We have updated our summary of state data breach notification laws in light of recent amendments to some of the laws since our last update in September 2015. Notably, Tennessee amended its data breach notification law, the Identity Theft Deterrence Act, effective July 1, 2016, by eliminating an encryption safe harbor and requiring that affected… Continue Reading
Search Results for:
Preparing for the EU General Data Protection Regulation: A Checklist for Businesses
Posted in Data Security, PrivacyThe new European Union General Data Protection Regulation (GDPR) (Regulation 2016/679, Apr. 27, 2016) will replace the Data Protection Directive (Directive 95/46/EC) effective May 25, 2018. The GDPR has been a long time coming, and introduces a host of new requirements for companies that use or process data in the EU, or simply use or… Continue Reading
Supreme Court Requires Plaintiffs to Show Harm or Risk of Harm, Not Bare Procedural Violation, to Get Statutory Damages
Posted in Cybersecurity, Data Security, Litigation, PrivacyJoe Ravi | CC-BY-SA 3.0 Last year, we noted that the Supreme Court had granted certiorari in a case that could limit the ability of plaintiffs to sue defendants over bare statutory violations without the showing of actual injury. The case implicates a wide variety of statutes that grant monetary awards to successful plaintiffs on… Continue Reading
GDPR Publication Starts Countdown to May 2018 Compliance Date for New Privacy Rules
Posted in Legislation, Privacy, Regulations
The new General Data Protection Regulation (GDPR) (Regulation 2016/69, Apr. 27, 2016), approved by the European Parliament and the Council of the European Union, was formally published in the Official Journal of the European Union on May 4, 2016, and will replace the Data Protection Directive (Directive 95/46/EC) effective May 28, 2018. This new set… Continue Reading
Millar to Lead Toy Marketing Panel at CARU
Posted in Events, PrivacyEven as advertising to kids gets more complicated, the basic principles remain the same. This week, Children’s Advertising Review Unit (CARU), an independent self-regulatory organization within the Council of Better Business Bureaus (CBBB) which monitors children’s advertising and helps marketers vet ads and campaigns, is hosting its annual conference, “Reimagining Children’s Advertising: Getting it Right… Continue Reading
NTIA Steps into IoT Debate
Posted in Cybersecurity, Privacy
Continuing its tradition of active involvement in digital economy questions, the Department of Commerce’s (DOC) National Telecommunications and Information Administration (NTIA) issued a request for public comment on questions posed by the growth of the Internet of Things (IoT). The explosive growth of connected products, anticipated to reach 25 billion by 2020, is one reason… Continue Reading
Appeals Court Agrees That Health Solutions Provider’s Insurance Requires Defense in Data Disclosure Class Action
Posted in Data Security, Litigation, Privacy
Availability of insurance is often among the first questions that arises when a company encounters a data breach or other Internet-related problem involving company records, even where the company lacks a cyberinsurance policy. The federal Fourth Circuit Court of Appeals recently affirmed a ruling by a District Court that required insurance coverage for an inadvertent… Continue Reading
FCC Adopts Broadband Privacy NPRM
Posted in Privacy, RegulationsAt its Open Meeting yesterday, the Federal Communications Commission (FCC) adopted a Notice of Proposed Rulemaking (NPRM) that would apply the privacy protections in Section 222 of the Communications Act to broadband Internet Service Providers (ISPs). The text of the NPRM, which reportedly seeks public comment on more than 500 questions relating to privacy and… Continue Reading
The FCC Continues Privacy Push with Draft Proposal Regulating ISP Customers’ Data
Posted in Data Security, Privacy, RegulationsOn the heels of the Open Internet Order adopted by the Federal Communications Commission (FCC) last year, FCC Chairman Tom Wheeler has circulated a Notice of Proposed Rulemaking (NPRM) to fellow Commissioners that would apply the privacy protections of the Communications Act to broadband Internet access services. Wheeler’s proposal will be voted on at the… Continue Reading
FCC Settles Probe into Verizon’s Use of “Supercookies”
Posted in Privacy, RegulationsOn March 7, 2016, the Enforcement Bureau of the Federal Communications Commission (FCC) entered into a Consent Decree with Verizon Wireless relating to the company’s use of Unique Identifier Headers (UIDH) for targeted advertising purposes. UIDH are commonly referred to as “supercookies” because they cannot be deleted. This concludes the FCC’s investigation into whether Verizon… Continue Reading
European Commission Releases Draft Text of Adequacy Decision on EU-U.S. Privacy Shield
Posted in Data Security, PrivacyOn February 29, 2016, the European Commission’s (EC) released a much anticipated draft adequacy decision on the EU–U.S. Privacy Shield. With this and enactment of the Judicial Redress Act last week (see our post here), the European Union came yet another step closer to finalizing the agreement between the EU and the U.S. to enable… Continue Reading
Obama Signs Judicial Redress Act—Will It Move EU–U.S. Privacy Shield Forward?
