Insights on cookies,information security

behavioral analytics, behavioral marketing, behavorial advertising, cookies, EU, European Union, Google, international, Privacy Policy

European Criticism for Google's New Privacy Policy

By W. Scott Blackmer on February 28, 2012

Google's new privacy policy (and its plans to create user profiles across multiple online services) has drawn fire from European data protection authorities. Online and mobile retailers and service providers should take account of a renewed emphasis on transparency and proportionality in collecting data about users.

Blumethal, Breach, data security, InfoLawGroup, information law group, information security, Personal Data Protection and Breach Accountability Act, privacy, privacy legislation, Segalis

We Discuss Benefits of Federal Information Security Legislation on Fox

By InfoLawGroup LLP on September 14, 2011

Earlier this week we blogged about Senator Blumenthal's (D-CT) proposed Personal Data Protection and Breach Accountability Act of 2011. Today, InfoLawGroup partner Boris Segalis spoke on Fox Live about the advantages of federal information security legislation.

Breach, data protection, FTC, InfoLawGroup, information law group, information security, information security breach, information security law, information security program, InformationLawGroup, privacy, privacy law, SAFE Data Act, security breach, Segalis, state breach law

Federal Information Security and Breach Notification Law Approved by House Trade Subcommittee

By InfoLawGroup LLP on July 25, 2011

On July 20, 2011, the U.S. House of Representatives Energy and Commerce Committee's Trade Subcommittee approved the Secure and Fortify Electronic Data Act (the "SAFE Data Act"). The Act would require any business that maintains personal information to implement an information security program and notify affected individuals in the event of an information security breach. The SAFE Data Act would preempt the over 45 existing state information security and breach notification laws and task the Federal Trade Commission with developing information security rules implementing the Act.

consent, data protection, InfoLawGroup, information law group, information security, Legislation, privacy enforcement, Russia, Segalis

Russia Amends Federal Data Protection Law; Privacy Enforcement on the Rise

By InfoLawGroup LLP on July 19, 2011

Last week, the upper house of Russia's federal legislature approved amendments to the country's federal data protection law. The amendments impose detailed information security requirements on businesses that process personal data and revise some of the statute's data subject consent provisions.The amended law will come into force when it is published in the official newsletter.

Ceridian, deceptive practices, enforcement, Federal Trade Commission, FTC, FTC Act, FTC consent, InfoLawGroup, information law group, information security, information security program, InformationLawGroup, Lookout, personal data, personal information, privacy enforcement, Section 5, Segalis

FTC Privacy Enforcement Update: Two Companies Allegedly Failed to Protect Sensitive Employee Data

By InfoLawGroup LLP on May 06, 2011

On May 3, 2011, the Federal Trade Commission announced that Ceridian Corporation and Lookout Services, Inc. agreed to settle the FTC's allegations that the companies failed to safeguard their business customers' employee personal information. Ceridian's services include payroll processing, payroll-related tax filing, benefits administration and other human resource services for business customers. Lookout provides a web-based computer product that is designed to help employers comply with their obligations under federal law to complete and maintain a U.S. Citizenship and Immigration Services Form I-9 about each employee in order to verify that the employee is eligible to work in the United States.

Boris Segalis, broker, data protection, dealer, financial privacy, InfoLawGroup, information law group, information security, Nicole Friess, privacy, privacy assessment, privacy enforcement, privacy rule, Regulation S-P, Regulation SP, Safeguards Rule, SEC, Securities and Exchange Commission

Federal Privacy Enforcement Update: SEC Fines Executives for Privacy and Security Violations

By InfoLawGroup LLP on April 13, 2011

As we have reported previously on our blog, federal agencies, including the FTC, NLRB and EEOC have been very active in taking action against privacy and information security violations. This trend continues with the Securities and Exchange Commission's (SEC's) recent announcement of a settlement with three former executives a brokerage firm (GunnAllen Financial, Inc.). The SEC alleged that the former executives violated the Commission's Privacy Rule and Safeguards Rule (Regulation S-P) and aided and abetted the firm in violating these rules. This enforcement action marks the first time the SEC assessed financial penalties against individuals charged solely with violating Regulation S-P.

