Tag Archives: privacy

Uber Settles With FTC Over Allegedly Deceptive Privacy And Data Security Practices

Uber, the ride-hailing giant, agreed this week to implement a comprehensive privacy program and to undergo 20 years of privacy and data security audits in order to settle allegations by the Federal Trade Commission (FTC) that Uber did not keep its promises to protect customer data. The FTC had alleged two separate failures by Uber: … Continue Reading

Babies and Baby-making, or Not… Privacy and Security Lessons for the Internet of Things

What do babies, sex toys and wireless head phones have in common? Apparently, the privacy concerns of the Federal Trade Commission (FTC), state AGs and legislatures, class action plaintiffs, and consumer advocacy groups, at least when it comes to the Internet of Things (IoT). The IoT refers to consumer devices that are connected, directly or … Continue Reading

Mobile Ad Co Settles with FTC Over Allegations of Deceptive Geolocation Tracking And Children’s Privacy Violations for $4 Million

On June 22, 2016, mobile advertising company InMobi Private Ltd. settled Federal Trade Commission (“FTC” or “Commission”) claims of violations of Section 5 of the FTC Act, and the Children’s Online Privacy Protection Act and Rule (COPPA), for $4 million.  The violations of COPPA supported the monetary penalty since, unlike Section 5, COPPA provides for … Continue Reading

FTC Prosecutes Serving of Behavior Ads on Kids’ Apps

The Federal Trade Commission reminded publishers and advertisers recently that the Children’s Online Privacy Protection Act (COPPA) prohibits data collection, absent verified parental consent, for behavioral (interest-based) advertising on websites or mobile apps directed at children under 13. App publisher TapBlaze paid $60,000 and entered into a 20-year consent (available here) to settle charges. The revised … Continue Reading

OIG Emphasizes Proactive Enforcement of Privacy Rule and Monitoring of Repeat Offenders

The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which Medicare Part B providers are aware of HIPAA privacy standards. To that end, the OIG found that Part B providers fell … Continue Reading

FTC Director Jessica Rich Discusses Privacy and Data Security at BakerHostetler Symposium

On February 26, 2015, Jessica L. Rich, Director of the Bureau of Consumer Protection at the Federal Trade Commission, spoke at the BakerHostetler Symposium on Section 5 of the FTC Act on how the FTC approaches privacy and data security. Director Rich’s comments on this subject were particularly timely, with the Third Circuit poised to … Continue Reading

Time for an Updated Cyber Risk Approach; BPI Data Breach

Authored by Judy Selby and George Viegas* Our traditional approach to cyber risk and security has been focused on privacy and financial data. The data breach or loss concerns that typically rank high on our risk ratings are private and confidential data like names and social security numbers with other identifying non-public information and financial data … Continue Reading

Law360 Names BakerHostetler “Privacy Practice Group of the Year”

BakerHostetler’s Privacy and Data Protection team has been named a Law360 “Practice Group of the Year” for the size, importance, and complexity of its wins and work mitigating reputational and financial risks for clients. This is the second year in a row Law360 has recognized the Privacy team, which is co-led by Partner and Law360 MVP Ted Kobus and … Continue Reading

Vendor Contract Review and Cyber Risk Mitigation: How to Keep it Drama Free

Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. This week, our attorneys will be writing about specific examples of those services. Vendor contract review—what does that mean to you? Does it bring back bad memories? A last minute scramble to close a deal? Capitulating to oppressive limits on liability to meet … Continue Reading

Why Worry About a Little Skimmer?

Merchants—rightfully so—are worried about securing their payment card environments so that their name does not appear in a headline discussing how millions of cards were stolen from them. Faced with the challenge of evaluating the use of P2PE and tokenization, the conversion necessary to prepare for the October 2015 EMV liability shift, reading the tea … Continue Reading

FTC Workshop Addresses New Data Privacy Issues Concerning Consumer Generated Health Data

On May 7, 2014, the FTC hosted the latest seminar in their Spring Privacy Series to address the status of Consumer Generated and Controlled Health Data and relate results of recent FTC studies on the topic.  Consumers are embracing new technologies, particularly in the fitness domain and are generating vast amounts of “health data” both … Continue Reading

Big Data and Power Asymmetries: Recent White House Report Addresses Opportunities and Challenges Created by Increasingly Interconnected Technologies

