Tag Archives: privacy

Something Wicked This Way Comes – Dark and Dusty Data and the Risk Your Organization Already Owns

This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Authored by: James Sherer During the final panel of Thomson Reuters’ 17th Annual eDiscovery & Information Governance in Practice Forum, Thomas Barnett, Ignatius Grande, and Sandra Rampersaud led a lively discussion on Managing Big Data, Dark Data, and Risk.  And while the exchange … Continue Reading

California’s New “Eraser Button” Law Allows Regretful Teens to Remove Embarrassing Internet Postings

Authored by: Charles K. Shih California became the first state to sign into law a bill that requires websites and apps to provide an “eraser button” to its users under the age of 18.  The law, S.B. 568 signed by California Governor Jerry Brown, has two main elements.  First, it requires Internet companies to provide … Continue Reading

Guest Blog: Vermont Privacy Breach Regulations

Editor’s Notes:Guest blog Interview by Mark Greisiger, President NetDiligence®This blog post has been republished with permission from Junto – NetDiligence Blog A Q&A with Ryan KrigerAmong state Attorneys General, Vermont has gained a reputation for being particularly aggressive about data breach and privacy regulation. To better understand the state’s Consumer Protection Act requirements and processes … Continue Reading

Hannaford vs. comScore – Up and Down Results for Privacy Class Action Defendants

Editor’s note: This is a cross-blog post with BakerHostetler’s Class Action Lawsuit Defense blog.  For the latest class action defense updates, visit www.ClassActionLawsuitDefense.com. Sighs of relief by class actions defendants following the denial of class certification in Hannaford may give way to renewed uncertainty now that a massive class, estimated by the plaintiffs’ lawyer to be more than a … Continue Reading

FTC Settlement Restricts Use of Web Tracking Technology

Co-authored by: Elizabeth Stamoulis On February 20th, after a period for public comment, the FTC approved a final order settling charges against Compete, Inc., a market research company that collects online data for the purpose of developing and selling reports about consumer behavior on the Internet. The action demonstrates the FTC’s continuing concern about online … Continue Reading

Recent Trends in Class Actions for Telephone and Fax Solicitation and Advertising

Authorship Credit: Justin T. Winquist Editor’s Note: This post is a joint submission to BakerHostetler’s Class Action Lawsuit Defense blog. Class actions under the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, continue to be an active trend in consumer and privacy class action litigation. The TCPA, which was historically called the “fax blast” statute, … Continue Reading

Marital Communications are “Essential to the Preservation of Marriage” – Unless Made from a Workplace Computer

Editor’s Note: This post is a joint submission to BakerHostetler’s Discovery Advocate blog. Communications between spouses are typically accorded a “marital communications privilege” because they are “regarded as so essential to the preservation of the marriage relationship as to outweigh the disadvantages to the administration of justice which the privilege entails.”  But marital communications to … Continue Reading

OMG! Does Your Doctor’s Facebook Status Violate HIPAA?

Co-authored by: Cory Fox Recently, the Federation of State Medical Boards (“the Federation”) released its Model Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Guidelines”). The Guidelines are intended to address how physicians can utilize social media to facilitate patient care while still maintaining the privacy and confidentiality … Continue Reading

Lessons For Privacy Advocates and Website Operators From Amazon Cookie Litigation

A Washington federal district court has dismissed with prejudice class action claims against Amazon alleging that the company’s use of cookies to track consumers’ personal data violated the Consumer Fraud and Abuse Act (CFAA), and has requested further briefing on a claimed violation of the Washington Consumer Protection Act (WCPA). (Del Vecchio v. Amazon). This … Continue Reading

CAUTIOUSLY, EUROPE EMBRACES GOVERNMENT & ENTERPRISE CLOUD COMPUTING

Last week the European Commission's panel on privacy, commonly known as the Article 29 Working Party, provided long-awaited clarity (in the form of an "Opinion") on whether and how European governments and private enterprise can utilize cloud computing technology in their operations, including processing personal information and other protected data. Cloud computing is a broad term that varies in context and has been subject to hype, but generally refers to technologies and service models allowing the sharing of on-demand scalable computer resources over the internet, including software programs, computer storage space and elastic computing power. Implementing IaaS systems has allowed companies and governments to significantly reduce capital expenditures by eliminating the need for purchase and maintenance of computer infrastructure equipment. Cloud services also allow for rapid remote deployment of software and network solutions. Additionally, cloud services enable organizations to decrease reliance on developing sophisticated in-house staff since major cloud providers have trained experts monitoring the computing environment. But, because cloud computing leverages the internet and computing resources in geographically disparate locations, the technologies present serious privacy and data security risks. In addressing this fundamental concern the Opinion indicates that the principal risks are a potential lack of control over data and limited transparency into its processing. A cloud provider's infrastructure can seem opaque and lacking information ensuring the "availability, integrity, confidentiality, transparency, isolation, intervenability and portability of the data". Additionally, due to the collaborative nature of cloud computing, customers may not be aware of subcontractors in the supply chain handling their data. With due respect to the data security risk, many observers consider this to be the great triumph of cloud compuing - that is that is simply "works" without its users having to worry about the back-end.… Continue Reading

Facebook Implements California Consumer Privacy Protections In Rolling Out Its New App Center

