Jenna N. Felz

Privacy Shield to Open for Business August 1

By Melinda L. McLellan and Jenna N. Felz on July 20, 2016 Posted in International Privacy Law

After more than two years of negotiations, on July 12, 2016, the European Commission formally adopted the EU-U.S. Privacy Shield (the “Privacy Shield”) framework as a valid mechanism for transfers of personal data from the EU to the U.S. Touting the Privacy Shield as “a robust new system to protect the personal data of Europeans … Continue Reading

Privacy Shield Developments and UK Data Transfers Post-Brexit

By Melinda L. McLellan and Jenna N. Felz on June 28, 2016 Posted in International Privacy Law

With the UK’s Brexit referendum dominating the news out of Europe over the past week, it may have been easy to miss a key development in the continuing Privacy Shield negotiations. On Friday, June 24, news outlets reported that U.S. regulators and the European Commission had agreed on a finalized version from the Privacy Shield, a proposed … Continue Reading

German Data Protection Authority Issues Fines for Unlawful Cross-Atlantic Data Transfers

By Jenna N. Felz, Melinda L. McLellan and Alexandra Beierlein on June 9, 2016 Posted in Enforcement, International Privacy Law

The Data Protection Authority of Hamburg, Germany has made good on its promise to audit cross-Atlantic data transfers in the wake of the October 2015 Safe Harbor decision. On June 6, the Hamburg DPA announced that it had fined three companies for unlawful transfers of personal data from the EU to the United States. According … Continue Reading

Deeper Dive: Plan for Regulatory Scrutiny in Financial Services Data Security Incidents

By Gerald J. Ferguson and Jenna N. Felz on May 16, 2016 Posted in Cybersecurity, Financial Privacy

Financial services industry companies were involved in 18% of the over 300 data security incidents we helped manage in 2015, and reported in our 2016 BakerHostetler Data Security Incident Response Report (the “Report”). After healthcare, the financial services industry was the second most affected industry according to the data we reported. It is not surprising … Continue Reading

2016 Mobile Data Privacy and Security Update and 2015 Review

By Fernando A. Bohorquez, Jr. and Jenna N. Felz on April 4, 2016 Posted in Mobile Privacy

To say that mobile device usage has reached a tipping point would be an understatement. There are now more mobile devices than people in the world, a staggering 7.9 billion mobile devices for 7.4 billion people on Earth. In the U.S., more time is spent on mobile media than on desktop and other media, 2.8 … Continue Reading

Data Security in the Financial Industry: Five Key Developments to Keep An Eye on in 2016

By Jenna N. Felz on January 27, 2016 Posted in Financial Privacy

According to a 2015 report on threats to the financial services sector, 41% of financial services organizations polled had experienced a data breach or failed a compliance audit in the previous year, and 57% listed preventing a data breach as their top IT priority. Reflecting the ever-increasing awareness of threats to financial data security, 2015 … Continue Reading

German Data Protection Authorities Limit Use of Alternative Data Transfer Mechanisms in Light of Safe Harbor Decision

By Jenna N. Felz and Alexandra Beierlein on October 29, 2015 Posted in Enforcement, International Privacy Law

In the weeks since the October 6, 2015, Court of Justice of the European Union decision (“CJEU Decision”) that invalidated the EU-U.S. Safe Harbor framework, companies have been faced with the quandary of establishing legal alternatives for transferring personal data from Europe to the U.S. We have discussed alternative data transfer mechanisms such as standard … Continue Reading

FTC to Host Workshop on Online Lead Generation

By Jenna N. Felz on August 4, 2015 Posted in Enforcement

The FTC has increasingly focused its attention on the online lead generation industry by bringing enforcement actions against payday loan lead generators (lead generators alleged to have engaged in advertising that lacked disclosures required by the Truth in Lending Act), mortgage lead generators (lead generators alleged to have deceptively advertised mortgage products by misrepresenting their … Continue Reading

State Law Roundup: Legislatures Across the U.S. Revamp Data Breach Notification Laws

By M. Scott Koller, Melinda L. McLellan and Jenna N. Felz on July 27, 2015 Posted in Breach Notification, Data Breach Notification Laws, State Legislation

As the number of highly publicized data breaches continues to skyrocket and proposals for a federal data breach notification law stagnate, state legislatures around the country have been busy amending their own breach notification statutes. So far, 2015 has been a banner year for state breach law makers, with nine states formalizing amendments to their … Continue Reading

