Archives: Privacy

Subscribe to Privacy RSS Feed

And Now There are Three: Nevada Joins California and Delaware in Privacy Policy Requirements for Website Operators

The latest development with respect to privacy policies involves amendments to existing legislation governing state statutes governing the security of personal information for website operators and online service providers. (See June 30, 2017 Alert – FTC Issues Updated Guidance for Compliance with COPPA).  This may be the next wave of statutory amendments in the ongoing … Continue Reading

New Jersey Bill Limiting Identity Card Scanning Signed Into Law

On July 21, 2017, New Jersey Governor Chris Christie signed into law a bill that places new restrictions on retailers’ collection and use of information collected when a customer’s identification (ID) card is scanned. The Personal Information and Privacy Protection Act (the Act) (we previously analyzed this bill, here) takes effect on October 1, 2017, and permits … Continue Reading

New Jersey Senate Passes Bill Limiting Identity-Card Scanning by Retailers for Limited Purposes

On June 22, 2017, the New Jersey Senate passed the Personal Information and Privacy Protection Act (“the Act”), now awaiting Governor Christie’s handling. The Act permits retailers to scan a person’s identity card (“I.D. card”) for specified purposes and limits the type of information that may be collected to the name, address, date of birth, … Continue Reading

Recent Trends in Bankruptcy Sales of Customer Data

Introduction In 2005, Congress amended the Bankruptcy Code to address privacy concerns in connection with sales of customer data in bankruptcy cases. The Code was specifically amended to restrict or prohibit the sale of customers’ personally identifiable information – as defined by the Bankruptcy Code – when in violation of a debtor company’s existing privacy … Continue Reading

FTC Report Highlights Privacy Concerns and Best Practices for Cross-Device Tracking

On January 23, 2017, the FTC released a Staff Report (the Report) on cross-device tracking, a commonly used practice that allows companies to associate multiple internet-based devices with the same consumer in order to track behavior across devices. The Report follows the FTC’s Workshop on cross-device tracking, and alerts companies engaged in cross-device tracking of certain best … Continue Reading

FTC Settles Ashley Madison Data Breach Complaint

The operators of Ashley Madison, the dating website for married people that became famous following its massive data breach in 2015, settled claims brought by the Federal Trade Commission (“FTC”) regarding that breach and their security practices and representations. Ruby Corp., Ruby Life Inc., and ADL Media Inc. (collectively, “Ruby”), named as defendants, were responsible … Continue Reading

One Good Deal After Another – Navy Data Breach, Damages and Sovereign Immunity

“One good deal after another” – This old expression from my time of service in the USN popped into my head as I read news of the latest breach of information regarding Navy personnel. In sum, reported the Navy on November 23, the laptop of a government contractor supporting a naval contract was “compromised” and … Continue Reading

Proper Handling of Biometric Data — Lessons Learned from a $1.5 Million Illinois Class Action Settlement

In 2008, Illinois passed the Biometric Information Privacy Act, 740 ILCS 14/1 (the Act or BIPA), which requires companies to obtain a person’s consent before collecting that person’s biometric data. Illinois, unlike other states such as Texas, provides a private right of action for individuals whose data was collected without proper notification and consent. Under … Continue Reading

FCC Announces New Rules to Protect Online Privacy

On October 27, the Federal Communications Commission (FCC), by a 3-2 vote, approved new rules regarding how Internet Service Providers (ISPs) handle their customers’ browsing history, mobile location data and other sensitive information generated by virtue of their customers’ use of the Internet. The agency is looking to restrict ISPs ability to share with advertisers … Continue Reading

OCR: Businesses Sharing Consumer Health Information Must Also Comply With FTC Act

In October 2016, the OCR issued a bulletin clarifying that businesses collecting and sharing consumer health information must comply with the FTC Act. The OCR specifically called out disclosure statements, declaring “You must also make sure your disclosure statements are not deceptive under the FTC Act.” Businesses dealing with health information are likely already familiar … Continue Reading

Wearable Tech: Where Data Privacy Collides with Employment Law

As wearable devices like FitBit, Garmin, and Jawbone and a culture of wellness in the workplace proliferate, employers who adopt such technology should be mindful of federal and state privacy laws, as well as the myriad of employment laws that are implicated by the use of these devices. The aggressive stance taken by federal employment … Continue Reading

NY Cybersecurity Regs Could Spur Legal Work Nationwide

Orange County Partner Scott Lyon was recently quoted in Corporate Counsel’s article “NY Cybersecurity Regs Could Spur Legal Work Nationwide.” The article examines New York’s new proposed cybersecurity for financial institutions and insurers. Please click here to read the full article. (Subscription required)… Continue Reading

