panel discussion, in late March on “Alternative Scoring Products” as part its 2014 Spring Privacy Series, signaling the Commission’s increased attention on this burgeoning industry. The FTC has indicated that its “goal is to study what is happening in the alternative scoring space, what may be on the horizon … Continue Reading

Moving Towards a Global Harmonized Approach to Cross-Border Data Transfers?

Posted in Information Governance, Information Security, International Privacy Law, Online Data Tracking, Online Privacy, Privacy
Today, data can be transferred around the world instantaneously, making the global marketplace seem almost borderless.  As any multinational company knows, however, compliance with each country’s data transfer and privacy laws can be onerous.  As the U.S. contemplates data protection legislation, the FTC last week announced a joint initiative with agency officials from the European … Continue Reading

When Can Online Terms of Use and Privacy Policies Be Changed?

Posted in Online Privacy, Privacy, Social Media
Recently, a California court dismissed a plaintiff’s claims that Instagram’s updated Terms of Services constituted a breach of the covenant of good faith and fair dealing implied in all contacts because Instagram took expanded rights over user’s photos.  Rodriguez v Instagram, LLC  (California Superior Court of San Francisco Case CGC-13-532875) (February 28, 2014). We have … Continue Reading

Governing Big Data

Posted in Cybersecurity, HIPAA/HITECH, Information Governance, Information Security, Privacy, Uncategorized
Sources and volumes of data are growing exponentially.  Website clicks, social media, sensors, and card swipers are generating massive amounts of data every second.  More and more enterprises are beginning to collect and utilize this Big Data for all kinds of purposes, including improved business intelligence, targeted marketing and fraud detection.  With so much attention … Continue Reading

Once Again, Clapper Defeats Data Breach Class Action

Posted in Data Breaches, Identity Theft, Litigation, Online Privacy, Privacy
Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused.  In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held … Continue Reading

Careful! Your Company May Be a Defacto Data Broker: Are Privacy Regulators Going for Broke(rs) as part of the 2014 Legislative and Privacy Enforcement Agenda?

Posted in Enforcement, Federal Legislation, Privacy
Concerns about privacy practices in the data broker industry, and the privacy implications about the lack of transparency “behind-the-scenes,” will remain a topic of intense regulatory and legislative focus in 2014.   The Federal Trade Commission has defined “data brokers” as companies that collect personal information about consumers from a variety of public and non-public sources … Continue Reading

Information Governance – 2013 in Review

Posted in Data Breaches, Online Data Tracking, Online Privacy, Privacy, Privacy Litigation
By: Judith A. Selby and James A. Sherer 2013 was the year that the term “Information Governance” or “IG” began to be widely used outside of technical circles. Despite that fact, the concept of IG is not well understood. Gartner, a premier information advisory company, defines IG as the specification of decision rights and an accountability framework … Continue Reading

Something Wicked This Way Comes – Dark and Dusty Data and the Risk Your Organization Already Owns

Posted in Data Breaches, Privacy
This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Authored by: James Sherer During the final panel of Thomson Reuters’ 17th Annual eDiscovery & Information Governance in Practice Forum, Thomas Barnett, Ignatius Grande, and Sandra Rampersaud led a lively discussion on Managing Big Data, Dark Data, and Risk.  And while the exchange … Continue Reading

A guide to native advertising’s legal issues

Posted in Behavioral Advertising, Online Privacy, Privacy
Native advertising has by all accounts been the darling of the digital marketing world in 2013. Although it comes in all shapes and sizes, the general consensus defines “native advertising” as the practice of designing ads to look like the natural editorial content of the website on which they appear. Native’s proponents hail it as … Continue Reading

Google is No Cookie Monster, says Delaware Federal Court

Posted in Privacy
This post was co-authored by Julian D. Perlman and is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. In a decisive victory for Google and several co-defendants, a Delaware federal court dismissed the claims of a putative class of individuals who alleged that they were injured by Google’s practice of circumventing certain internet browsers’ … Continue Reading

Opening the Flood Gates? California Voters May Create Presumption of Harm in Privacy Breach Cases

