Archives: Data Collection

Subscribe to Data Collection RSS Feed

New Jersey Bill Limiting Identity Card Scanning Signed Into Law

On July 21, 2017, New Jersey Governor Chris Christie signed into law a bill that places new restrictions on retailers’ collection and use of information collected when a customer’s identification (ID) card is scanned. The Personal Information and Privacy Protection Act (the Act) (we previously analyzed this bill, here) takes effect on October 1, 2017, and permits … Continue Reading

New Jersey Senate Passes Bill Limiting Identity-Card Scanning by Retailers for Limited Purposes

On June 22, 2017, the New Jersey Senate passed the Personal Information and Privacy Protection Act (“the Act”), now awaiting Governor Christie’s handling. The Act permits retailers to scan a person’s identity card (“I.D. card”) for specified purposes and limits the type of information that may be collected to the name, address, date of birth, … Continue Reading

Recent Trends in Bankruptcy Sales of Customer Data

Introduction In 2005, Congress amended the Bankruptcy Code to address privacy concerns in connection with sales of customer data in bankruptcy cases. The Code was specifically amended to restrict or prohibit the sale of customers’ personally identifiable information – as defined by the Bankruptcy Code – when in violation of a debtor company’s existing privacy … Continue Reading

FTC Report Highlights Privacy Concerns and Best Practices for Cross-Device Tracking

On January 23, 2017, the FTC released a Staff Report (the Report) on cross-device tracking, a commonly used practice that allows companies to associate multiple internet-based devices with the same consumer in order to track behavior across devices. The Report follows the FTC’s Workshop on cross-device tracking, and alerts companies engaged in cross-device tracking of certain best … Continue Reading

Proper Handling of Biometric Data — Lessons Learned from a $1.5 Million Illinois Class Action Settlement

In 2008, Illinois passed the Biometric Information Privacy Act, 740 ILCS 14/1 (the Act or BIPA), which requires companies to obtain a person’s consent before collecting that person’s biometric data. Illinois, unlike other states such as Texas, provides a private right of action for individuals whose data was collected without proper notification and consent. Under … Continue Reading

FCC Announces New Rules to Protect Online Privacy

On October 27, the Federal Communications Commission (FCC), by a 3-2 vote, approved new rules regarding how Internet Service Providers (ISPs) handle their customers’ browsing history, mobile location data and other sensitive information generated by virtue of their customers’ use of the Internet. The agency is looking to restrict ISPs ability to share with advertisers … Continue Reading

OCR: Businesses Sharing Consumer Health Information Must Also Comply With FTC Act

In October 2016, the OCR issued a bulletin clarifying that businesses collecting and sharing consumer health information must comply with the FTC Act. The OCR specifically called out disclosure statements, declaring “You must also make sure your disclosure statements are not deceptive under the FTC Act.” Businesses dealing with health information are likely already familiar … Continue Reading

Wearable Tech: Where Data Privacy Collides with Employment Law

As wearable devices like FitBit, Garmin, and Jawbone and a culture of wellness in the workplace proliferate, employers who adopt such technology should be mindful of federal and state privacy laws, as well as the myriad of employment laws that are implicated by the use of these devices. The aggressive stance taken by federal employment … Continue Reading

FCC Net Neutrality Rules Upheld by Federal Appeals Court

Today, a federal appeals court upheld the FCC’s recent net neutrality rules which purportedly make internet service providers treat all web traffic equally, delivering a major defeat to cable and telephone companies. The D.C. Circuit Court of Appeals, in a 2-1 vote, affirmed the FCC’s net neutrality rules, which have been supported by both consumer … Continue Reading

FCC Chairman Proposes To Provide Broadband Consumers With Choice, Transparency & Security

Next week the Federal Communications Commission (FCC) will vote on a new proposal for privacy rules governing internet service providers (ISP). This follows on the FCC’s decision last year that high-speed internet carriers should be treated as public utilities (providing telecommunications services as opposed to information services). The decision was part of last year’s net … Continue Reading

Upcoming Webinar: Why the European GDPR Matters To Your Company

Tuesday, March 29, 2016 10:30 AM PT / 1:30 PM ET This valuable webinar is made available to you free of charge by ePlace Solutions. Any company that collects or uses data about a European citizen will be affected by the new General Data Protection Regulation in Europe, regardless of where they are based. US-based … Continue Reading

OCR 2016 HIPAA Audits Underway

During the PHI Protection Network Conference in Philadelphia on March 17 and 18, 2016, Barbara Holland, regional manager for the Department of Health & Human Services’ Office for Civil Rights (OCR) Mid Atlantic region, discussed the upcoming HIPAA audits, which are expected to start in a few months. After initiating a HIPAA audit pilot program … Continue Reading

Smile – I’m Recording You: The First Amendment and Right (or not) to Record

In science, the term “observer effect” refers to changes that the act of observation will make on a phenomenon being observed. Pennsylvania district court has just ruled that there is no First Amendment right to video police officers while in the line of duty because merely observing is not expressive activity. Fields v. City of … Continue Reading

Breaking News- USA and EU Reach Data Transfer Agreement to Replace Safe Harbor

Today, the European Commission announced that the United States and the European Union reached a trans-Atlantic data transfer agreement called “EU-US Privacy Shield” to replace Safe Harbor. While the written text of Privacy Shield has not yet been released, the agreement introduces a new regime for trans-Atlantic transfer of Europeans’ data. We can expect to … Continue Reading

FTC’s First PrivacyCon Event Reveals Cutting Edge Research in Key Data Privacy Issues and Hot Topics on the FTC’s Radar

The FTC held its first PrivacyCon event on January 14, 2016, bringing together scholars, researchers, and the FTC to discuss the latest privacy and data security research in 5 topic areas: 1) state of online privacy, 2) consumer’s privacy expectations, 3) big data in algorithms, 4) the economics of privacy and data security, and 5) … Continue Reading

Cybersecurity Law Passed After Late Addition to Budget Bill

Late last month, President Barack Obama signed into law a budget bill passed by Congress. Included in the budget is a section entitled “Cybersecurity Act of 2015”, which contains most of the language from the Cybersecurity Information Sharing Act, a bill introduced by Senator Richard Burr (R-NC) intended to enhance coordination between government agencies and … Continue Reading

EU Working Party Speaks on EU/US Safe Harbor Ruling

The Article 29  Working Party is an EU committee which comprises representatives from the data protection regulators of each of the EU Member States.  Its purpose is to advise on the protection of individuals’ data whilst giving effect to the harmonization of data protection regimes so to encourage the free movement of data in the … Continue Reading

California Restricts Warrantless Access of Electronic Data by Law Enforcement

An overwhelming majority of Californians (82%) have spoken up loud and clear that they want change – they want the police to “get a warrant” for digital information. Now, Californians can rest assured that law enforcement cannot poke around in their digital records without first obtaining a warrant. On October 8, 2015, Governor Jerry Brown … Continue Reading

US/EU Safe Harbour Invalidated – The View from London

On 6 October, the European Court of Justice struck down the “Safe Harbour” agreement created by the EU Commission Decision 2000/520 for the transferring of personal data between entities located in the EU and the US, or even between a single company’s servers located in the US and the EU. The agreement was a cornerstone … Continue Reading

10 Million Patients Affected by Fifth Major Healthcare Provider Data Breach of 2015

On August 5, 2015, Excellus BlueCross BlueShield discovered that as many as 10 million of its clients’ information may have been exposed in a sophisticated data breach campaign dating back to December 2013. The potentially compromised data included: Credit card numbers Social Security numbers Dates of birth Mailing addresses Telephone numbers Member identification numbers Financial … Continue Reading

Nevada Broadens Definition of Personal Information for Purpose of Encryption and Breach Notices

On May 13, Nevada passed a new law (A.B. 179) expanding the definition of “personal information” to include a natural person’s first name or initial and last name in combination with: 1) medical and health insurance identification numbers; 2) user names, unique identifiers or email addresses in combination with passwords, access codes or security questions … Continue Reading
LexBlog