Tag Archives: privacy

Why Worry About a Little Skimmer?

Merchants—rightfully so—are worried about securing their payment card environments so that their name does not appear in a headline discussing how millions of cards were stolen from them. Faced with the challenge of evaluating the use of P2PE and tokenization, the conversion necessary to prepare for the October 2015 EMV liability shift, reading the tea … Continue Reading

FTC Workshop Addresses New Data Privacy Issues Concerning Consumer Generated Health Data

On May 7, 2014, the FTC hosted the latest seminar in their Spring Privacy Series to address the status of Consumer Generated and Controlled Health Data and relate results of recent FTC studies on the topic.  Consumers are embracing new technologies, particularly in the fitness domain and are generating vast amounts of “health data” both … Continue Reading

Big Data and Power Asymmetries: Recent White House Report Addresses Opportunities and Challenges Created by Increasingly Interconnected Technologies

In the latest round of reactions to the Edward Snowden leak, on May 1, 2014, the Obama Administration called for the United States to take a leading role in developing new standards for privacy protections in light of the ongoing “social, economic, and technological revolution.”  In a report titled “Big Data: Seizing Opportunities, Preserving Values,”  … Continue Reading

Ill Conceived California Privacy Bill Threatens Viability Of Commercial Educational Online Services

SB 1177, the Student Online Privacy Protection Act was recently introduced in the California legislature.  This is a bad bill for the private educational industry, and ultimately for parents and students.  It would drastically expand the privacy protections of the Federal Educational Rights and Privacy Act (FERPA), and state equivalents, which impose reasonable limits on … Continue Reading

The FTC Takes a Closer Look at Alternative Scoring Products

The Federal Trade Commission (“FTC”) hosted a panel discussion, in late March on “Alternative Scoring Products” as part its 2014 Spring Privacy Series, signaling the Commission’s increased attention on this burgeoning industry. The FTC has indicated that its “goal is to study what is happening in the alternative scoring space, what may be on the horizon … Continue Reading

Get Ready! HHS OCR Announces Next Round of HIPAA Audits

To combat new risks associated with rapidly evolving health information technology, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) provides standards for the privacy of protected health information (PHI), the security of electronic protected health information (ePHI), and breach notification to individuals.   HITECH … Continue Reading

When Can Online Terms of Use and Privacy Policies Be Changed?

Recently, a California court dismissed a plaintiff’s claims that Instagram’s updated Terms of Services constituted a breach of the covenant of good faith and fair dealing implied in all contacts because Instagram took expanded rights over user’s photos.  Rodriguez v Instagram, LLC  (California Superior Court of San Francisco Case CGC-13-532875) (February 28, 2014). We have … Continue Reading

iBeacons Usher in New Era of Mobile Advertising in 2014, Raise Old Privacy Concerns

Editor’s Note: This blog post was originally published on February 6, 2014 courtesy of iMedia Connection’s Blog. It is repurposed with permission. Remember that scene from Minority Report? The one where John Anderton (Tom Cruise) takes a trip to GAP, virtual billboards call out his name and bombard him with offers as he walks through … Continue Reading

What? The Rules Committee Hearings Don’t Have A Hashtag?

This post is a joint submission with BakerHostetler Discovery Advocate blog. On a snowy Sixth Avenue this week, thousands of people packed the New York Hilton Midtown for the sensory overload that is LegalTech New York (#LTNY), the annual E-Discovery, privacy, and information governance bash. And today, just hours after the massive conference closed, the E-Discovery … Continue Reading

Careful! Your Company May Be a Defacto Data Broker: Are Privacy Regulators Going for Broke(rs) as part of the 2014 Legislative and Privacy Enforcement Agenda?

Concerns about privacy practices in the data broker industry, and the privacy implications about the lack of transparency “behind-the-scenes,” will remain a topic of intense regulatory and legislative focus in 2014.   The Federal Trade Commission has defined “data brokers” as companies that collect personal information about consumers from a variety of public and non-public sources … Continue Reading

Something Wicked This Way Comes – Dark and Dusty Data and the Risk Your Organization Already Owns

This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Authored by: James Sherer During the final panel of Thomson Reuters’ 17th Annual eDiscovery & Information Governance in Practice Forum, Thomas Barnett, Ignatius Grande, and Sandra Rampersaud led a lively discussion on Managing Big Data, Dark Data, and Risk.  And while the exchange … Continue Reading

California’s New “Eraser Button” Law Allows Regretful Teens to Remove Embarrassing Internet Postings

Authored by: Charles K. Shih California became the first state to sign into law a bill that requires websites and apps to provide an “eraser button” to its users under the age of 18.  The law, S.B. 568 signed by California Governor Jerry Brown, has two main elements.  First, it requires Internet companies to provide … Continue Reading