Posted in Legislation, PrivacyPresident Barack Obama signed the Judicial Redress Act on Wednesday, February 24, 2016, which will eventually enable European Union citizens to seek remedies for alleged privacy violations by the federal government in U.S. courts. The Act gives the U.S. Department of Justice (DOJ) authority to designate countries or international organizations that (1) have appropriate privacy… Continue Reading
Two App Developers Agree on COPPA Settlement with FTC
Posted in Advertising, PrivacyTwo app developers have settled complaints from the Federal Trade Commission (FTC) that they allowed third parties to collect information, including persistent identifiers, through their apps, and allowed third parties to serve advertising to children, in violation of the Children’s Online Privacy Protection Act (COPPA). The FTC’s announcement was released the same day it announced… Continue Reading
Agreement Reached on Landmark EU Data Protection Reform
Posted in Data Security, PrivacyOn December 15, 2015, the European Commission announced that an agreement has been reached with the European Parliament and the Council (the “trilogue” meetings) regarding the Commission’s sweeping 2012 EU Data Protection Reform proposal. The reform package, which consists of a General Data Protection Regulation and a Data Protection Directive for Police and Criminal Justice… Continue Reading
False Advertising Contempt Suit Costs LifeLock $100 Million
Posted in Data Security, Litigation, PrivacyOn December 17, 2015, the Federal Trade Commission (FTC) announced that Lifelock, Inc. (LifeLock), agreed to pay a record-breaking $100 million to settle charges that it violated an earlier consent agreement related to flawed data security practices issued in March 2010. The LifeLock settlements implicate both the “fairness” of the company’s data security practices and… Continue Reading
Life After the U.S.–EU Safe Harbor
Posted in Data Security, PrivacyWe’ve written about the ground-breaking and panic-inducing ruling of the European Court of Justice (ECJ) invalidating the U.S.–EU Safe Harbor framework as an adequate data transfer mechanism, and ruling that national authorities are not bound by Commission approvals. Click here for our September 23, 2015 blog post, and here for a related October 16, 2015… Continue Reading
Article 29 WP Says Safe Harbor Transfers Illegal; Model Clauses and BCRs Under Review
Posted in Data Security, Litigation, PrivacyThe Article 29 Working Party (WP) issued a press release on October 16, 2015 announcing the outcome of the meeting to discuss coordinated action after the Court of Justice of the European Union (ECJ) decision in the matter of Schrems v. Data Protection Commissioner (C-362-14), which invalidated the U.S.-EU Safe Harbor Agreement. While calling for… Continue Reading
EU Official Calls for Invalidation of EU–U.S. Safe Harbor Pact
Posted in Data Security, PrivacyA European Court of Justice (ECJ) advocate general, Yves Bot, has called for the European Union–U.S. Safe Harbor Agreement to be invalidated due to concerns over U.S. surveillance practices (press release here, opinion here). The ECJ has discretion to reject the recommendation, but such opinions are generally followed. A final decision on the issue is… Continue Reading
In Commission Win, Appeals Court Agrees that FTC Can Regulate Business Data Security Practices Under Unfairness Authority
Posted in Cybersecurity, Data Security, PrivacyIn a closely watched case where the Federal Trade Commission (FTC) pursued Wyndham Worldwide Corporation for several data breaches that led to millions of dollars in fraudulent charges on customers’ payment cards, the U.S. Court of Appeals for the Third Circuit on Monday agreed with the Commission’s broad interpretation of its “unfairness” authority (opinion here).… Continue Reading
Unlucky 13: FTC Settles Charges under International Safe Harbor Framework
Posted in PrivacyThirteen companies have agreed to settle with the Federal Trade Commission (FTC) charges relating to their participation in the U.S.–EU and U.S.–Swiss Safe Harbor Frameworks. Seven companies allegedly failed to renew their Safe Harbor self-certifications, including a sports marketing firm, two software developers, a research organization, a business information firm, a security consulting firm, and… Continue Reading
New York Appellate Court Rules That Facebook Cannot Bring a Pre-Execution Challenge to a Search Warrant for Its Customers’ Records
Posted in Litigation, PrivacyOn July 21, 2015, the First Department of the New York Supreme Court, Appellate Division, ruled that Facebook could not bring a pre-execution challenge judicially issued search warrants for records associated with customer Facebook accounts on behalf of its customers. In In Re 381 Search Warrants Directed to Facebook Inc., 2015 NY Slip Op 06201,… Continue Reading
The Dark Side of Loyalty Programs
Posted in Litigation, PrivacyLoyalty programs operated by retailers allow the retailer to track the purchases made by customers and offer customers tailored information about products and sales. However, there is a dark side to such programs. The tracking may also provide plaintiffs’ lawyers a method of identifying potential class members thereby providing a basis for such litigation to… Continue Reading
Tips for Writing Social Media Policies
Posted in Advertising, Data Security, Privacy, Regulations, Sweepstakes & PromotionsAs many marketers spend a large and growing share of the ad spend on social media, basic principles of truthful advertising must be kept in mind and applied in the new and varied media. After all, the platforms may change, but the underlying requirements do not. Thus, for responsible marketers, a robust social media policy… Continue Reading
FCC Releases Much-Anticipated TCPA Declaratory Ruling and Order
Posted in Advertising, Data Security, PrivacyAs we previously reported, the Federal Communications Commission (“FCC” or “Commission”) adopted a significant Declaratory Ruling and Order on June 18, 2015 to clarify aspects of the Telephone Consumer Protection Act (“TCPA”), namely, the use of “automatic telephone dialing systems” and/or artificial or prerecorded voice messages to send telemarketing and informational calls and texts to… Continue Reading
.
Consumer Protection Connection