The FTC extended the deadline for enforcement of the Red Flags Identity Theft Rule. The new enforcement deadline is June 1, 2010. The deadline was extended at “the request of Members of Congress.” www.ftc.gov/opa/2009/10/redflags.shtm
The Federal Trade Commission will begin enforcing its Red Flags Rule this Sunday, November 1. Financial institutions and creditors that hold covered accounts, as defined under the Rule, must have written Red Flags identity theft prevention programs in place by November 1. Earlier today the American Bar Association reported that a federal judge in Washington, D.C., ruled that the FTC exceeded its authority by applying the Red Flags Rule to practicing lawyers. The FTC is expected to appeal today’s ruling.
On Friday, the California Court of Appeal, Fourth Appellate District, certified for publication its October 8 opinion in Pineda v. Williams-Sonoma, the most recent in a string of decisions regarding California’s Song-Beverly Credit Card Act of 1971, California Civil Code § 1747.08. On first glance, Pineda appears uneventful. The Court merely reiterated its December 2008 holding in Party City v. Superior Court, 169 Cal.App.4th 497 (2008), that zip codes are not personal identification information for purposes of the Act, right? Not so fast. In fact, the Pineda court added a couple of new wrinkles that are worth a second look. First, the court reaffirmed its Party City holding even though Pineda specifically alleged that Williams-Sonoma collected the zip code for the purpose of using it and the customer’s name to obtain even MORE personal identification information, the customer’s address, through the use of a “reverse search” database. Second, the court held that a retailer’s use of a legally obtained zip code to acquire, view, print, distribute or use an address that is otherwise publicly available does not amount to an offensive intrusion of a consumer’s privacy under California law.
While there is much debate on the IT side as to whether Cloud computing is revolutionary, evolutionary or “more of the same” with a snazzy marketing label, in the legal context, Cloud computing does have a potential significant impact on legal risk. Part three of our ongoing Cloud legal series explores the relationships in the Cloud, and the potential legal implications and impacts suggested by them.
Remember Candie’s shoes and Op shorts? The FTC announced yesterday that it has settled charges against Iconix Brand Group, an owner, licensor, and marketer of popular kids’ apparel brands such as Candie’s, Op, Mudd, and Bongo, for allegedly violating the Children’s Online Privacy Protection Act (COPPA). Among other things, Iconix will pay a $250,000 civil penalty. The FTC filed its complaint and submitted its consent decree and order for approval yesterday in the Southern District of New York.
This week the federal court in the Hannaford class action asked the highest court in Maine to clarify whether cardholders’ “loss of time and effort” are sufficient injuries to ground a negligence claim following a payment card security breach.
State Data Security Laws Generally Massachusetts Data Security Regulations (effective March 1, 2010)
State Social Security Number Laws
State eavesdropping laws
California’s Online Privacy Protection Act
State Breach Notification Laws
Personal Information Protection and Electronic Documents Act
European Union Data Protection Directive
Federal Trade Commission Enforcement Actions
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001
Telephone Consumer Protection Act
Sarbanes-Oxley Act (SOX)
Red Flags Rule
Lanham Act (Trademarks)
Health Information Portability and Accountability Act Health Information Technology for Economic and Clinical Health Act (HITECH Act)
Federal Trade Commission Act
Federal Information Security Management Act