Connecticut May Become First State to Require Identity Theft Protection

By Jenna N. Felz on June 15, 2015 Posted in Data Breaches, Identity Theft

A bill currently before Connecticut Governor Dannel P. Malloy would make the state the first in the nation to require identity theft protection for data breach victims. Senate Bill 949 was approved by both the Connecticut Senate and House on June 1, 2015. If passed, it would amend existing state law to require companies to … Continue Reading

2014 Mobile Privacy and Security Trends and What to Look for in 2015

By Fernando A. Bohorquez, Jr. and Jenna N. Felz on January 23, 2015 Posted in Mobile Privacy

Most analysts and commentators agree that 2014 was the year mobile reached a tipping point. With over 1 billion mobile smartphones in circulation, 2014 marked the first year that mobile Internet usage surpassed desktop use in the U.S. This trend will continue as users spend more time on mobile apps than on the Web. Mobile … Continue Reading

FTC $19 Million Settlement with Google: Unauthorized In-App Charges Are Not Child’s Play

By Jenna N. Felz on December 18, 2014 Posted in Children’s Privacy, Mobile Privacy

The FTC recently approved a final Order resolving allegations that Google unfairly billed customers millions of dollars for unauthorized charges made by children using mobile apps downloaded from the Google Play app store. Under the settlement, first announced in September, Google will provide full refunds to consumers charged for purchases of items within mobile apps … Continue Reading

#Ubergate Makes Plain That Privacy Cannot Be a Passing Thought for Start-Ups

By Fernando A. Bohorquez, Jr. and Jenna N. Felz on November 26, 2014 Posted in Information Security, Online Privacy

The long-brewing behind-the-scenes tensions of privacy, big data, and mobile finally came to a head last week in the public relations disaster known as #Ubergate. Uber’s meteoric rise to the pinnacle of the rideshare start-up economy has been fueled in part by its collection and usage of sensitive consumer geolocation information. An Uber executive’s recent … Continue Reading

What Companies Can Do to Protect Themselves in the Face of Yet Another Massive Data Breach

By Pamela Jones Harbour and Jenna N. Felz on August 12, 2014 Posted in Cybersecurity, Data Breaches, Information Security, Online Privacy

Last week it was reported that a small group of Russian computer hackers illegally obtained an unprecedented quantity of internet credentials, including 1.2 billion username and password combinations, and over 500 million unique email addresses. The compromised companies have not yet been identified, but it is believed that the information came from over 420,000 websites. … Continue Reading

FTC Testifies to Congress on Proposed Senate Geolocation Data Privacy Bill

By Pamela Jones Harbour and Jenna N. Felz on June 20, 2014 Posted in Geolocation

Earlier this month, the Federal Trade Commission (FTC) testified to the Senate Judiciary Committee’s Subcommittee for Privacy, Technology and the Law about proposed Senate Bill 2171, “The Location Privacy Protection Act of 2014 (LPPA).” The Act would prohibit companies from collecting or disclosing geolocation information from electronic communications devices without users’ consent. The Act would … Continue Reading

FTC Report Seeks Congressional Review of Data Broker Industry

By Pamela Jones Harbour, Erik Raven-Hansen, William W. Hellmuth and Jenna N. Felz on June 12, 2014 Posted in Big Data

As the advent of “big data” increasingly takes center stage in the data and privacy sphere, data brokers—companies that compile and resell or share consumers’ personal data—have come under increased scrutiny. On May 27, 2014, the Federal Trade Commission (“FTC”) issued a report titled “Data Brokers: A Call for Transparency and Accountability,” as part of … Continue Reading

With OpenSSL Compromised by Heartbleed, an Opportunity for Companies to Diversify Cybersecurity Efforts

By Pamela Jones Harbour and Jenna N. Felz on April 14, 2014 Posted in Data Breaches, Information Security

The recent discovery of the “Heartbleed” online bug has sent shockwaves through the internet, causing companies and individuals alike to question very basic assumptions about cybersecurity. The bug has allegedly existed for the past two years and was only recently inadvertently discovered by the software developer Codenomicon. Heartbleed renders useless Open Secure Socket Layer (SSL) encryption, … Continue Reading

The FTC Takes a Closer Look at Alternative Scoring Products

By Pamela Jones Harbour, Jenna N. Felz and Charles Shih on April 2, 2014 Posted in Online Privacy

The Federal Trade Commission (“FTC”) hosted a panel discussion, in late March on “Alternative Scoring Products” as part its 2014 Spring Privacy Series, signaling the Commission’s increased attention on this burgeoning industry. The FTC has indicated that its “goal is to study what is happening in the alternative scoring space, what may be on the horizon … Continue Reading