In this context, Facebook will require all software applications ("Apps") offered through the App Center to provide a clear link to its privacy policy. Third party App distributors will be able to utilize the Facebook App Center and its development tools to provide, and make discoverable, their mobile offerings. Given Facebook's increasingly large user base and existing third party App infrastructure, the App Center is likely to have an impact of significance on the global mobile application marketplace.… Continue Reading

FTC Issues Final Report with Guidance on Companies’ Online Privacy Practices

Fifteen months after releasing its preliminary report, the Federal Trade Commission released its final Report, “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers.”  The much anticipated final report went further than the preliminary report by now calling for Congress to enact general privacy, data security and breach … Continue Reading

White House Releases Consumer Online “Privacy Bill of Rights”

The Obama Administration today unveiled a report entitled Consumer Data Privacy in a Networked World:  A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.  A central component of the report, which is directed at improving online privacy protections, is a “Consumer Privacy Bill of Rights.”  The Consumer Privacy Bill of Rights … Continue Reading

Strategies for Compliance with EU “Cookies” Directive

Reports of the demise of Internet innovation in the UK, as a result of the UK’s implementation last May of the new European Directive governing the use of “cookies” , were greatly exaggerated. That said, the impact of the Cookies Directive was delayed when the UK Information Privacy Office (“IPO”) announced that it would abstain … Continue Reading

Privacy and Data Breach Regulatory Activity–A Year in Review

While plaintiffs continue to face an uphill battle proving damages in privacy litigation – regulatory actions and investigations seem to be increasing.  During 2011, we saw activity from many government agencies—both state and federal—including the Federal Trade Commission (FTC), Department of Education (DOE), Department of Health and Human Services (HHS) Office for Civil Rights (OCR), … Continue Reading

Online Privacy and Data Security Legislation Update — 2011 Year in Review

The end of 2010 featured the Department of Commerce citing the need for a Privacy Bill of Rights in its green paper and the FTC's preliminary online privacy report discussing the need for a Do Not Track mechanism. The momentum generated by these reports led to the introduction of multiple versions of Do Not Track and comprehensive privacy rights bills in early 2011. By mid-2011, at least five different data security and breach notification proposals were circulating in the wake of high profile data breaches. Reports about location based tracking led to the introduction of geolocation privacy and surveillance bills. Proposed amendments to the Children's Online Privacy Protection Act, Electronic Communications Privacy Act, and Video Privacy Protection Act were also made. And by the end of 2011, several cybersecurity bills designed to protect critical infrastructure had been introduced. Even though Congress held hearings on privacy issues, subcommittees approved several bills, and there was support from the Obama administration for comprehensive privacy legislation, as many expected, however, none of these bills were enacted when the first session of the 112th Congress adjourned December 18. The safe prediction for 2012 is more of the same--a lot of proposals but no consensus. It is certainly possible that another high profile data breach or cyberattack against a utility or government contractor could create enough urgency to force a consensus. However, numerous high profile breaches (Epsilon, Sony, Citi, RSA, Lockheed Martin and several health care providers), hactivist attacks against government security contractors (IRC Federal and HBGary), and reports about how the "weaponized" Stuxnet virus caused centrifuges in an Iranian nuclear facility to spin wildly out of control were not enough in 2011. We certainly expect to see data breach notification, comprehensive privacy, and cybersecurity bills addressed again in 2012. We may also see narrower bills aimed at online and location based tracking as well as Children's privacy. Emerging technology, including mobile payments and facial recognition, may also garner legislative attention. Below is a round-up of the 2011 privacy and data security legislative proposals, including links to more detailed analysis from our blog posts during the year.… Continue Reading

Will Industry Self-Regulation Emerge for Facial Recognition?

The FTC held its first ever workshop to explore the privacy and security implications of facial recognition technology on December 8.  Facial detection (identifying certain traits from a person’s face, such as age and gender) and facial recognition (identifying a specific person) technology is no longer futuristic technology found only in movies like the Minority … Continue Reading

Facebook and FTC Settlement Agreement – Online Privacy Practice Implications

Facebook and the FTC announced an agreement on November 29, 2011, ending the FTC’s 18-month investigation into Facebook’s user privacy practices.  By adding Facebook to the list of major social media entities subject to an FTC consent order—a list that includes Google and Twitter—the FTC has loudly signaled its leading role in regulating the online … Continue Reading

MMA Releases Mobile Application Privacy Policy

On October 17, in furtherance of their continued support for self-regulation of online behavioral advertising, the Mobile Marketing Association released the MMA Mobile Application Privacy Policy for public comment.  The policy is intended to spark self-regulation of privacy and data processing of mobile applications.  The policy was created with the input of a committee of market … Continue Reading

Focus on Behavioral Advertising

As the FTC is evaluating its Dot Com Disclosures guidelines and Congress considers Do Not Track legislation, the debate over regulation of online advertising has intensified.  On one side, opponents of new legislation explain how online advertising subsidizes many of the free services Internet users enjoy and point to studies showing that Internet advertising contributes … Continue Reading

Restrictions on Commercial Advertising Speech in Vermont Data Mining Law Violate First Amendment

As we briefly discussed here, on June 23, 2011, the U.S. Supreme Court in Sorrell v. IMS held that a Vermont statute restricting the sale, disclosure and use of pharmacy records containing the prescribing practices of doctors for marketing purposes by pharmaceutical companies violated the First Amendment’s protection of commercial advertising speech.  From a commercial advertising … Continue Reading
LexBlog