Clicky

Header graphic for print
InfoLawGroup privacy. security. technology. media. advertising. intellectual property.

Category Archives: Data Privacy Law or Regulation

Subscribe to Data Privacy Law or Regulation RSS Feed

Say What You Do and Do What You Say: Guidance for Privacy Policies, and for Life

Posted in California, Data Privacy Law or Regulation, FTC, Massachusetts 210 CMR 17.00, PII, Privacy Law

Last Wednesday, California Attorney General Kamala Harris issued much anticipated guidance on public-facing privacy statements – “Making Your Privacy Practices Public” (the “Guidance”). The result of months of discussions with stakeholders, the recommendations are largely common sense.  They are “intended to encourage companies to craft privacy policy statements that address significant data collection and use… Continue Reading

Point of Sale Data Collection Litigation – An Overview and Future Directions

Posted in California, Data Privacy Law or Regulation, Lawsuit, PII, Plastic Card Protection Laws, Privacy and Security Litigation, Privacy Law

California and 14 other states plus the District of Columbia have laws that restrict the collection of personal information at the point of sale when payment is by credit card. Unfortunately for retailers, the scope of prohibited conduct under these laws is not always clear. Complicating matters further, these laws were generally enacted in the… Continue Reading

Let the Sunshine In: Failure to Post Contact Information on Website Does Not Violate California’s Shine the Light Law

Posted in California, Data Privacy Law or Regulation, Privacy Law

On December 19, 2013, the California Court of Appeal joined several federal courts in holding that a plaintiff lacked standing to sue under California’s Shine the Light law, Civil Code sections 1798.83 and 1798.84 (the “STL”), when he failed to allege that he made, or attempted to make, a disclosure request under the law.  Importantly, the Court… Continue Reading

COPPA AND RECENT AMENDMENTS TO THE COPPA RULE: A COMPREHENSIVE OVERVIEW

Posted in Children's Privacy, Data Privacy Law or Regulation, FTC, Marketing, PII, Regulations

By Justine Young Gottshall And Damien Wint As we approach six months since the Federal Trade Commission’s (FTC) amendments to the Children’s Online Privacy Protection Act (COPPA) Rule, 16 C.F.R. Part 312 (the “Rule” or, as amended, the “Amended Rule”) became effective, it is essential that any website or online service that is not in… Continue Reading

The Internet of Things: FDA Releases Guidance on Securing Wireless Medical Devices — What Medical Device Manufacturers Should Know

Posted in Cybersecurity, Data Privacy Law or Regulation, Enforcement, Health Care, Information Security, Wireless

FDA, responding to pressure to provide direction on wireless medical device security, has released guidance concerning the use of RF wireless technology in medical devices.  The Guidance contains FDA’s recommendations to wireless medical device manufacturers for securing these devices and complying with governing FDA regulations. Key takeaway:  FDA is now paying close attention to medical… Continue Reading

Governor Brown Ushers in a New Privacy Era in California and Beyond

Posted in Breach Notice, Breach Notification, California, Data Privacy Law or Regulation, PII, Privacy Law

Late Friday, Governor Jerry Brown of California signed into law the already infamous AB 370 as well as significant amendments to California’s existing breach notification laws via SB 46 and AB 1149.  These laws break new ground in the privacy legal landscape – and it will be interesting to see if other states follow suit, as they… Continue Reading

Is New Jersey Seeking to Become the New California When it comes to Privacy?

Posted in Data Privacy Law or Regulation, Location Data, New Jersey, Privacy Law

By way of a recent opinion of the New Jersey Supreme Court, New Jersey became the first state establishing a Constitutional right to cell-phone location information – thereby precluding law enforcement’s retrieval of such information without a warrant or exigent circumstances.   See State v. Earls, No. A-53-11, slip op., (NJ July 18, 2013) (unanimous opinion)…. Continue Reading

Privacy and Civil Liberties Oversight Board will conduct a public hearing on July 9, 2013

Posted in Data Privacy Law or Regulation, Privacy Law, Washington

Announced in a public notice published on August 28, 2013, the Privacy and Civil Liberties Oversight Board (“the Board”) will conduct a public hearing on July 9, 2013.  According to this notice, “invited experts, academics and advocacy organizations” will discuss “surveillance programs operated pursuant to Section 215 of the USA PATRIOT Act and Section 702… Continue Reading

Georgia Supreme Court Holds That Gramm-Leach-Bliley Statutory Policy Statement Does Not Create Legal Duty Under State Negligence Law

Posted in Data Privacy Law or Regulation, Financial Services, Privacy and Security Litigation, Privacy Law, Uncategorized

The Georgia Supreme Court recently reversed a plaintiff’s state law claim for negligence against a bank premised upon an alleged Gramm-Leach-Bliley violation, concluding that the statutory provision used as the basis for the claim does not provide a legal duty under Georgia negligence law. Wells Fargo Bank, N.A. v. Jenkins, No. S12G1110, 2013 WL 2927096… Continue Reading

California’s Right to Know Law Put on Hold

Posted in Advertising Law, California, Data Privacy Law or Regulation

As reported by the LA Times, “a powerful coalition of technology companies and business lobbies, the California Chamber of Commerce, insurers, bankers and cable television companies as well as direct marketers and data brokers” were able to stop a California bill aimed at giving consumers greater insight as to the use of their personal data…. Continue Reading

Financial Correlation of Privacy Rights

Posted in Behavioral Advertising, Data Privacy Law or Regulation, Privacy Law

As a firm focused on all evolving aspects of privacy law, InfoLawGroup is obviously often called upon to assist its clients with consumer privacy legal issues.  This post takes a detour towards privacy theory terrain and is prodded by a recent New York Times article.  In Letting Down Our Guard With Web Privacy, published on… Continue Reading