Article III Standing is Not the Only Hurdle in Data Breach Litigation – So Says the Seventh Circuit Courts

In the past week, two different Illinois federal courts have given financial institutions and merchants a second chance to try to allege claims arising from data breaches that can withstand the rigors of a motion to dismiss under Federal Rule 12 (b) (6). In Community Bank of Trenton et al. v. Schnuck Markets Inc., case … Continue Reading

House Committee Report Details Extent of OPM Security Failures Resulting In Breach of Over 30 Million Records

According to a report by the Republicans on the U.S. House Oversight & Government Reform Committee, the hack of the Office of Personnel Management (OPM) was the direct result of the agency’s long-standing failure to properly “prioritize cybersecurity and adequately secure high value data.” The breach, which has been attributed to at least two Chinese … Continue Reading

FTC Takes LabMD to Task for Inadequate Computer Security Practices in Violation of Section 5(n)

In a unanimous opinion, the Federal Trade Commission ruled that an Administrative Law Judge erred when he concluded that the FTC failed to prove that LabMD, a Georgia-based clinical testing laboratory, had engaged in an “unfair or deceptive trade practice” based on inadequate computer security for records containing protected health information (PHI) and sensitive personally … Continue Reading

Upcoming Event: Critical Updates on HIPPA Enforcement Actions and 2016 OCR Audits

Wednesday, June 22, 2016 11 a.m. PT/1 p.m. CT/ 2 p.m. ET Who: Lawyers and non-lawyers, insurers and commercial claims representatives. Where: At your desk. (There is no dial-in required; the audio will stream through your computer). How: Register here. The Midwest Claims Association and Sedgwick LLP cordially invite you to join us for this … Continue Reading

FCC Net Neutrality Rules Upheld by Federal Appeals Court

Today, a federal appeals court upheld the FCC’s recent net neutrality rules which purportedly make internet service providers treat all web traffic equally, delivering a major defeat to cable and telephone companies. The D.C. Circuit Court of Appeals, in a 2-1 vote, affirmed the FCC’s net neutrality rules, which have been supported by both consumer … Continue Reading

Bankruptcy Rules On Privacy Pose Risk to Unwary Creditors

With the advent of electronic case filing, the increased risk of identity theft, and proliferation of various privacy laws, creditors need to be more cautious than ever when filing their proofs of claim in bankruptcy cases to order to avoid inadvertent disclosure of the debtor’s personal information. This is of particular importance as to any … Continue Reading

Proposed Legislation Could Make It More Difficult For Law Enforcement To Identify Criminals Using Anonymizing Technology

A bipartisan group of senators has introduced legislation that would make it more difficult for the FBI to investigate child pornography and other crimes in instances where the criminals are using anonymizing or location-obfuscating technology. In April, the U.S. Supreme Court approved a change to Rule 41(b) of the Federal Rules of Criminal Procedure which … Continue Reading

No Storefront? No Problem: Deceptive Pricing Moves Online

More than three-dozen deceptive pricing cases have been filed in the last two years alone, with more suits being filed every week. These suits generally claim that the retailer deceives customers into making purchases by listing an inflated and illusory reference price (for example, an “original” price, a manufacturer suggested retail price or a “compare … Continue Reading

FCC Chairman Proposes To Provide Broadband Consumers With Choice, Transparency & Security

Next week the Federal Communications Commission (FCC) will vote on a new proposal for privacy rules governing internet service providers (ISP). This follows on the FCC’s decision last year that high-speed internet carriers should be treated as public utilities (providing telecommunications services as opposed to information services). The decision was part of last year’s net … Continue Reading

Upcoming Webinar: Why the European GDPR Matters To Your Company

Tuesday, March 29, 2016 10:30 AM PT / 1:30 PM ET This valuable webinar is made available to you free of charge by ePlace Solutions. Any company that collects or uses data about a European citizen will be affected by the new General Data Protection Regulation in Europe, regardless of where they are based. US-based … Continue Reading

OCR 2016 HIPAA Audits Underway

During the PHI Protection Network Conference in Philadelphia on March 17 and 18, 2016, Barbara Holland, regional manager for the Department of Health & Human Services’ Office for Civil Rights (OCR) Mid Atlantic region, discussed the upcoming HIPAA audits, which are expected to start in a few months. After initiating a HIPAA audit pilot program … Continue Reading