Archives: Online Privacy

Subscribe to Online Privacy RSS Feed

Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity

On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card numbers and other personal information. According to the investigation, on Aug. 7, 2014, in an all-too-common scenario, an … Continue Reading

Unanimous FTC Finds LabMD’s Data Security Practices Violated Section 5 of the FTC Act

On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair” practices in violation of Section 5 of the FTC Act because it failed to provide reasonable and appropriate security for personal … Continue Reading

Balancing Innovation With Privacy Concerns: The FTC Provides Comment on the Internet of Things

On June 3, 2016, the Federal Trade Commission (FTC) responded to a Request for Comments issued by the Department of Commerce, National Telecommunications and Information Administration (NTIA) regarding the Internet of Things (IoT). The NTIA, which issued its Request for Comments on April 5, 2016, stated that it will use commentary to expand on its … Continue Reading

Concrete and Particularized: What the Supreme Court’s Spokeo Ruling May Mean for Privacy Class Actions and Big Data – the First in a Series

This morning, the Supreme Court of the United States issued its decision in Robins v. Spokeo, No. 13–1339, 578 U. S. ____ (2016), putting to rest months of speculation as to whether the Court could come to a meaningful decision (that would be anything other than 4-4) in the aftermath of Justice Scalia’s passing in … Continue Reading

Deeper Dive: Human Error Is to Blame for Most Breaches

Each year, as companies implement the latest security technologies, attackers develop and launch new tactics, techniques, and procedures to circumvent those technologies. While investment in security defense and detection technologies is an essential component to building an effective defense-in-depth strategy, the reality is that most breaches can be traced back to human error. In our … Continue Reading

Government Access to Private Data: Microsoft Opens a New Front in the Battle for Consumer Privacy

Prior to the Information Age, sensitive papers were stored in file cabinets and drawers. When home computers arrived, information was digitized and moved to hard drives or other electronic media, still possessed by the user. Today, with the general availability of high-speed Internet service, many individuals are moving information to the so-called cloud – which … Continue Reading

BakerHostetler Data Security Incident Response Report Reveals Being “Compromise Ready” Better Positions Companies to Respond to Incidents

On March 30, 2016, we released our second annual Data Security Incident Response Report. Key findings show that phishing/hacking/malware was the cause of 31% of data security incidents during 2015, revealing a shift from 2014 when human error was the leading cause. The report also continues the inaugural-year theme that no industry is immune to … Continue Reading

FTC And ASUS Reach Settlement Over Risk To Consumer Privacy In ASUS-Branded Routers

To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers … Continue Reading

Legal Developments in Connected Car Arena Provide Glimpse of Privacy and Data Security Regulation in Internet of Things

With the holiday season in the rear view, automobiles equipped with the newest technology connecting carmakers with their vehicles, vehicles with the world around them, and drivers with the consumer marketplace – Connected Cars – have moved from the lots to driveways. Automakers are remaking their fleets to offer unprecedented choice and convenience to drivers. … Continue Reading

LabMD and Wyndham Decisions Curtail FTC’s Data Privacy and Security Reach

Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute an unfair practice under Section 5 of the FTC Act. Further, … Continue Reading

Australia Introduces Draft Privacy Act Amendment Addressing Notification

In 2015, several countries introduced new data privacy regulations and approved new data protection regulators. As the year draws to a close, Australia joins the list of countries advancing new data privacy legislation with the Australian government’s recent release of a draft bill amending its Privacy Act to implement a new security incident notification framework. … Continue Reading

ALJ Issues Sweeping Decision Dismissing FTC’s Action Against LabMD

On November 13, 2015, the chief administrative law judge (“ALJ”) handling the Federal Trade Commission’s (“FTC” or “Commission”) complaint against LabMD Inc. (“LabMD”) dismissed the case in its entirety. As we previously reported, following two data security incidents involving the disclosure of personal information, the FTC brought an action against LabMD, a clinical testing laboratory, … Continue Reading

FCC Shows Hand on Regulation of Edge Providers

In a prior post, we commented on how the recent expansion of the FCC’s authority to regulate the privacy practices of Internet service providers (ISPs) has ignited calls for further expansion of the FCC’s authority to cover “edge providers” – online companies that offer services, content, products, and applications over the broadband Internet service provided … Continue Reading

An Ounce of Prevention Is Better (and Cheaper) Than a Pound of Cure: It’s time for a data protection checkup.

We recently released the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. The report shows that human error was the number one cause of data security incidents we worked on last year, with employee negligence responsible … Continue Reading

Self-Regulatory Authorities Police Online Ad Industry in Another Sweep

Interest-based advertising (IBA), also known as behavioral advertising, creates profiles of consumers based on their online activities over time and across services, and uses them to send consumers relevant, targeted ads. To try to prevent the kind of opt-in legal requirements imposed in other countries on this kind of Internet user tracking and targeting, the U.S. … Continue Reading

What’s on the Horizon in the Golden State?

As we near the turn of the year into 2015, organizations should keep an eye on laws taking effect on the West Coast. This year, the crop of new privacy statutes includes a few without precedent anywhere in the country. The focus? Kids and security. Following are a few examples of new California laws taking … Continue Reading

#Ubergate Makes Plain That Privacy Cannot Be a Passing Thought for Start-Ups

The long-brewing behind-the-scenes tensions of privacy, big data, and mobile finally came to a head last week in the public relations disaster known as #Ubergate. Uber’s meteoric rise to the pinnacle of the rideshare start-up economy has been fueled in part by its collection and usage of sensitive consumer geolocation information. An Uber executive’s recent … Continue Reading

Privacy Policies Going Digital: The CFPB’s Final Rule Ditches Requirement to Distribute Annual Paper Copies

On October 20, 2014, the Consumer Financial Protection Bureau (“CFPB”) announced that it had finalized a rule that alters the way that financial institutions provide privacy policies to their customers. Under the Gramm-Leach-Bliley Act of 1999 (“GLBA”), financial institutions are required under Regulation P to provide their customers with initial and annual notices regarding their … Continue Reading

Secret Service Raises Warning About Backoff POS Malware

The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems.  The Alert notes that the attackers often gain initial network access by stealing or brute-forcing the passwords for remote desktop applications (e.g., … Continue Reading

What Companies Can Do to Protect Themselves in the Face of Yet Another Massive Data Breach

Last week it was reported that a small group of Russian computer hackers illegally obtained an unprecedented quantity of internet credentials, including 1.2 billion username and password combinations, and over 500 million unique email addresses. The compromised companies have not yet been identified, but it is believed that the information came from over 420,000 websites. … Continue Reading

Clapper Again Stymies Data Breach Class Action

Editor’s Note: This blog post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. The U.S. Supreme Court’s decision in Clapper v. Amnesty International USA again has been relied on by a federal district court to hold that the “mere loss of data” in a data breach case does not constitute an injury sufficient to … Continue Reading
LexBlog