This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Authored by: James Sherer During the final panel of Thomson Reuters’ 17th Annual eDiscovery & Information Governance in Practice Forum, Thomas Barnett, Ignatius Grande, and Sandra Rampersaud led a lively discussion on Managing Big Data, Dark Data, and Risk. And while the exchange … Continue Reading
Native advertising has by all accounts been the darling of the digital marketing world in 2013. Although it comes in all shapes and sizes, the general consensus defines “native advertising” as the practice of designing ads to look like the natural editorial content of the website on which they appear. Native’s proponents hail it as … Continue Reading
What are the roles of the various chief stakeholders when it comes to managing big data, security and privacy concerns, and how can they work across silos to achieve enteprise-wide goals? We begin the discussion of these important issues here. (LinkedIn sign-in required)… Continue Reading
Authored by: Charles K. Shih California became the first state to sign into law a bill that requires websites and apps to provide an “eraser button” to its users under the age of 18. The law, S.B. 568 signed by California Governor Jerry Brown, has two main elements. First, it requires Internet companies to provide … Continue Reading
Editor’s Notes:Guest blog Interview by Mark Greisiger, President NetDiligence®This blog post has been republished with permission from Junto – NetDiligence Blog A Q&A with Ryan KrigerAmong state Attorneys General, Vermont has gained a reputation for being particularly aggressive about data breach and privacy regulation. To better understand the state’s Consumer Protection Act requirements and processes … Continue Reading
Editor’s note: This is a cross-blog post with BakerHostetler’s Class Action Lawsuit Defense blog. For the latest class action defense updates, visit www.ClassActionLawsuitDefense.com. Sighs of relief by class actions defendants following the denial of class certification in Hannaford may give way to renewed uncertainty now that a massive class, estimated by the plaintiffs’ lawyer to be more than a … Continue Reading
Co-authored by: Elizabeth Stamoulis On February 20th, after a period for public comment, the FTC approved a final order settling charges against Compete, Inc., a market research company that collects online data for the purpose of developing and selling reports about consumer behavior on the Internet. The action demonstrates the FTC’s continuing concern about online … Continue Reading
Authorship Credit: Justin T. Winquist Editor’s Note: This post is a joint submission to BakerHostetler’s Class Action Lawsuit Defense blog. Class actions under the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, continue to be an active trend in consumer and privacy class action litigation. The TCPA, which was historically called the “fax blast” statute, … Continue Reading
Editor’s Note: This post is a joint submission to BakerHostetler’s Discovery Advocate blog. Communications between spouses are typically accorded a “marital communications privilege” because they are “regarded as so essential to the preservation of the marriage relationship as to outweigh the disadvantages to the administration of justice which the privilege entails.” But marital communications to … Continue Reading
Co-authored by: Cory Fox Recently, the Federation of State Medical Boards (“the Federation”) released its Model Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Guidelines”). The Guidelines are intended to address how physicians can utilize social media to facilitate patient care while still maintaining the privacy and confidentiality … Continue Reading
Last week the European Commission's panel on privacy, commonly known as the Article 29 Working Party, provided long-awaited clarity (in the form of an "Opinion") on whether and how European governments and private enterprise can utilize cloud computing technology in their operations, including processing personal information and other protected data.
Cloud computing is a broad term that varies in context and has been subject to hype, but generally refers to technologies and service models allowing the sharing of on-demand scalable computer resources over the internet, including software programs, computer storage space and elastic computing power. Implementing IaaS systems has allowed companies and governments to significantly reduce capital expenditures by eliminating the need for purchase and maintenance of computer infrastructure equipment. Cloud services also allow for rapid remote deployment of software and network solutions. Additionally, cloud services enable organizations to decrease reliance on developing sophisticated in-house staff since major cloud providers have trained experts monitoring the computing environment.
