The White House today released its white paper setting forth a framework for "Protecting Privacy And Promoting Innovation in The Global Digital Economy" (the " Framework"). The Framework is far reaching, touching on everything from a call for legislation, including a national standard for security breach legislation, to promoting international interoperability.The Framework centers on The Consumer Privacy Bill of Rights, which contains seven core principles relating to "personal data." Note that "personal data" is defined broadly, to encompass any data, including aggregated data, which can be linked to a specific individual, and may include data linked to a specific computer or other device. It is worth noting that the Framework includes, as an illustrative example of personal data, "an identifier on a smartphone or family computer that is used to build a usage profile."
The conditions for transborder data flows may become more uniform in the EU under the proposed Data Protection Regulation, but restrictions on foreign data transfers are now appearing in new data privacy laws and regulations in several regions of the world, posing global compliance challenges.
On February 8, 2012, the Electronic Privacy Information Center (EPIC) asked the Federal District Court for the District of Columbia to compel the Federal Trade Commission (FTC) to enforce the terms of the agency's Google Buzz privacy settlement with Google. EPIC seeks to compel the FTC to stop Google's planned consolidation of user data from across the company's services into a single profile for each user under a single privacy policy. EPIC has alleged that the proposed changes and the way Google seeks to implement the changes violate the Google Buzz consent order. The District Court will hear the case before March 1, 2012.In this post, we discuss the highlights of EPIC's complaint, Google's response and lessons learned.
Last week NY's most prominent state appellate level court formally fully adopted the Zubulake standard for e-discovery. The entire opinion is worth a careful read, as although the First Department noted that it previously "adopted the Zubulake standard when reviewing a motion for spoliation sanctions involving the destruction of electronic evidence" it had not previously addressed the issue of when a party reasonably anticipates litigation and the resulting duties and obligations that flow from this determination. Now it has.
As organizations of all stripes increasingly rely on cloud computing services to conduct their business, the need to balance the benefits and risks of cloud computing is more important than ever. This is especially true when it comes to data security and privacy risks. However, most Cloud customers find it very difficult to secure favorable contract terms when it comes to data security and privacy. While customers may enjoy some short term cost-benefits by going into the Cloud, they may be retaining more risk then they want (especially where Cloud providers refuse to accept that risk contractually). In short, the players in this industry are at an impasse. Cyber insurance may be a solution to help solve the problem.
In 2011, InfoLawGroup began its "Legal Implications" series for social media by posting Part One (The Basics) and Part Two (Privacy). In this post (Part Three), we explore how security concerns and legal risk arise and interact in the social media environment.There are three main security-related issues that pose potential security-related legal risk. First, to the extent that employees are accessing and using social media sites from company computers (or increasingly from personal computers connected to company networks or storing sensitive company data), malware, phishing and social engineering attacks could result in security breaches and legal liability. Second, spoofing and impersonation attacks on social networks could pose legal risks. In this case, the risk includes fake fan pages or fraudulent social media personas that appear to be legitimately operated. Third, information leakage is a risk in the social media context that could result in an adverse business and legal impact when confidential information is compromised.
Phonedog v. Kravitz, currently pending in the Northern District of California, raises unprecedented issues regarding social media. Is a list of Twitter followers protected as trade secret under California law? What is the value of a Twitter follower? $2.50 per month? I discussed these questions today with Fox News.
As 2011 is coming to a close, many of us are thinking about what 2012 will bring. With regard to privacy, there are numerous key issues to choose from (and I am sure many privacy professionals would add to this list) - but from a corporate compliance standpoint, here are my top five picks for hot topics to address in 2012: