Posts tagged personal information

California, class action, credit cards, loyalty program, personal identification information, personal information, rewards program, Song-Beverly

Class Certification Ruling Suggests that a Plaintiff's Membership in a Retailer's Pre-Existing Rewards Program May Not Excuse a Retailer's Request for Personal Information at the Register

By InfoLawGroup LLP on May 17, 2012

The U.S. District Court for the Southern District of California recently granted class certification in a Song-Beverly Credit Card Act case, refusing to exclude from the class individuals who joined the retailer's rewards program months after the alleged Song-Beverly violation. See Yeoman v. IKEA U.S. West, Inc., No. 11CV701, 2012 WL 1598051 (S.D. Cal. May 4, 2012). The Court's discussion suggests that a retailer may also face Song-Beverly liability even if it requests personal information at the register that it already holds by virtue of the customer's membership in its rewards program.

data brokers, data protection, David Vladeck, Fair Credit Reporting Act, FCRA, Federal Trade Commission, FTC, FTC consent, InfoLawGroup, information law group, personal information, privacy enforcement, Segalis, Teletrack

FCRA Violations Result in $1.8 Million FTC Penalty

By InfoLawGroup LLP on June 26, 2011

The Federal Trade Commission announced today that Teletrack, Inc. has agreed to pay $1.8 million to settle charges that the company sold credit reports for marketing purposes, in violation of the Fair Credit Reporting Act (FCRA). According to the FTC's complaint, Teletrack sells credit reports and other services to businesses that mainly serve financially distressed consumers. Teletrack's business customers include pay day lenders, rental purchase stores and non-prime rate auto lenders. These businesses use Teletrack's credit reports to decide whether and on what terms to extend credit to their customers.

Boris Segalis, data protection, data security, FIPPs, InfoLawGroup, information law group, Korea, personal information, Personal Information Protection Act, PIPA, privacy, privacy legislation

Personal Data Protections Expand in Korea

By InfoLawGroup LLP on May 18, 2011

Mr. Kwang Hyun Ryoo, a partner at the Korean law firm of Bae, Kim & Lee LLC, is reporting in the firm's newsletter that on March 29, 2011, Korea enacted a comprehensive personal data protection law, entitled Personal Information Protection Act (PIPA). Most of the act's provisions will come into force on September 30, 2011.

Ceridian, deceptive practices, enforcement, Federal Trade Commission, FTC, FTC Act, FTC consent, InfoLawGroup, information law group, information security, information security program, InformationLawGroup, Lookout, personal data, personal information, privacy enforcement, Section 5, Segalis

FTC Privacy Enforcement Update: Two Companies Allegedly Failed to Protect Sensitive Employee Data

By InfoLawGroup LLP on May 06, 2011

On May 3, 2011, the Federal Trade Commission announced that Ceridian Corporation and Lookout Services, Inc. agreed to settle the FTC's allegations that the companies failed to safeguard their business customers' employee personal information. Ceridian's services include payroll processing, payroll-related tax filing, benefits administration and other human resource services for business customers. Lookout provides a web-based computer product that is designed to help employers comply with their obligations under federal law to complete and maintain a U.S. Citizenship and Immigration Services Form I-9 about each employee in order to verify that the employee is eligible to work in the United States.

Breach, damages, litigation, personal information, privacy, security breach litigation

California Federal Court Holds that Damages Properly Alleged in RockYou Data Breach Case

By InfoLawGroup LLP on April 19, 2011

In what may be a sign of an evolving judicial atmosphere and approach concerning data breach lawsuits, a Federal judge in the Northern District of California District Court recently refused to dismiss various causes of action related to a data breach involving RockYou. In particular, the Court explored the issue of whether the plaintiff sufficiently alleged "harm" arising out of the data breach. This blog post takes a look the highlights of the Court's decision.

Boris Segalis, Buzz, Consent Order, Consumer Protection, data protection, data security, Federal Trade Commission, FTC, FTC Act, Google, Google settlement, InfoLawGroup, information law group, information security, personal information, privacy, privacy assessment, privacy by design, privacy enforcement, risk assessment, Safe Harbor, social media, social network

FTC Takes a Big Step in Privacy Enforcement with Google Buzz Settlement

By InfoLawGroup LLP on April 06, 2011

The Google Buzz settlement that the Federal Trade Commission announced on March 30, 2011 is the latest in the line of the Commission's numerous Section 5 actions related to privacy and data security violations. The Google Buzz settlement, however, is unique in several important ways. The settlement represents (i) the first FTC settlement order has requires a company to implement a comprehensive privacy program to protect the privacy of consumers' information, and (ii) the Commission's first substantive U.S.-EU Safe Harbor framework enforcement action. Let's dive in (make sure to read the "Action Item" at the conclusion of the post!).

