Archives: Online Privacy

Subscribe to Online Privacy RSS Feed

Nevada Enacts Online Privacy Policy Law; Illinois ‘Right to Know’ Bill Carried Over

Nevada recently became the latest state to pass a law requiring operators of websites and online services to post a public notice regarding their privacy practices. California was the first state to pass such a law in 2004, and Delaware enacted a similar law effective January 1, 2016.  Similar to its predecessors, the new Nevada … Continue Reading

Be Compromise Ready: Go Back to the Basics

We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to experience incidents at a record pace, and we expect this will continue through 2017. We have received more calls to our breach … Continue Reading

FTC Nets $500,000 Settlement for Alleged Consent Order Violation Related to Online Data Collection Practices

On March 17, 2017, the Federal Trade Commission (FTC) announced that it had reached a $500,000 settlement with Upromise, a membership reward service aimed at families saving for college. The FTC had alleged that Upromise violated a 2012 FTC consent order by failing to make required disclosures about its data collection and use practices and … Continue Reading

FTC’s $2.2m Smart TV Settlement Signals Continued IoT Enforcement Focus

On February 6, 2017, the Federal Trade Commission announced that it had settled charges against VIZIO, Inc., a consumer electronics manufacturer of Internet-connected televisions. The FTC alleged that VIZIO unfairly tracked sensitive TV viewing data of millions of American consumers, and deceptively failed to disclose how the collected data was being used. This action was … Continue Reading

FTC Settles with Ad Tech Company Over Deceptive Online Tracking Practices

On December 20, 2016, the Federal Trade Commission (FTC) announced that Turn Inc. agreed to settle charges that it misled consumers about its online tracking activities and failed to honor consumer opt-outs as described in its privacy policy. Background Turn is a digital advertising company that facilitates targeted marketing by commercial brands and ad agencies … Continue Reading

Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity

On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card numbers and other personal information. According to the investigation, on Aug. 7, 2014, in an all-too-common scenario, an … Continue Reading

Unanimous FTC Finds LabMD’s Data Security Practices Violated Section 5 of the FTC Act

On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair” practices in violation of Section 5 of the FTC Act because it failed to provide reasonable and appropriate security for personal … Continue Reading

Balancing Innovation With Privacy Concerns: The FTC Provides Comment on the Internet of Things

On June 3, 2016, the Federal Trade Commission (FTC) responded to a Request for Comments issued by the Department of Commerce, National Telecommunications and Information Administration (NTIA) regarding the Internet of Things (IoT). The NTIA, which issued its Request for Comments on April 5, 2016, stated that it will use commentary to expand on its … Continue Reading

Concrete and Particularized: What the Supreme Court’s Spokeo Ruling May Mean for Privacy Class Actions and Big Data – the First in a Series

This morning, the Supreme Court of the United States issued its decision in Robins v. Spokeo, No. 13–1339, 578 U. S. ____ (2016), putting to rest months of speculation as to whether the Court could come to a meaningful decision (that would be anything other than 4-4) in the aftermath of Justice Scalia’s passing in … Continue Reading

Deeper Dive: Human Error Is to Blame for Most Breaches

Each year, as companies implement the latest security technologies, attackers develop and launch new tactics, techniques, and procedures to circumvent those technologies. While investment in security defense and detection technologies is an essential component to building an effective defense-in-depth strategy, the reality is that most breaches can be traced back to human error. In our … Continue Reading

Government Access to Private Data: Microsoft Opens a New Front in the Battle for Consumer Privacy

Prior to the Information Age, sensitive papers were stored in file cabinets and drawers. When home computers arrived, information was digitized and moved to hard drives or other electronic media, still possessed by the user. Today, with the general availability of high-speed Internet service, many individuals are moving information to the so-called cloud – which … Continue Reading

BakerHostetler Data Security Incident Response Report Reveals Being “Compromise Ready” Better Positions Companies to Respond to Incidents

On March 30, 2016, we released our second annual Data Security Incident Response Report. Key findings show that phishing/hacking/malware was the cause of 31% of data security incidents during 2015, revealing a shift from 2014 when human error was the leading cause. The report also continues the inaugural-year theme that no industry is immune to … Continue Reading

FTC And ASUS Reach Settlement Over Risk To Consumer Privacy In ASUS-Branded Routers

To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers … Continue Reading

Legal Developments in Connected Car Arena Provide Glimpse of Privacy and Data Security Regulation in Internet of Things

With the holiday season in the rear view, automobiles equipped with the newest technology connecting carmakers with their vehicles, vehicles with the world around them, and drivers with the consumer marketplace – Connected Cars – have moved from the lots to driveways. Automakers are remaking their fleets to offer unprecedented choice and convenience to drivers. … Continue Reading

LabMD and Wyndham Decisions Curtail FTC’s Data Privacy and Security Reach

Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute an unfair practice under Section 5 of the FTC Act. Further, … Continue Reading

Australia Introduces Draft Privacy Act Amendment Addressing Notification

In 2015, several countries introduced new data privacy regulations and approved new data protection regulators. As the year draws to a close, Australia joins the list of countries advancing new data privacy legislation with the Australian government’s recent release of a draft bill amending its Privacy Act to implement a new security incident notification framework. … Continue Reading

ALJ Issues Sweeping Decision Dismissing FTC’s Action Against LabMD

On November 13, 2015, the chief administrative law judge (“ALJ”) handling the Federal Trade Commission’s (“FTC” or “Commission”) complaint against LabMD Inc. (“LabMD”) dismissed the case in its entirety. As we previously reported, following two data security incidents involving the disclosure of personal information, the FTC brought an action against LabMD, a clinical testing laboratory, … Continue Reading

FCC Shows Hand on Regulation of Edge Providers

In a prior post, we commented on how the recent expansion of the FCC’s authority to regulate the privacy practices of Internet service providers (ISPs) has ignited calls for further expansion of the FCC’s authority to cover “edge providers” – online companies that offer services, content, products, and applications over the broadband Internet service provided … Continue Reading

An Ounce of Prevention Is Better (and Cheaper) Than a Pound of Cure: It’s time for a data protection checkup.

We recently released the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. The report shows that human error was the number one cause of data security incidents we worked on last year, with employee negligence responsible … Continue Reading

Self-Regulatory Authorities Police Online Ad Industry in Another Sweep

Interest-based advertising (IBA), also known as behavioral advertising, creates profiles of consumers based on their online activities over time and across services, and uses them to send consumers relevant, targeted ads. To try to prevent the kind of opt-in legal requirements imposed in other countries on this kind of Internet user tracking and targeting, the U.S. … Continue Reading
LexBlog