Outgoing U.S. Commerce Department General Counsel Cameron Kerry used the opportunity of his final public remarks to emphasize that a unified U.S. privacy framework is essential to the future of the digital economy. Legislation should not wait for some data disaster to happen that undermines the trust essential to a successful digital economy. One byproduct of the unauthorized disclosures… Continue Reading
Monthly Archives: August 2013
BOSTON: Join Us for “Cybersecurity: It’s Not Just for IT Anymore”
Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Privacy Regulation, SecurityIf you are in the Boston area (or will be on September 26), please join us for an afternoon discussion on cybersecurity and the growing risk to corporate directors. It’s no longer just the purview of a company’s IT or compliance personnel. Cybersecurity needs to be elevated to boardroom discussion and this seminar will cover what… Continue Reading
California “Do Not Track” Bill Stays on Track
Posted in Privacy RegulationAs we predicted, the California Senate has approved A.B. 370, a bill that would require commercial websites or online services that collect personally identifiable information to disclose how that site or service responds to “do not track” signals or similar mechanisms. Next, A.B. 370 will head back to the California Assembly, where the Assembly… Continue Reading
Privacy Monday – August 26, 2013
Posted in Privacy MondayAs the summer winds down, we find that privacy and security issues remain at the top of mind for companies, hackers, and regulators alike. EMPLOYEE PERSONAL INFORMATION EXPOSED AT FED Bloomberg is reporting today on a large-scale exposure of the personal information of every employee of the Federal Reserve Bank. According to the article, a… Continue Reading
You Can Have a Say on a New Mechanism for Obtaining Verifiable Parental Consent under the COPPA Rule
Posted in Children, Federal Trade Commission, Privacy RegulationWritten by Julia Siripurapu, CIPP Yesterday, the FTC published a Federal Register notice requesting public comment on the first new method for obtaining verifiable parental consent submitted for FTC approval by AssertID, Inc under the Voluntary Commission Approval Process provision of the COPPA Rule. The FTC is particularly interested in receiving comments on the questions… Continue Reading
Video Interview: Discussing the Intriguing California Personal Privacy Initiative
Posted in Data Compliance & Security, Privacy RegulationWritten by Jake Romero Following up on my recent post on story, I had the opportunity to speak with Colin O’Keefe of LXBN on an interesting California ballot initiative that would make consumers’ personal information private by default. In the brief interview, I describe the basics of the California Personal Privacy Initiative and explain its… Continue Reading
Privacy Monday – August 19, 2013
Posted in Privacy Monday, UncategorizedAfter a brief August hiatus, Privacy Monday is back with privacy goofs, gaffes and tidbits to start your week. Department of Energy Hacked — Again Although the grid is supposed to be “critical infrastructure” as part of the Obama Administration’s cybersecurity Executive Order, the Department of Energy revealed that the agency’s systems had been infiltrated… Continue Reading
New Enforcement Guidance from the UK’s Information Commissioner’s Office
Posted in Data Compliance & Security, European Union, Mobile Privacy, Privacy Regulation(LONDON) Who is on the ICO’s radar these days? August seems to be the month for getting new guidance documents out the door at the United Kingdom’s Information Commissioner’s Office. The UK ICO has just published guidance as to when it is likely to take regulatory action. The new guidance should be reassuring to companies… Continue Reading
Hiding in plain sight: Failure to scrub patient data from digital copiers returned to leasing company results in $1.2 million HIPAA settlement
Posted in Data Breach, Data Compliance & Security, Privacy Litigation, Privacy RegulationWritten by Kevin McGinty We’ve sounded warnings about the lowly copy machine before (here and here). The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops. Seemingly old fashioned equipment, such as copiers, can hide sensitive legally-protected data. Affinity Health Plan, a New York-based managed care company,… Continue Reading
New Tools from the UK’s Information Commissioner’s Office: How to Respond to Subject Access Requests
Posted in Data Compliance & Security, European Union, Legislation, Privacy Litigation, Privacy RegulationWritten by Susan Foster, Solicitor England & Wales/Admitted in California (LONDON) The UK ICO has come through yet again with some clear guidance as to how to apply the UK’s data protection laws in connection with requests by individuals for access to their personal data. While we are waiting with bated breath for a final… Continue Reading
Summer Break is Over for California Senate, Which May Mean New “Do Not Track” Disclosure Requirements for You
Posted in Online AdvertisingWritten by Jake Romero What did you do over your summer vacation? Yes, the sad truth is that summer is almost over. You can tell because there wasn’t a single superhero movie that opened at the box office last weekend (no, Smurfs2 does not count) and because the California Senate is preparing to reconvene from its summer… Continue Reading
How Secure Is Your Pop-Up?
