Posts in PII

California, class action, credit cards, loyalty program, personal identification information, personal information, rewards program, Song-Beverly

Class Certification Ruling Suggests that a Plaintiff's Membership in a Retailer's Pre-Existing Rewards Program May Not Excuse a Retailer's Request for Personal Information at the Register

By InfoLawGroup LLP on May 17, 2012

The U.S. District Court for the Southern District of California recently granted class certification in a Song-Beverly Credit Card Act case, refusing to exclude from the class individuals who joined the retailer's rewards program months after the alleged Song-Beverly violation. See Yeoman v. IKEA U.S. West, Inc., No. 11CV701, 2012 WL 1598051 (S.D. Cal. May 4, 2012). The Court's discussion suggests that a retailer may also face Song-Beverly liability even if it requests personal information at the register that it already holds by virtue of the customer's membership in its rewards program.

Amazon, Apple, Apps, California, CalOPPA, Google, Harris, HP, Microsoft, Mobile, mobile privacy, privacy bill of rights, Privacy Policy, RIM, Shine the Light, White House

Privacy in Principle (As California Goes, So Goes the Nation? Part Four)

By InfoLawGroup LLP on February 27, 2012

What happened in the privacy world last week? On Thursday, just before the release of the White House Paper, California Attorney General Kamala Harris announced an agreement with the leading operators of mobile application platforms to privacy principles designed to bring the mobile app industry in line with a California law requiring mobile apps that collect personal information to have a privacy policy. It might be argued that the White House is now enunciating principles and best practices, and encouraging legislation of principles, that have long been embodied not only as best practice but as actual legislation under California law.

20/20, ABA, client confidentiality, COPRAC, encrypt, encryption, ethics, Formal Opinion Interim No- 08-0002, lawyers, New York State Bar Association, online storage, Opinion 842, professional responsibility, State Bar of California, technology, wifi

Legal Implications of Cloud Computing -- Part Five (Ethics or Why All Lawyers-Not Just Technogeek Lawyers Like Me-Should Care About Data Security)

By InfoLawGroup LLP on October 19, 2010

So, you thought our cloud series was over? Wishful thinking. It is time to talk about ethics. Yes, ethics. Historically, lawyers and technologists lived in different worlds. The lawyers were over here, and IT was over there. Here's the reality: Technology - whether we are talking cloud computing, ediscovery or data security generally - IS very much the business of lawyers. This post focuses on three recent documents, ranging from formal opinions to draft issue papers, issued by three very prominent Bar associations -- the American Bar Association (ABA), the New York State Bar Association (NYSBA), and the State Bar of California (CA Bar). These opinions and papers all drive home the following points: as succinctly stated by the ABA, "[l]awyers must take reasonable precautions to ensure that their clients' confidential information remains secure"; AND lawyers must keep themselves educated on changes in technology and in the law relating to technology. The question, as always, is what is "reasonable"? Also, what role should Bar associations play in providing guidelines/best practices and/or mandating compliance with particular data security rules? Technology, and lawyer use of technology, is evolving at a pace that no Bar association can hope to meet. At the end of the day, do the realities of the modern business world render moot any effort by the Bar(s) to provide guidance or impose restrictions? Read on and tell us - and the ABA - what you think.

ABM, ANA, Boucher, Chamber, Chamber of Commerce,, comments, discussion, discussion draft, DMA, draft, MRA, NetChoice, NRF, Shop-org, Stearns, U-S- Chamber of Commerce,

Reactions to the Boucher Bill, Part Two

By InfoLawGroup LLP on June 13, 2010

This post is Part Two in my review and discussion of some of the comments submitted in the response to the Boucher Bill privacy and data security legislation discussion draft. As in Part One, Part Two will describe and summarize at a high level some (but not all) of the issues identified by the commenters. Part Two covers comments submitted by American Business Media (ABM), which focuses on the Business-to-Business online information market; the Association of National Advertisers (ANA); the Marketing Research Association (MRA), an association of the survey and opinion research profession; the National Retail Federation and Shop.org (collectively, NRF); and the U.S. Chamber of Commerce.

Binding Corporate Rules, clauses, cloud computing, consent, contract, controller, EU, EU Data Protection Directive, EU Directive, European Union, offshoring, outsourcing, processor, Safe Harbor, sstandard, standard contractual clauses

Do the New EU Processing Clauses Apply to You?

By W. Scott Blackmer on June 10, 2010

A new set of EU standard contract clauses ("SCCs" or "model contracts") for processing European personal data abroad came into effect on May 15, 2010. Taken together with a recent opinion by the official EU "Article 29" working group on the concepts of "controller" and "processor" under the EU Data Protection Directive, this development suggests that it is time to review arrangements for business process outsourcing, software as a service (SaaS), cloud computing, and even interaffiliate support services, when they involve storing or processing personal data from Europe in the United States, India, and other common outsourcing locations.

Boucher, CDD, CDT, comments, Consumer Action, Consumer Federation of America, Consumer Watchdog, Consumers Union, discussion draft, DMA, EFF, IAB, Ira Rubenstein, ITIF, NetChoice, privacy groups, Privacy Lives, Privacy Rights Clearinghouse, Privacy Times, Stearns, USPIRG, World Privacy Forum

Reactions to the Boucher Bill, Part One

By InfoLawGroup LLP on June 07, 2010

As previously reported, in early May Reps. Rick Boucher (D-Va.) and Cliff Stearns (R-Fla.) introduced a discussion draft of proposed federal privacy and data security legislation. Reps. Boucher and Stearns sought comments on the discussion draft, setting a deadline of last Friday, June 4, 2010. Numerous organizations have submitted comments. This multi-part post will describe and summarize, at a high level, some (but not all) of the issues identified by the commenters.