Posted in Data Breaches, Privacy, Privacy Class Actions, Privacy Litigation
Authored by: Julian Perlman Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. California has moved one step closer towards amending its Constitution to create a presumption of harm whenever personal data is shared without a consumer’s express opt-in, a change that would clear a significant hurdle to many privacy breach … Continue Reading

California’s New “Eraser Button” Law Allows Regretful Teens to Remove Embarrassing Internet Postings

Posted in COPPA, Online Privacy, Privacy
Authored by: Charles K. Shih California became the first state to sign into law a bill that requires websites and apps to provide an “eraser button” to its users under the age of 18.  The law, S.B. 568 signed by California Governor Jerry Brown, has two main elements.  First, it requires Internet companies to provide … Continue Reading

Legal concepts every social media marketer should know: Part IV – User Generated Content (Content Treasure Trove v. Legal Pandora’s Box)

Posted in Marketing, Miscellaneous, Online Privacy, Privacy, Social Media
Editor’s Note: This blog post was originally published on September 30, 2013, courtesy of iMedia Connection’s Blog. It is repurposed with permission. This post is co-authored by Alan M. Pate The most valuable resource in a marketing campaign can often be the very audience you are trying to reach. “User generated content,” or UGC, be … Continue Reading

North Dakota Breach Notification Law – Personal Information Includes Health Information

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, HIPAA/HITECH, Medical Privacy, Privacy
North Dakota has amended its Notice of Security Breach for Personal Information statute, North Dakota Century Code Section 51-30 et seq., to expand the definition of  “personal information” to include “medical information” and health insurance information.”  Pursuant to the amended statute, “medical information” includes any information regarding an individual’s medical history, mental or physical condition, … Continue Reading

Legal concepts every social media marketer should know: Part I — Consumer privacy

Posted in COPPA, Marketing, Mobile Privacy, Online Privacy, Privacy, Social Media
Editor’s Note: This blog post was originally published on August 12, 2013, courtesy of iMedia Connection’s Blog. It is repurposed with permission. This post is co-authored by Alan M. Pate. There are three things a social media website operator or digital marketer probably hates to hear most before  launching an online ad campaign: 1. Can you make … Continue Reading

Second Circuit Rejects Strict Liability But Imposes Reasonable Care Standard on Disclosure of Personal Motor Vehicle Information

Posted in Privacy
In a lengthy opinion that closely examined the legislative history of the Driver’s Privacy Protection Act (DPPA), the Second Circuit refused to impose strict liability on data brokers and resellers of personal information sourced from motor vehicle records. Eric Gordon v. Softech, et al., 12-661-cv (2d Circuit July 31, 2013). The court did hold, however, … Continue Reading

Federal Prosecutors Indict Accused Data Thieves

Posted in Data Breaches, Enforcement, Online Privacy, Payment Card Industry, Privacy
Federal prosecutors announced yesterday the arrest and indictment of five men accused of involvement in the theft of over 160 million credit card numbers. According to prosecutors, thefts by this group involved some of the largest and most notable U.S. data breaches of recent years, including Global Payments, Heartland Payment Systems, Hannaford, and NASDAQ, among … Continue Reading

Illinois Supreme Court Finds Insurance Coverage for TCPA Claims under Traditional Liability Policies

Posted in Privacy, Privacy Class Actions
This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. The Illinois Supreme Court held on May 23, 2013, that claims based on alleged violation of the Telephone Consumer Protection Action (TCPA) are covered under traditional general liability policies.  Standard Mut. Ins. Co. v. Lay,  2013 IL 114617 (Ill. 2013).  In so … Continue Reading

Guest Blog: Vermont Privacy Breach Regulations

Posted in Data Breaches, Privacy
Editor’s Notes:Guest blog Interview by Mark Greisiger, President NetDiligence®This blog post has been republished with permission from Junto – NetDiligence Blog A Q&A with Ryan KrigerAmong state Attorneys General, Vermont has gained a reputation for being particularly aggressive about data breach and privacy regulation. To better understand the state’s Consumer Protection Act requirements and processes … Continue Reading