Header graphic for print
InfoLawGroup privacy. security. technology. media. advertising. intellectual property.

Category Archives: Data Privacy Law or Regulation

Subscribe to Data Privacy Law or Regulation RSS Feed

Know your Privacy Policy and Practices: An Important Reminder Illustrated by Recent FTC Actions

Brian Schaller Posted in Apps, Data Privacy Law or Regulation, FTC, Mobile Apps, Privacy, Privacy Law

The Federal Trade Commission’s (“FTC”) announcement last week of settlements with 13 separate companies for charges of falsely advertising certification with the U.S.-EU and/or U.S.-Swiss Safe Harbor Frameworks (“Safe Harbors”) – some of which never existed but several of which had simply lapsed – serves as a reminder that businesses should periodically and often review… Continue Reading

RadioShack Bankruptcy Case Highlights Value of Consumer Data

Brian Schaller Posted in Data Privacy Law or Regulation, FTC, PII, Privacy, Privacy Law, Recent News

On Thursday, a bankruptcy judge granted final approval of the sale of RadioShack Corporation (“RadioShack”) assets to General Wireless Operations Inc. (“General Wireless”), which included customers’ personal information. In the order, the Delaware bankruptcy judge stated “ . . . no showing was made that the sale of personally identifiable information (the “PII”)(as defined in… Continue Reading

Courts Continue to Wrestle with Application of VPPA

Posted in Data Privacy Law or Regulation

Recent weeks have seen two notable federal court decisions involving the Video Privacy Protection Act (“VPPA”) since last week: In re Hulu Privacy Litigation, 3:11-CV-03764 (N.D. Cal. March 31, 2015) (“Hulu Privacy Litigation”) and Austin-Spearman v. AMC Network Entertainment LLC, 1:14-CV-06840 (S.D.N.Y. April 7, 2015) (“Austin-Spearman”). While the Hulu Privacy Litigation decision may establish an… Continue Reading

ALERT: Google’s Plan to Open Its Services to Children Could Spur Changes to COPPA Enforcement

Posted in Behavioral Advertising, Children's Privacy, Data Privacy Law or Regulation, InfoLawGroup, Marketing, PII, Privacy Law

Recent reports indicate that Google is developing a program that would allow children under the age of 13 to obtain accounts on Google services such as Gmail and YouTube.  The Wall Street Journal  recently reported that “Google is trying to establish a new system that lets parents set up accounts for their kids, control how… Continue Reading

Say What You Do and Do What You Say: Guidance for Privacy Policies, and for Life

Posted in California, Data Privacy Law or Regulation, FTC, Massachusetts 210 CMR 17.00, PII, Privacy Law

Last Wednesday, California Attorney General Kamala Harris issued much anticipated guidance on public-facing privacy statements – “Making Your Privacy Practices Public” (the “Guidance”). The result of months of discussions with stakeholders, the recommendations are largely common sense.  They are “intended to encourage companies to craft privacy policy statements that address significant data collection and use… Continue Reading

Point of Sale Data Collection Litigation – An Overview and Future Directions

Posted in California, Data Privacy Law or Regulation, Lawsuit, PII, Plastic Card Protection Laws, Privacy and Security Litigation, Privacy Law

California and 14 other states plus the District of Columbia have laws that restrict the collection of personal information at the point of sale when payment is by credit card. Unfortunately for retailers, the scope of prohibited conduct under these laws is not always clear. Complicating matters further, these laws were generally enacted in the… Continue Reading

Let the Sunshine In: Failure to Post Contact Information on Website Does Not Violate California’s Shine the Light Law

Posted in California, Data Privacy Law or Regulation, Privacy Law

On December 19, 2013, the California Court of Appeal joined several federal courts in holding that a plaintiff lacked standing to sue under California’s Shine the Light law, Civil Code sections 1798.83 and 1798.84 (the “STL”), when he failed to allege that he made, or attempted to make, a disclosure request under the law.  Importantly, the Court… Continue Reading