Posted in Cloud Computing, Data Breach, Data Breach NotificationWritten by Cynthia Larose Our headline today does not refer to those annoying ads that “pop-up” when you visit websites. We’re talking about the hottest trend in seasonal retailing – the pop-up store. These are the “here today, gone tomorrow” retail locations that you see during Halloween and Christmas seasons and are now everywhere capturing… Continue Reading
Huge FCRA Verdict Against Equifax Shows Potential Costs of Failing to Protect and Correct Consumer’s Credit History
Posted in Federal Trade Commission, Privacy LitigationWritten by Kevin McGinty Last week an Oregon jury awarded an individual plaintiff over $18 million in compensatory and punitive damages in what some sources have reported to be the first jury verdict in a case brought under the Fair Credit Reporting Act (“FCRA”), 15 U.S.C. § 1681a(c). The plaintiff, Julie Miller, discovered problems with her… Continue Reading
Will California Voters Move US to Opt-In?
Posted in Data Compliance & Security, Privacy RegulationWritten by Jake Romero The California ballot measure process permits any California voter to propose a ballot initiative to the state’s Attorney General which, if enough signatures are gathered, will then appear on state-wide ballot for approval at the next election. A draft ballot initiative has been submitted to the California Attorney General that, if… Continue Reading
FTC v. Wyndham: Wyndham Calls for Back-Up
Posted in Data Breach Notification, Federal Trade Commission, Privacy Litigation, Privacy RegulationWritten by Adam Veness It appears that Wyndham Hotel & Resorts LLC (“Wyndham”) has received reinforcements in its defense against the Federal Trade Commission’s (the “FTC”) case. A federal judge has agreed to allow the U.S. Chamber of Commerce and several other organizations to file an amicus curiae brief in support of dismissing the FTC’s… Continue Reading
Privacy Monday – August 5, 2013
Posted in Privacy MondayPrivacy bytes, gaffes, and goofs for the first Monday in August – New Hampshire Bank Victimized by Malware Manchester, NH-based St. Mary’s Bank, the oldest credit union in the United States, has begun notifying 115, 775 customers after malware was detected on several computers at the bank. It was discovered that more than 23 workstations… Continue Reading
FTC Complaint: Medical Testing Lab Exposed Personal Data of Thousands Over Peer-to-Peer Network
Posted in Data Breach, Federal Trade Commission, Identity TheftWritten by Amy Malone Just before the Labor Day holiday, the Federal Trade Commission issued a press release announcing its complaint against LabMD, Inc., a company that performs medical testing for consumers around the country. The complaint alleges that the company did not take reasonable measures to protect the security of consumers’ personal data. The… Continue Reading
NJ Attorney General Settles with PulsePoint for $1 Million
Posted in Mobile Privacy, Privacy LitigationWritten by Amy Malone Digital marketing company, PulsePoint entered into a Consent Order with the New Jersey Attorney General and agreed to pay $1 million, following an investigation of claims that PulsePoint bypassed privacy setting of Apple’s Safari browser to allow tracking of consumer activity. Last year, Google settled similar claims with the Federal Trade… Continue Reading