But, because cloud computing leverages the internet and computing resources in geographically disparate locations, the technologies present serious privacy and data security risks. In addressing this fundamental concern the Opinion indicates that the principal risks are a potential lack of control over data and limited transparency into its processing. A cloud provider's infrastructure can seem opaque and lacking information ensuring the "availability, integrity, confidentiality, transparency, isolation, intervenability and portability of the data". Additionally, due to the collaborative nature of cloud computing, customers may not be aware of subcontractors in the supply chain handling their data. With due respect to the data security risk, many observers consider this to be the great triumph of cloud compuing - that is that is simply "works" without its users having to worry about the back-end.… Continue Reading
With the law of privacy in social media communications evolving, the one constant take-away from court cases looking at social media use and monitoring in the workplace is a reliance on fact-dependent judicial decision making. Even through there is not yet a clear legal standard upon which to judge an employer’s actions, or even a … Continue Reading
Fifteen months after releasing its preliminary report, the Federal Trade Commission released its final Report, “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Business and Policymakers.” The much anticipated final report went further than the preliminary report by now calling for Congress to enact general privacy, data security and breach … Continue Reading
The Obama Administration today unveiled a report entitled Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy. A central component of the report, which is directed at improving online privacy protections, is a “Consumer Privacy Bill of Rights.” The Consumer Privacy Bill of Rights … Continue Reading
Reports of the demise of Internet innovation in the UK, as a result of the UK’s implementation last May of the new European Directive governing the use of “cookies” , were greatly exaggerated. That said, the impact of the Cookies Directive was delayed when the UK Information Privacy Office (“IPO”) announced that it would abstain … Continue Reading
While plaintiffs continue to face an uphill battle proving damages in privacy litigation – regulatory actions and investigations seem to be increasing. During 2011, we saw activity from many government agencies—both state and federal—including the Federal Trade Commission (FTC), Department of Education (DOE), Department of Health and Human Services (HHS) Office for Civil Rights (OCR), … Continue Reading
The end of 2010 featured the Department of Commerce citing the need for a Privacy Bill of Rights in its green paper and the FTC's preliminary online privacy report discussing the need for a Do Not Track mechanism. The momentum generated by these reports led to the introduction of multiple versions of Do Not Track and comprehensive privacy rights bills in early 2011. By mid-2011, at least five different data security and breach notification proposals were circulating in the wake of high profile data breaches. Reports about location based tracking led to the introduction of geolocation privacy and surveillance bills. Proposed amendments to the Children's Online Privacy Protection Act, Electronic Communications Privacy Act, and Video Privacy Protection Act were also made. And by the end of 2011, several cybersecurity bills designed to protect critical infrastructure had been introduced. Even though Congress held hearings on privacy issues, subcommittees approved several bills, and there was support from the Obama administration for comprehensive privacy legislation, as many expected, however, none of these bills were enacted when the first session of the 112th Congress adjourned December 18.
The safe prediction for 2012 is more of the same--a lot of proposals but no consensus. It is certainly possible that another high profile data breach or cyberattack against a utility or government contractor could create enough urgency to force a consensus. However, numerous high profile breaches (Epsilon, Sony, Citi, RSA, Lockheed Martin and several health care providers), hactivist attacks against government security contractors (IRC Federal and HBGary), and reports about how the "weaponized" Stuxnet virus caused centrifuges in an Iranian nuclear facility to spin wildly out of control were not enough in 2011. We certainly expect to see data breach notification, comprehensive privacy, and cybersecurity bills addressed again in 2012. We may also see narrower bills aimed at online and location based tracking as well as Children's privacy. Emerging technology, including mobile payments and facial recognition, may also garner legislative attention.
Below is a round-up of the 2011 privacy and data security legislative proposals, including links to more detailed analysis from our blog posts during the year.… Continue Reading
The FTC held its first ever workshop to explore the privacy and security implications of facial recognition technology on December 8. Facial detection (identifying certain traits from a person’s face, such as age and gender) and facial recognition (identifying a specific person) technology is no longer futuristic technology found only in movies like the Minority … Continue Reading
Facebook and the FTC announced an agreement on November 29, 2011, ending the FTC’s 18-month investigation into Facebook’s user privacy practices. By adding Facebook to the list of major social media entities subject to an FTC consent order—a list that includes Google and Twitter—the FTC has loudly signaled its leading role in regulating the online … Continue Reading
As the FTC is evaluating its Dot Com Disclosures guidelines and Congress considers Do Not Track legislation, the debate over regulation of online advertising has intensified. On one side, opponents of new legislation explain how online advertising subsidizes many of the free services Internet users enjoy and point to studies showing that Internet advertising contributes … Continue Reading
As we briefly discussed here, on June 23, 2011, the U.S. Supreme Court in Sorrell v. IMS held that a Vermont statute restricting the sale, disclosure and use of pharmacy records containing the prescribing practices of doctors for marketing purposes by pharmaceutical companies violated the First Amendment’s protection of commercial advertising speech. From a commercial advertising … Continue Reading