Posted in Children's Privacy, Data Privacy Law or Regulation, FTC, Marketing, PII, Regulations

By Justine Young Gottshall And Damien Wint As we approach six months since the Federal Trade Commission’s (FTC) amendments to the Children’s Online Privacy Protection Act (COPPA) Rule, 16 C.F.R. Part 312 (the “Rule” or, as amended, the “Amended Rule”) became effective, it is essential that any website or online service that is not in… Continue Reading

The Internet of Things: FDA Releases Guidance on Securing Wireless Medical Devices — What Medical Device Manufacturers Should Know

Posted in Cybersecurity, Data Privacy Law or Regulation, Enforcement, Health Care, Information Security, Wireless

FDA, responding to pressure to provide direction on wireless medical device security, has released guidance concerning the use of RF wireless technology in medical devices.  The Guidance contains FDA’s recommendations to wireless medical device manufacturers for securing these devices and complying with governing FDA regulations. Key takeaway:  FDA is now paying close attention to medical… Continue Reading

Governor Brown Ushers in a New Privacy Era in California and Beyond

Posted in Breach Notice, Breach Notification, California, Data Privacy Law or Regulation, PII, Privacy Law

Late Friday, Governor Jerry Brown of California signed into law the already infamous AB 370 as well as significant amendments to California’s existing breach notification laws via SB 46 and AB 1149.  These laws break new ground in the privacy legal landscape – and it will be interesting to see if other states follow suit, as they… Continue Reading

Is New Jersey Seeking to Become the New California When it comes to Privacy?

Posted in Data Privacy Law or Regulation, Location Data, New Jersey, Privacy Law

By way of a recent opinion of the New Jersey Supreme Court, New Jersey became the first state establishing a Constitutional right to cell-phone location information – thereby precluding law enforcement’s retrieval of such information without a warrant or exigent circumstances.   See State v. Earls, No. A-53-11, slip op., (NJ July 18, 2013) (unanimous opinion)…. Continue Reading

Privacy and Civil Liberties Oversight Board will conduct a public hearing on July 9, 2013

Posted in Data Privacy Law or Regulation, Privacy Law, Washington

Announced in a public notice published on August 28, 2013, the Privacy and Civil Liberties Oversight Board (“the Board”) will conduct a public hearing on July 9, 2013.  According to this notice, “invited experts, academics and advocacy organizations” will discuss “surveillance programs operated pursuant to Section 215 of the USA PATRIOT Act and Section 702… Continue Reading

Georgia Supreme Court Holds That Gramm-Leach-Bliley Statutory Policy Statement Does Not Create Legal Duty Under State Negligence Law

Posted in Data Privacy Law or Regulation, Financial Services, Privacy and Security Litigation, Privacy Law, Uncategorized

The Georgia Supreme Court recently reversed a plaintiff’s state law claim for negligence against a bank premised upon an alleged Gramm-Leach-Bliley violation, concluding that the statutory provision used as the basis for the claim does not provide a legal duty under Georgia negligence law. Wells Fargo Bank, N.A. v. Jenkins, No. S12G1110, 2013 WL 2927096… Continue Reading

California’s Right to Know Law Put on Hold

Posted in Advertising Law, California, Data Privacy Law or Regulation

As reported by the LA Times, “a powerful coalition of technology companies and business lobbies, the California Chamber of Commerce, insurers, bankers and cable television companies as well as direct marketers and data brokers” were able to stop a California bill aimed at giving consumers greater insight as to the use of their personal data…. Continue Reading

Financial Correlation of Privacy Rights

Posted in Behavioral Advertising, Data Privacy Law or Regulation, Privacy Law

As a firm focused on all evolving aspects of privacy law, InfoLawGroup is obviously often called upon to assist its clients with consumer privacy legal issues.  This post takes a detour towards privacy theory terrain and is prodded by a recent New York Times article.  In Letting Down Our Guard With Web Privacy, published on… Continue Reading