Guest Blog: Vermont Privacy Breach Regulations

Editor’s Notes:Guest blog Interview by Mark Greisiger, President NetDiligence®This blog post has been republished with permission from Junto – NetDiligence Blog A Q&A with Ryan KrigerAmong state Attorneys General, Vermont has gained a reputation for being particularly aggressive about data breach and privacy regulation. To better understand the state’s Consumer Protection Act requirements and processes … Continue Reading

Hannaford vs. comScore – Up and Down Results for Privacy Class Action Defendants

Editor’s note: This is a cross-blog post with BakerHostetler’s Class Action Lawsuit Defense blog.  For the latest class action defense updates, visit www.ClassActionLawsuitDefense.com. Sighs of relief by class actions defendants following the denial of class certification in Hannaford may give way to renewed uncertainty now that a massive class, estimated by the plaintiffs’ lawyer to be more than a … Continue Reading

FTC Settlement Restricts Use of Web Tracking Technology

Co-authored by: Elizabeth Stamoulis On February 20th, after a period for public comment, the FTC approved a final order settling charges against Compete, Inc., a market research company that collects online data for the purpose of developing and selling reports about consumer behavior on the Internet. The action demonstrates the FTC’s continuing concern about online … Continue Reading

Recent Trends in Class Actions for Telephone and Fax Solicitation and Advertising

Authorship Credit: Justin T. Winquist Editor’s Note: This post is a joint submission to BakerHostetler’s Class Action Lawsuit Defense blog. Class actions under the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, continue to be an active trend in consumer and privacy class action litigation. The TCPA, which was historically called the “fax blast” statute, … Continue Reading

Marital Communications are “Essential to the Preservation of Marriage” – Unless Made from a Workplace Computer

Editor’s Note: This post is a joint submission to BakerHostetler’s Discovery Advocate blog. Communications between spouses are typically accorded a “marital communications privilege” because they are “regarded as so essential to the preservation of the marriage relationship as to outweigh the disadvantages to the administration of justice which the privilege entails.”  But marital communications to … Continue Reading

OMG! Does Your Doctor’s Facebook Status Violate HIPAA?

Co-authored by: Cory Fox Recently, the Federation of State Medical Boards (“the Federation”) released its Model Policy Guidelines for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Guidelines”). The Guidelines are intended to address how physicians can utilize social media to facilitate patient care while still maintaining the privacy and confidentiality … Continue Reading

Lessons For Privacy Advocates and Website Operators From Amazon Cookie Litigation

A Washington federal district court has dismissed with prejudice class action claims against Amazon alleging that the company’s use of cookies to track consumers’ personal data violated the Consumer Fraud and Abuse Act (CFAA), and has requested further briefing on a claimed violation of the Washington Consumer Protection Act (WCPA). (Del Vecchio v. Amazon). This … Continue Reading

CAUTIOUSLY, EUROPE EMBRACES GOVERNMENT & ENTERPRISE CLOUD COMPUTING

Last week the European Commission's panel on privacy, commonly known as the Article 29 Working Party, provided long-awaited clarity (in the form of an "Opinion") on whether and how European governments and private enterprise can utilize cloud computing technology in their operations, including processing personal information and other protected data. Cloud computing is a broad term that varies in context and has been subject to hype, but generally refers to technologies and service models allowing the sharing of on-demand scalable computer resources over the internet, including software programs, computer storage space and elastic computing power. Implementing IaaS systems has allowed companies and governments to significantly reduce capital expenditures by eliminating the need for purchase and maintenance of computer infrastructure equipment. Cloud services also allow for rapid remote deployment of software and network solutions. Additionally, cloud services enable organizations to decrease reliance on developing sophisticated in-house staff since major cloud providers have trained experts monitoring the computing environment. But, because cloud computing leverages the internet and computing resources in geographically disparate locations, the technologies present serious privacy and data security risks. In addressing this fundamental concern the Opinion indicates that the principal risks are a potential lack of control over data and limited transparency into its processing. A cloud provider's infrastructure can seem opaque and lacking information ensuring the "availability, integrity, confidentiality, transparency, isolation, intervenability and portability of the data". Additionally, due to the collaborative nature of cloud computing, customers may not be aware of subcontractors in the supply chain handling their data. With due respect to the data security risk, many observers consider this to be the great triumph of cloud compuing - that is that is simply "works" without its users having to worry about the back-end.… Continue Reading

Facebook Implements California Consumer Privacy Protections In Rolling Out Its New App Center

In this context, Facebook will require all software applications ("Apps") offered through the App Center to provide a clear link to its privacy policy. Third party App distributors will be able to utilize the Facebook App Center and its development tools to provide, and make discoverable, their mobile offerings. Given Facebook's increasingly large user base and existing third party App infrastructure, the App Center is likely to have an impact of significance on the global mobile application marketplace.… Continue Reading
LexBlog