Boris Segalis, data protection, Electric Utility Data Protection Act, InfoLawGroup, information law group, InformationLawGroup, Oklahoma, personal information, privacy law, privacy legislation, smart grid, SmartGrid

Oklahoma State House Passes Smart Grid Privacy Bill

By InfoLawGroup LLP on March 23, 2011

On March 18, 2011, the Oklahoma State House passed the Electric Utility Data Protection Act (House Bill 1079). The state's Senate will consider the bill next.The Act seeks to establish standards to govern the use and disclosure of electric utility usage data (including personal information) by electric utilities, customers of electric utilities and third parties. The Act also requires electric utility companies to maintain the confidentiality of customer data and allow customers to access the data. State Rep. Scott Martin noted that customers will see energy savings from the Smart Grid, but are vulnerable to potential access of their data by third parties. "This legislation should ensure customers can reap the many benefits of this new system without having to fear someone getting access to their data without permission," said Martin. The legislation is said to have the support of the Oklahoma Gas & Electric Company, which has already converted 100,000 standard meters to smart meters in the state and plans to install 800,000 smart meters in the next two years.

ABA, data protection, InfoLawGroup, information law group, personal information, privacy, Security, smart grid

ABA Information Security Committee Launches Smart Grid Working Group

By InfoLawGroup LLP on February 23, 2011

On February 12, 2011, the American Bar Association Information Security Committee established the Smart Grid Privacy and Security Working Group. The working group's mission is to increase awareness regarding privacy and information security legal issues arising in connection with the Smart Grid among consumers, regulators, utilities, service provider and other stakeholders. Gib Sorebo, Chief Cybersecurity Technologist at SAIC, and Boris Segalis, partner at InfoLawGroup, will co-chair the group.

California, credit cards, personal identification information, personal information, personally identifiable information, retail, retailers, Song-Beverly Credit Card Act

California Supreme Court Says Zip Codes are PII-Really. (As California Goes, So Goes the Nation? Part Two)

By InfoLawGroup LLP on February 11, 2011

The California Supreme Court ruled Thursday, in Pineda v. Williams-Sonoma, that zip codes are "personal identification information" for purposes of California's Song-Beverly Credit Card Act, California Civil Code section 1747.08. Really.

cyber security, data security, Department of the Energy, InfoLawGroup, information law group, information security, personal information, privacy, smart grid

U.S. Department of Energy Takes on Smart Grid Security

By InfoLawGroup LLP on February 03, 2011

On February 1, 2011, the Department of Energy announced the launch of the Cyber Security Initiative to develop cyber security risk management process guidelines for the electric grid. The Department's Office of Electricity Delivery and Energy Reliability will lead the effort in collaboration with the National Institute of Standards and Technology and the North American Electric Reliability Corporation.

behavioral advertising, choice, Federal Trade Commission, FTC, FTC framework, FTC report, InfoLawGroup, Internet, notice, online privacy, personal information, personally identifiable information, privacy, privacy by design, privacy enforcement, Security, tracking, Vladeck

FTC's Report on Privacy Sets Forth Framework for Consumers, Businesses and Policymakers

By InfoLawGroup LLP on December 01, 2010

On December 1, 2010, the Federal Trade Commission issued a preliminary report entitled "Protecting Consumer Privacy in an Era of Rapid Change, A Proposed Framework for Businesses and Policymakers". The report proposes a framework to balance the privacy interests of consumers with innovation that relies on consumer information to develop beneficial new products and services.

Dave & Buster's, FTC, hacker, information security program, personal information

Dave & Buster's Busted: Another Allleged Failure to Implement "Reasonable Security"

By InfoLawGroup LLP on March 26, 2010

We are seeing more and more private litigation and regulatory enforcement actions around the issue of what constitutes "reasonable security." This week we see another. Once again the FTC asserts that a company has failed to take "reasonable and appropriate security measures" to protect personal information. Yesterday, in its 27th case challenging inadequate data security practices by organizations that handle sensitive consumer information, the FTC announced settlement of its complaint against Dave & Buster's, the restaurant chain. The FTC alleged in its complaint that, from April 30, 2007 to August 28, 2007, a hacker exploited vulnerabilities in Dave & Buster's systems to install unauthorized software and access approximately 130,000 credit and debit cards.

FTC, Leibowitz, online privacy, opt-in, opt-out, personal information, privacy, reasonable expectation, self-regulatory, Vladeck

Are We Living in a Post-Disclosure, Opt-In World?

By InfoLawGroup LLP on January 11, 2010

Today's New York Times Media Decoder Blog features an "on-the-record" discussion with Federal Trade Commission chairman Jon Leibowitz and Bureau of Consumer Protection chief David Vladeck. The question presented: "Has Internet Gone Beyond Privacy Policies?" The FTC (and Congress, for that matter) continue to signal that change may be imminent in the world of online privacy policies and traditional notions of opt-out consent.