Defendant Not Entitled to “Delve Carte Blanche” Into Plaintiff’s Social Media Accounts

Posted in Data Privacy Law or Regulation, Social Networking

Keller v. National Farmers Union Property & Cas. Co., 2013 WL 27731 (D. Mont. January 2, 2013) A federal court in Montana has held that a plaintiff in an insurance dispute was protected from having to turn over all of her social media content to her litigation opponent. The court’s decision helps define the contours… Continue Reading

New Jersey Fast Tracks Employer Social Media Bill

Posted in Data Privacy Law or Regulation, New Jersey, Social Networking, Workplace Privacy

New Jersey is ready to have the harshest law aimed at preventing employers from delving into the social media postings of employees.  In what is considered lightning speed for New Jersey legislative action, the New Jersey Assembly fast-tracked a bill in May that was approved in June by the Assembly 76-1 and by the Senate… Continue Reading

California Attorney General Sues Delta Air Lines for Failing to Have a Mobile App Privacy Policy

Posted in California, Data Privacy Law or Regulation, Enforcement, Privacy Law

Keeping good on her threat from October, the California Attorney General has brought her first lawsuit over a company’s failure to include a privacy policy in its mobile app.  The suit, against Delta Air Lines, alleges a violation of the California Online Privacy Protection Act (“CalOPPA”), which requires operators of online services to make a… Continue Reading

Trick or Treat: California’s AG Notifies Nearly 100 Apps of Need for Privacy Policy

Posted in California, Data Privacy Law or Regulation, Privacy Law

A few weeks ago, many of us took note when California’s Attorney General Kamala Harris used Twitter to note that United Airlines’ new mobile app did not include a privacy policy:  “Fabulous app, @United Airlines, but where is your app’s #privacy policy?” It may have been “just a tweet” at the time, but Harris clearly means… Continue Reading

Companies Must Consider Their Travel Providers’ Data Practices, or Risk Being Harmed

Posted in Data Privacy Law or Regulation

InfoLawGroup Counsel Andrew L. Hoffman contributed to this post. A recent BusinessTravelNews.com article highlights the importance and the challenges of maintaining the confidentiality of corporate travel information.  Inappropriate disclosure of this type of data may significantly harm companies’ interests, including by compromising their ability to negotiate travel discounts, revealing sensitive details about business strategy, and… Continue Reading

GAO Study Gives Low Marks to Companies Regarding Transparency to Consumers of Use of Location Data

Posted in Data Privacy Law or Regulation, FTC, GAO, Location Data, Privacy Law

The Government Accountability Office (“GAO”) released a study in September, 2012 analyzing the collection, use and disclosure practices of fourteen companies operating in the mobile field regarding location data collected from consumers.  In the absence of laws or regulations regarding the collection of location data specifically, the GAO compared the policies of the fourteen companies to… Continue Reading

Data Breach at New York Utility Prompts Enforcement Action and Industry-Wide Data Security Review

Posted in Data Privacy Law or Regulation

By Boris Segalis and Nihar Shah In January 2012, two consolidated New York state utilities, New York State Electric & Gas and Rochester Gas and Electric (collectively, “NYSEG”) experienced a data security incident that affected approximately 1.8 million utility customers. According to the notification letter that NYSEG sent to customers, unauthorized access to NYSEG systems containing … Continue Reading

Court Dismisses Countrywide Data Theft Suit

Posted in Data Privacy Law or Regulation

InfoLawGroup Counsel Andrew L. Hoffman contributed to this post. Another Court has held that plaintiff’s cannot recover for a breach of their sensitive data, absent a clear financial injury resulting directly from the breach.  On July 12, 2012, the U.S. District Court for the Western District of Kentucky dismissed a data breach lawsuit against various Countrywide Financial… Continue Reading

Two Northeast States Update Breach Notification Statutes – CT & VT

Posted in Data Privacy Law or Regulation

In the last month both Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to closely monitor state legislatures, particularly end of session happenings. Each modification highlights the growing trend of states requiring notification to the state’s attorney general, under often new compressed timeframes.

FTC Looks to Link Do-Not-Track, Big Data Privacy Concerns; Seeks Solutions

Posted in Data Privacy Law or Regulation

Nowadays, a news story on privacy is out of place if it doesn’t mention Do-Not-Track (known as “DNT”) or Big Data. While these hot topics represent key concerns for privacy professionals, advocates and regulators, there is no clear agreement on what they mean or how to address the privacy issues they raise. In this post, we consider recent developments on these topics, including how the Federal Trade Commission has sought to focus on and connect these new issues.
DNT or DNC
DNT is in the midst of a multi-faceted identity crisis, starting with a disagreement over the definition of DNT. Self-regulatory organizations and the advertising industry assert that DNT stands for “Do Not Target,” referring to the use of consumer data for the purposes of targeted advertising. The FTC, buoyed by privacy advocates, appears to take the view that DNT means not only “Do Not Target” but also “Do Not Collect” (DNC). FTC Commissioner Brill elaborated at the 2012 IAPP Summit that she doesn’t view the current DNT efforts as entirely sufficient because the choice DNT offers does not give consumers appropriate protection against what Brill characterized as “limitless, unmitigated” data collection. But Brill does not argue for wholesale implementation of DNC, and has indicated that the details of the implementation of DNT/DNC will continue to remain a key focus for the FTC.

European Criticism for Google’s New Privacy Policy

Posted in Data Privacy Law or Regulation, EU, International, Privacy Law, Social Networking

Google’s new privacy policy (and its plans to create user profiles across multiple online services) has drawn fire from European data protection authorities. Online and mobile retailers and service providers should take account of a renewed emphasis on transparency and proportionality in collecting data about users.