Boris Segalis, Buzz, Consent Order, Consumer Protection, data protection, data security, Federal Trade Commission, FTC, FTC Act, Google, Google settlement, InfoLawGroup, information law group, information security, personal information, privacy, privacy assessment, privacy by design, privacy enforcement, risk assessment, Safe Harbor, social media, social network

FTC Takes a Big Step in Privacy Enforcement with Google Buzz Settlement

By InfoLawGroup LLP on April 06, 2011

The Google Buzz settlement that the Federal Trade Commission announced on March 30, 2011 is the latest in the line of the Commission's numerous Section 5 actions related to privacy and data security violations. The Google Buzz settlement, however, is unique in several important ways. The settlement represents (i) the first FTC settlement order has requires a company to implement a comprehensive privacy program to protect the privacy of consumers' information, and (ii) the Commission's first substantive U.S.-EU Safe Harbor framework enforcement action. Let's dive in (make sure to read the "Action Item" at the conclusion of the post!).

behavioral advertising, behavioral marketing, chitika, deceptive practices, Federal Trade Commission, FIPPs, FTC Act, FTC consent, InfoLawGroup, information law group, information security, InformationLawGroup, opt-out, privacy enforcement, Section 5, Segalis, tracking, twitter

Privacy Enforcement Update: FTC Settles with Twitter and Chitika

By InfoLawGroup LLP on March 18, 2011

As we have previously reported on our blog, 2011 has seen a whirlwind of privacy enforcement activity. The FTC, NLRB, EEOC, HHS and FINRA have all taken privacy enforcement actions this year. This March, the FTC has announced privacy settlements with Chitika and Twitter.

cyber security, data security, Department of the Energy, InfoLawGroup, information law group, information security, personal information, privacy, smart grid

U.S. Department of Energy Takes on Smart Grid Security

By InfoLawGroup LLP on February 03, 2011

On February 1, 2011, the Department of Energy announced the launch of the Cyber Security Initiative to develop cyber security risk management process guidelines for the electric grid. The Department's Office of Electricity Delivery and Energy Reliability will lead the effort in collaboration with the National Institute of Standards and Technology and the North American Electric Reliability Corporation.

behavorial advertising, CFAA, cookies, deep packet inspection, EPCA, flash cookies, hmtl5, litigation, mobile privacy, privacy, SCA, Security

While We Were Shopping, the Privacy Legal Risk Environment Shifts Again

By InfoLawGroup LLP on January 18, 2011

2010. What a year for data security and privacy, and the law. Choose whatever story you want: Facebook privacy practices, Google Buzz, Wikileaks data breach , TSA full body scanning at the airports, FTC Do Not Track, etc. I am having trouble thinking of a week (perhaps even a day) in 2010 where there wasn't a big privacy or data security story reported at a major media outlet. It is difficult to come up with an issue in 2010 (except perhaps "the economy" or the healthcare debate) that became more firmly lodged in the public consciousness than privacy and data security.While we were all thinking about Halloween and Thanksgiving, and trying to avoid the crush of Hanukah, Christmas and New Years, several privacy lawsuits were filed against online behavioral tracking companies and some of their clients. In my view these lawsuits and the activity that arises out of them (regulatory and otherwise) will be one of the big data security and privacy stories of 2011. What follows is a very brief listing of some the key lawsuits from 2010 that InfoLawGroup is aware of and tracking. There may be more that are not on the list (such is pace of change in this space) and if you know of others, please send them to me so I can list them here to serve as a resource for the larger privacy community. Over the course of 2011 (and beyond) InfoLawGroup will be taking a deeper look at these cases and providing updates as they progress through motion practice, trial and settlement.

Boris Segalis, creditor, FACTA, FCRA, FTC, FTC Red Flags Rule, identity theft, identity theft prevention program, Info Law Group, InfoLawGroup, information security, Red Flags

House and Senate Enact Amendment of FCRA, Limit Scope of Red Flags Rule

By InfoLawGroup LLP on December 07, 2010

The Blog of Legal Times is reporting that late on December 7, 2010 the House of Representatives passed a bill on a voice vote that amends the definition of "creditor" in the Fair and Accurate Credit Reporting Act (FCRA) and, as a result, dramatically limits the scope of the Red Flags Rule. The House bill is identical to the legislation enacted by the Senate last week. We previously covered in detail on our blog both the House bill and the Senate bill.The legislation has the effect of largely limiting the applicability of the Red Flags Rule to financial institutions and entities commonly understood to be "creditors". It will generally exclude from the Rule's scope organizations whose "credit" activities are limited to providing a product or service and allowing customers to pay for the product or service at a later time. The legislation leaves open the possibility that the FTC would bring various types of creditors within the scope of the Rule through rulemaking. However, it sets a procedural threshold for expanding the scope of the Rule and appears to require the determination to be specific to the type of creditor. "When I think of the word 'creditor,' dentists, accounting firms and law firms do not come to mind," said Rep. John Adler (D-N.J.), speaking on the House floor.