A European Court of Justice (ECJ) advocate general, Yves Bot, has called for the European Union–U.S. Safe Harbor Agreement to be invalidated due to concerns over U.S. surveillance practices (press release here, opinion here). The ECJ has discretion to reject the recommendation, but such opinions are generally followed. A final decision on the
data security
In Commission Win, Appeals Court Agrees that FTC Can Regulate Business Data Security Practices Under Unfairness Authority
In a closely watched case where the Federal Trade Commission (FTC) pursued Wyndham Worldwide Corporation for several data breaches that led to millions of dollars in fraudulent charges on customers’ payment cards, the U.S. Court of Appeals for the Third Circuit on Monday agreed with the Commission’s broad interpretation of its “unfairness” authority (opinion here…
FTC Issues Data Security Guidance
The U.S. Federal Trade Commission (FTC) issued new data security guidance for businesses on June 30, 2015. The publication, Start With Security: A Guide for Business, consolidates other guidance from the FTC that reflects its position that security by design, much as privacy by design, should be integrated into business processes. The guidance isn’t…
High Court to Decide If Congress Can Let Consumers Sue Over Publication of Inaccurate Personal Information Without Concrete Damages
The Supreme Court of the United States granted certiorari late last month in a case with important implications for consumer privacy and for the ability of Congress generally to create wholly new protections for consumers. Plaintiffs must always show that they have standing – a legally-protected interest that allegedly has been violated – before a…
Third Circuit Says Privacy Class Action Members are “Ascertainable” in Suit Against Aaron’s Stores Because There are Records
Every class action lawsuit always involves the question of how to identify, or “ascertain”, who is a member of the class. Consumers keep expensive products or at least keep records related to their purchase. Inexpensive or transitory products are generally gone by the time litigation commences and no records of the purchase exist. In such…
House Passes Cyber Information Sharing Bills
This week, the U.S. House of Representatives passed two cybersecurity information sharing bills that gained qualified support from the Obama Administration. Together, the bills (the Protect Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement Act (NCPAA)) would authorize companies to share cyber threat information and defensive measures with each other and the…
Managing “Cyber” – A New Guide for Companies on Cybersecurity and Addressing Cyberthreats and Cybercrime
The Paris-based International Chamber of Commerce (ICC) today released a new guide to help companies manage their cybersecurity, including how to address cyberthreats and how to prevent cybercrime. The ICC Cyber security guide for business, prepared by the ICC’s Commission on the Digital Economy, was written to help companies address the new types of…
Data Breaches: Not Just for States and the FTC Anymore
The Federal Communications Commission (FCC) announced today that AT&T Services, Inc., will pay $25 million to resolve an investigation into whether the company violated Sections 201(b) and 222 of the Communications Act relating to consumer privacy at AT&T call centers in Mexico, Colombia, and the Philippines. According to the FCC’s order and consent decree,…
Tips for Preventing Privacy and Data Breach Suits
As we discussed in the Privacy Class Action Claims on the Rise post from December 17, 2014, the number of privacy class action claims is trending upwards, along with all things privacy-related. Some of the breaches and other big media stories could have been avoided, while others were unavoidable for the businesses at issue. Either …