The Federal Trade Commission announced today that Teletrack, Inc. has agreed to pay $1.8 million to settle charges that the company sold credit reports for marketing purposes, in violation of the Fair Credit Reporting Act (FCRA). According to the FTC's complaint, Teletrack sells credit reports and other services to businesses that mainly serve financially distressed consumers. Teletrack's business customers include pay day lenders, rental purchase stores and non-prime rate auto lenders. These businesses use Teletrack's credit reports to decide whether and on what terms to extend credit to their customers.
InfoLawGroup LLP is delighted to welcome to the firm partners Justine Young Gottshall and Jamie Rubin. Gottshall and Rubin are former partners at Wildman, Harrold Allen & Dixon in Chicago. As nationally-recognized leaders in Digital, Media, Advertising, Privacy and Promotions law, they bring new depth to InfoLawGroup's practice.
We previously reported on our blog that a Connecticut ambulance company settled the National Labor Relations Board's (NLRB's) allegations that the company violated an employee's federal rights by firing her for criticizing a manager on Facebook. The NLRB continues its enforcement blitz with another Facebook firing complaint.
On May 16, 2011, EU's Article 29 Working Party (WP29) adopted an opinion setting out privacy compliance guidance for mobile geolocation services.WP29 is comprised of representatives from the EU member states' data protection authorities (DPAs), the European Data Protection Supervisor and the European Commission. WP29's mandate includes (i) giving expert advice to the EU member states regarding the implementation of European data protection directives, and (ii) promoting uniform implementation of the directives in all EU state members as well as in Norway, Liechtenstein and Iceland. WP29's opinions, therefore, carry significant weight in the interpretation and enforcement of data protection laws by European DPAs. Not surprisingly, WP29 has concluded that geolocation data is "personal data" subject to the protections of the European data protection framework, including the EU Data Protection Directive 95/46/EC. The Working Party also determined that the collection, use and other processing of geolocation data through mobile devices generally requires explicit, informed consent of the individual. Below are the highlights of the opinion.
Mr. Kwang Hyun Ryoo, a partner at the Korean law firm of Bae, Kim & Lee LLC, is reporting in the firm's newsletter that on March 29, 2011, Korea enacted a comprehensive personal data protection law, entitled Personal Information Protection Act (PIPA). Most of the act's provisions will come into force on September 30, 2011.
On May 12, 2011, the Federal Trade Commission announced that the operators of 20 online virtual worlds have agreed to pay $3 million to settle charges that they violated the Children's Online Privacy Protection (COPPA) Rule by collecting and disclosing personal information from hundreds of thousands of children under age 13 without their parents' prior consent. The FTC noted that this settlement is the largest civil penalty for a violation of the FTC's COPPA Rule.
On May 10, 2011, the Senate Subcommittee on Privacy, Technology and the Law held a hearing on mobile privacy. We covered the hearing in detail on our blog. Yesterday, InfoLawGroup partner Boris Segalis spoke with Fox Live's Tracy Byrnes about the balance between business and consumer interests that mobile privacy implicates.The clip from the interview is available on Fox at http://video.foxnews.com/v/4689248/the-congressional-mobile-privacy-hearing/?playlist_id=86861
On May 3, 2011, the Federal Trade Commission announced that Ceridian Corporation and Lookout Services, Inc. agreed to settle the FTC's allegations that the companies failed to safeguard their business customers' employee personal information. Ceridian's services include payroll processing, payroll-related tax filing, benefits administration and other human resource services for business customers. Lookout provides a web-based computer product that is designed to help employers comply with their obligations under federal law to complete and maintain a U.S. Citizenship and Immigration Services Form I-9 about each employee in order to verify that the employee is eligible to work in the United States.
As we have reported previously on our blog, federal agencies, including the FTC, NLRB and EEOC have been very active in taking action against privacy and information security violations. This trend continues with the Securities and Exchange Commission's (SEC's) recent announcement of a settlement with three former executives a brokerage firm (GunnAllen Financial, Inc.). The SEC alleged that the former executives violated the Commission's Privacy Rule and Safeguards Rule (Regulation S-P) and aided and abetted the firm in violating these rules. This enforcement action marks the first time the SEC assessed financial penalties against individuals charged solely with violating Regulation S-P.
InfoLawGroup was recently profiled in the Los Angeles Daily Journal. "The Social (Law Firm) Network" is reprinted here with permission from the Daily Journal. We wish all of our clients, friends, and readers a great weekend.
The Google Buzz settlement that the Federal Trade Commission announced on March 30, 2011 is the latest in the line of the Commission's numerous Section 5 actions related to privacy and data security violations. The Google Buzz settlement, however, is unique in several important ways. The settlement represents (i) the first FTC settlement order has requires a company to implement a comprehensive privacy program to protect the privacy of consumers' information, and (ii) the Commission's first substantive U.S.-EU Safe Harbor framework enforcement action. Let's dive in (make sure to read the "Action Item" at the conclusion of the post!).
On March 18, 2011, the Oklahoma State House passed the Electric Utility Data Protection Act (House Bill 1079). The state's Senate will consider the bill next.The Act seeks to establish standards to govern the use and disclosure of electric utility usage data (including personal information) by electric utilities, customers of electric utilities and third parties. The Act also requires electric utility companies to maintain the confidentiality of customer data and allow customers to access the data. State Rep. Scott Martin noted that customers will see energy savings from the Smart Grid, but are vulnerable to potential access of their data by third parties. "This legislation should ensure customers can reap the many benefits of this new system without having to fear someone getting access to their data without permission," said Martin. The legislation is said to have the support of the Oklahoma Gas & Electric Company, which has already converted 100,000 standard meters to smart meters in the state and plans to install 800,000 smart meters in the next two years.
As we have previously reported on our blog, 2011 has seen a whirlwind of privacy enforcement activity. The FTC, NLRB, EEOC, HHS and FINRA have all taken privacy enforcement actions this year. This March, the FTC has announced privacy settlements with Chitika and Twitter.