In the latest round of reactions to the Edward Snowden leak, on May 1, 2014, the Obama Administration called for the United States to take a leading role in developing new standards for privacy protections in light of the ongoing “social, economic, and technological revolution.”  In a report titled “Big Data: Seizing Opportunities, Preserving Values,”  … Continue Reading

Ill Conceived California Privacy Bill Threatens Viability Of Commercial Educational Online Services

SB 1177, the Student Online Privacy Protection Act was recently introduced in the California legislature.  This is a bad bill for the private educational industry, and ultimately for parents and students.  It would drastically expand the privacy protections of the Federal Educational Rights and Privacy Act (FERPA), and state equivalents, which impose reasonable limits on … Continue Reading

The FTC Takes a Closer Look at Alternative Scoring Products

The Federal Trade Commission (“FTC”) hosted a panel discussion, in late March on “Alternative Scoring Products” as part its 2014 Spring Privacy Series, signaling the Commission’s increased attention on this burgeoning industry. The FTC has indicated that its “goal is to study what is happening in the alternative scoring space, what may be on the horizon … Continue Reading

Get Ready! HHS OCR Announces Next Round of HIPAA Audits

To combat new risks associated with rapidly evolving health information technology, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) provides standards for the privacy of protected health information (PHI), the security of electronic protected health information (ePHI), and breach notification to individuals.   HITECH … Continue Reading

When Can Online Terms of Use and Privacy Policies Be Changed?

Recently, a California court dismissed a plaintiff’s claims that Instagram’s updated Terms of Services constituted a breach of the covenant of good faith and fair dealing implied in all contacts because Instagram took expanded rights over user’s photos.  Rodriguez v Instagram, LLC  (California Superior Court of San Francisco Case CGC-13-532875) (February 28, 2014). We have … Continue Reading

iBeacons Usher in New Era of Mobile Advertising in 2014, Raise Old Privacy Concerns

Editor’s Note: This blog post was originally published on February 6, 2014 courtesy of iMedia Connection’s Blog. It is repurposed with permission. Remember that scene from Minority Report? The one where John Anderton (Tom Cruise) takes a trip to GAP, virtual billboards call out his name and bombard him with offers as he walks through … Continue Reading

What? The Rules Committee Hearings Don’t Have A Hashtag?

This post is a joint submission with BakerHostetler Discovery Advocate blog. On a snowy Sixth Avenue this week, thousands of people packed the New York Hilton Midtown for the sensory overload that is LegalTech New York (#LTNY), the annual E-Discovery, privacy, and information governance bash. And today, just hours after the massive conference closed, the E-Discovery … Continue Reading

Careful! Your Company May Be a Defacto Data Broker: Are Privacy Regulators Going for Broke(rs) as part of the 2014 Legislative and Privacy Enforcement Agenda?

Concerns about privacy practices in the data broker industry, and the privacy implications about the lack of transparency “behind-the-scenes,” will remain a topic of intense regulatory and legislative focus in 2014.   The Federal Trade Commission has defined “data brokers” as companies that collect personal information about consumers from a variety of public and non-public sources … Continue Reading

Something Wicked This Way Comes – Dark and Dusty Data and the Risk Your Organization Already Owns

This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Authored by: James Sherer During the final panel of Thomson Reuters’ 17th Annual eDiscovery & Information Governance in Practice Forum, Thomas Barnett, Ignatius Grande, and Sandra Rampersaud led a lively discussion on Managing Big Data, Dark Data, and Risk.  And while the exchange … Continue Reading

California’s New “Eraser Button” Law Allows Regretful Teens to Remove Embarrassing Internet Postings

Authored by: Charles K. Shih California became the first state to sign into law a bill that requires websites and apps to provide an “eraser button” to its users under the age of 18.  The law, S.B. 568 signed by California Governor Jerry Brown, has two main elements.  First, it requires Internet companies to provide … Continue Reading

Guest Blog: Vermont Privacy Breach Regulations

Editor’s Notes:Guest blog Interview by Mark Greisiger, President NetDiligence®This blog post has been republished with permission from Junto – NetDiligence Blog A Q&A with Ryan KrigerAmong state Attorneys General, Vermont has gained a reputation for being particularly aggressive about data breach and privacy regulation. To better understand the state’s Consumer Protection Act requirements and processes … Continue Reading
LexBlog