California and 14 other states plus the District of Columbia have laws that restrict the collection of personal information at the point of sale when payment is by credit card. Unfortunately for retailers, the scope of prohibited conduct under these laws is not always clear. Complicating matters further, these laws were generally enacted in the… Continue Reading
Partner Dave Navetta, is quoted in USA Today on January 10, 2014, in an article regarding the possibility of increased criminal penalties for attempted computer hacking and conspiracy to attempt computer hacking.
On December 19, 2013, the California Court of Appeal joined several federal courts in holding that a plaintiff lacked standing to sue under California’s Shine the Light law, Civil Code sections 1798.83 and 1798.84 (the “STL”), when he failed to allege that he made, or attempted to make, a disclosure request under the law. Importantly, the Court… Continue Reading
By Justine Young Gottshall And Damien Wint As we approach six months since the Federal Trade Commission’s (FTC) amendments to the Children’s Online Privacy Protection Act (COPPA) Rule, 16 C.F.R. Part 312 (the “Rule” or, as amended, the “Amended Rule”) became effective, it is essential that any website or online service that is not in… Continue Reading
FDA, responding to pressure to provide direction on wireless medical device security, has released guidance concerning the use of RF wireless technology in medical devices. The Guidance contains FDA’s recommendations to wireless medical device manufacturers for securing these devices and complying with governing FDA regulations. Key takeaway: FDA is now paying close attention to medical… Continue Reading
Late Friday, Governor Jerry Brown of California signed into law the already infamous AB 370 as well as significant amendments to California’s existing breach notification laws via SB 46 and AB 1149. These laws break new ground in the privacy legal landscape – and it will be interesting to see if other states follow suit, as they… Continue Reading
By way of a recent opinion of the New Jersey Supreme Court, New Jersey became the first state establishing a Constitutional right to cell-phone location information – thereby precluding law enforcement’s retrieval of such information without a warrant or exigent circumstances. See State v. Earls, No. A-53-11, slip op., (NJ July 18, 2013) (unanimous opinion)…. Continue Reading
Announced in a public notice published on August 28, 2013, the Privacy and Civil Liberties Oversight Board (“the Board”) will conduct a public hearing on July 9, 2013. According to this notice, “invited experts, academics and advocacy organizations” will discuss “surveillance programs operated pursuant to Section 215 of the USA PATRIOT Act and Section 702… Continue Reading
The Georgia Supreme Court recently reversed a plaintiff’s state law claim for negligence against a bank premised upon an alleged Gramm-Leach-Bliley violation, concluding that the statutory provision used as the basis for the claim does not provide a legal duty under Georgia negligence law. Wells Fargo Bank, N.A. v. Jenkins, No. S12G1110, 2013 WL 2927096… Continue Reading
As reported by the LA Times, “a powerful coalition of technology companies and business lobbies, the California Chamber of Commerce, insurers, bankers and cable television companies as well as direct marketers and data brokers” were able to stop a California bill aimed at giving consumers greater insight as to the use of their personal data…. Continue Reading
As a firm focused on all evolving aspects of privacy law, InfoLawGroup is obviously often called upon to assist its clients with consumer privacy legal issues. This post takes a detour towards privacy theory terrain and is prodded by a recent New York Times article. In Letting Down Our Guard With Web Privacy, published on… Continue Reading
Keller v. National Farmers Union Property & Cas. Co., 2013 WL 27731 (D. Mont. January 2, 2013) A federal court in Montana has held that a plaintiff in an insurance dispute was protected from having to turn over all of her social media content to her litigation opponent. The court’s decision helps define the contours… Continue Reading
New Jersey is ready to have the harshest law aimed at preventing employers from delving into the social media postings of employees. In what is considered lightning speed for New Jersey legislative action, the New Jersey Assembly fast-tracked a bill in May that was approved in June by the Assembly 76-1 and by the Senate… Continue Reading
InfoLawGroup Counsel Andrew L. Hoffman contributed to this post. A recent BusinessTravelNews.com article highlights the importance and the challenges of maintaining the confidentiality of corporate travel information. Inappropriate disclosure of this type of data may significantly harm companies’ interests, including by compromising their ability to negotiate travel discounts, revealing sensitive details about business strategy, and… Continue Reading
The Government Accountability Office (“GAO”) released a study in September, 2012 analyzing the collection, use and disclosure practices of fourteen companies operating in the mobile field regarding location data collected from consumers. In the absence of laws or regulations regarding the collection of location data specifically, the GAO compared the policies of the fourteen companies to… Continue Reading
By Boris Segalis and Nihar Shah In January 2012, two consolidated New York state utilities, New York State Electric & Gas and Rochester Gas and Electric (collectively, “NYSEG”) experienced a data security incident that affected approximately 1.8 million utility customers. According to the notification letter that NYSEG sent to customers, unauthorized access to NYSEG systems containing … Continue Reading
InfoLawGroup Counsel Andrew L. Hoffman contributed to this post. Another Court has held that plaintiff’s cannot recover for a breach of their sensitive data, absent a clear financial injury resulting directly from the breach. On July 12, 2012, the U.S. District Court for the Western District of Kentucky dismissed a data breach lawsuit against various Countrywide Financial… Continue Reading
In the last month both Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to closely monitor state legislatures, particularly end of session happenings. Each modification highlights the growing trend of states requiring notification to the state’s attorney general, under often new compressed timeframes.
Nowadays, a news story on privacy is out of place if it doesn’t mention Do-Not-Track (known as “DNT”) or Big Data. While these hot topics represent key concerns for privacy professionals, advocates and regulators, there is no clear agreement on what they mean or how to address the privacy issues they raise. In this post, we consider recent developments on these topics, including how the Federal Trade Commission has sought to focus on and connect these new issues.
DNT or DNC
DNT is in the midst of a multi-faceted identity crisis, starting with a disagreement over the definition of DNT. Self-regulatory organizations and the advertising industry assert that DNT stands for “Do Not Target,” referring to the use of consumer data for the purposes of targeted advertising. The FTC, buoyed by privacy advocates, appears to take the view that DNT means not only “Do Not Target” but also “Do Not Collect” (DNC). FTC Commissioner Brill elaborated at the 2012 IAPP Summit that she doesn’t view the current DNT efforts as entirely sufficient because the choice DNT offers does not give consumers appropriate protection against what Brill characterized as “limitless, unmitigated” data collection. But Brill does not argue for wholesale implementation of DNC, and has indicated that the details of the implementation of DNT/DNC will continue to remain a key focus for the FTC.
The conditions for transborder data flows may become more uniform in the EU under the proposed Data Protection Regulation, but restrictions on foreign data transfers are now appearing in new data privacy laws and regulations in several regions of the world, posing global compliance challenges.