Defendant Not Entitled to “Delve Carte Blanche” Into Plaintiff’s Social Media Accounts

Posted in Data Privacy Law or Regulation, Social Networking

Keller v. National Farmers Union Property & Cas. Co., 2013 WL 27731 (D. Mont. January 2, 2013) A federal court in Montana has held that a plaintiff in an insurance dispute was protected from having to turn over all of her social media content to her litigation opponent. The court’s decision helps define the contours… Continue Reading

New Jersey Fast Tracks Employer Social Media Bill

Posted in Data Privacy Law or Regulation, New Jersey, Social Networking, Workplace Privacy

New Jersey is ready to have the harshest law aimed at preventing employers from delving into the social media postings of employees.  In what is considered lightning speed for New Jersey legislative action, the New Jersey Assembly fast-tracked a bill in May that was approved in June by the Assembly 76-1 and by the Senate… Continue Reading

California Attorney General Sues Delta Air Lines for Failing to Have a Mobile App Privacy Policy

Posted in California, Data Privacy Law or Regulation, Enforcement, Privacy Law

Keeping good on her threat from October, the California Attorney General has brought her first lawsuit over a company’s failure to include a privacy policy in its mobile app.  The suit, against Delta Air Lines, alleges a violation of the California Online Privacy Protection Act (“CalOPPA”), which requires operators of online services to make a… Continue Reading

Trick or Treat: California’s AG Notifies Nearly 100 Apps of Need for Privacy Policy

Posted in California, Data Privacy Law or Regulation, Privacy Law

A few weeks ago, many of us took note when California’s Attorney General Kamala Harris used Twitter to note that United Airlines’ new mobile app did not include a privacy policy:  “Fabulous app, @United Airlines, but where is your app’s #privacy policy?” It may have been “just a tweet” at the time, but Harris clearly means… Continue Reading

Companies Must Consider Their Travel Providers’ Data Practices, or Risk Being Harmed

Posted in Data Privacy Law or Regulation

InfoLawGroup Counsel Andrew L. Hoffman contributed to this post. A recent article highlights the importance and the challenges of maintaining the confidentiality of corporate travel information.  Inappropriate disclosure of this type of data may significantly harm companies’ interests, including by compromising their ability to negotiate travel discounts, revealing sensitive details about business strategy, and… Continue Reading

GAO Study Gives Low Marks to Companies Regarding Transparency to Consumers of Use of Location Data

Posted in Data Privacy Law or Regulation, FTC, GAO, Location Data, Privacy Law

The Government Accountability Office (“GAO”) released a study in September, 2012 analyzing the collection, use and disclosure practices of fourteen companies operating in the mobile field regarding location data collected from consumers.  In the absence of laws or regulations regarding the collection of location data specifically, the GAO compared the policies of the fourteen companies to… Continue Reading

Data Breach at New York Utility Prompts Enforcement Action and Industry-Wide Data Security Review

Posted in Data Privacy Law or Regulation

By Boris Segalis and Nihar Shah In January 2012, two consolidated New York state utilities, New York State Electric & Gas and Rochester Gas and Electric (collectively, “NYSEG”) experienced a data security incident that affected approximately 1.8 million utility customers. According to the notification letter that NYSEG sent to customers, unauthorized access to NYSEG systems containing … Continue Reading

Court Dismisses Countrywide Data Theft Suit

Posted in Data Privacy Law or Regulation

InfoLawGroup Counsel Andrew L. Hoffman contributed to this post. Another Court has held that plaintiff’s cannot recover for a breach of their sensitive data, absent a clear financial injury resulting directly from the breach.  On July 12, 2012, the U.S. District Court for the Western District of Kentucky dismissed a data breach lawsuit against various Countrywide Financial… Continue Reading