By Kevin Boyle and Aryeh Richmond Here is a reminder that the Federal Trade Commission’s revisions to its Children’s Online Privacy Protection Rule become effective on July 1. If you haven’t already, now is the time to make sure you have revisions to meet the rule in place as FTC and state attorney general inquiries … Continue Reading
By Jennifer Archie and Kevin Boyle A California state judge has dismissed a state enforcement action against our client Delta Air Lines arising out of the alleged failure to timely post a privacy policy specific to its Fly Delta App in a manner that was reasonably accessible to smartphone users. In what Law360 characterized as … Continue Reading
By Jennifer Archie On Friday, Feb. 1, 2013, following the now expected series of public workshops and roundtables and well-timed enforcement actions, the Federal Trade Commission Staff issued a new 36-page staff report, Mobile Privacy Disclosures: Building Trust Through Transparency. The Report summarizes past actions and guidance, and makes new recommendations for clearly and transparently … Continue Reading
By Susan Ambler Ebersole HHS today published the long-awaited HIPAA/HITECH omnibus final rule. A pre-publication version of the Rule was released on January 17. The Rule is effective March 26, 2013, but covered entities and business associates have until September 23, 2013 to comply. While Latham & Watkins is still engaged in a comprehensive review … Continue Reading
By Linda Inscoe and Joseph Farrell On September 27, 2012, California became the third state to enact legislation protecting employees, job applicants, university students and prospective students against coerced disclosure of usernames, passwords and other information related to personal social media accounts, such as Facebook, MySpace and Twitter accounts, text messages, private email accounts, blogs … Continue Reading
An August 2 webcast on Compliance and Enforcement in the Hospitality Industry looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.) Some … Continue Reading
On Thursday, the U.S. Senate failed to pass a motion to end debate on the Cybersecurity Act of 2012 by a vote of 52-46. Sponsors were unable to muster the 60 votes required to move forward with the legislation, following heavy lobbying against the bill by the U.S. Chamber of Commerce, the financial industry, and … Continue Reading
By Jennifer Archie and Kevin Boyle The Cybersecurity Act of 2012 (S. 3414) moved one step closer to possible passage on Thursday when the United States Senate voted 84 to 11 to allow an open amendment process when the bill is taken up for floor debate, as early as next week. The bill still faces … Continue Reading
By Brian Murray The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as … Continue Reading
By Jennifer Archie, Kevin Boyle and Ghaith Mahmood As the home of the largest online and mobile businesses and platforms, and no doubt seeking to maintain the reputation of her state as one of those leading the nation in enactment and enforcement of privacy laws and regulations, California Attorney General Kamala D. Harris on Thursday announced the formation … Continue Reading
By Gail Crawford and Amy Taylor It seems somewhat fitting to blog about the USA Patriot Act on this Fourth of July. On the second day of the annual Privacy Laws & Business conference in Cambridge, Peter McLaughlin, senior counsel at Foley & Lardner, took to the floor with the aim of “distinguishing fact and fiction about the scope of the law and … Continue Reading
Focus on Mobile App Transparency Pursuant to the Obama Administration’s blueprint for consumer privacy released in February (and in accord with a request for comments published in March), the National Telecommunications and Information Administration (NTIA) has issued a notice setting July 12, 2012, as the date for the first meeting in its privacy multistakeholder process. Mobile app … Continue Reading
Spokeo Consent Decree Serves as Important Caution to Buyers and Sellers of Social Media Reports on Consumers to Understand and Comply with FCRA By Jennifer Archie, Kevin Boyle and Kelsey McPherson As part of a settlement announced Monday, the FTC sends a reminder that the requirements of the Fair Credit Reporting Act (“FCRA”) apply to … Continue Reading
By Kevin Boyle and Kee-Min Ngiam The SEC’s Staff of the Division of Corporation Finance recently issued guidance to help clarify public reporting companies’ disclosure obligations in the area of cybersecurity risks and cyber incidents. The guidance, which does not change existing disclosure obligations for public companies, should help company officers responsible for security, privacy, … Continue Reading
A recent proposed FTC consent judgment sends a warning to avoid default program settings that compromise privacy when setup routines create the impression they do not. The FTC’s underlying complaint against Frostwire LLC, developer of P2P file-sharing applications, alleged that the firm’s software for the Android platform “was likely to cause a significant number of … Continue Reading
Many employers have adopted policies establishing guidelines for responsible blogging and use by employees of social networking media sites such as Facebook, MySpace, Twitter and YouTube. These policies typically require that employees make clear that they are not speaking on behalf of their employer, unless specifically authorized to do so; comply with company policies regarding … Continue Reading
As part of its cyber security legislative proposal unveiled on May 12, the Obama administration sent to Congress a proposed Data Breach Notification bill that would supersede similar state laws. If enacted, the bill would dramatically simplify response to data breaches involving residents from multiple states—a process that is now a maze of requirements, often … Continue Reading
Google has consented to the entry of a proposed Agreement Containing Consent Order with the US Federal Trade Commission, subjecting the company to sweeping government oversight of its privacy disclosure and product development and release practices, nominally arising out of the roll-out of its Buzz product in February 2010. The auditing and reporting requirements are … Continue Reading
Following the change of control in the U.S. House of Representatives, privacy and security issues are frequently raised as likely subjects for hearings and new legislation in the U.S. Congress. Multiple committees in both houses repeatedly express interest in holding hearings and in exploring topics impacting privacy and data security regulations in the United States. For … Continue Reading
Following in the wake of the FTC’s report on online tracking, the Commerce Department has issued its “green paper” on privacy. The report is part of the Department’s ongoing review of privacy practices begun in April this year. While it avoids making many specific policy recommendations, the report does recommend the development of Fair Information … Continue Reading
In a long anticipated report entitled Protecting Consumer Privacy in an Era of Rapid Change, a divided U.S. Federal Trade Commission focused on raising consumer awareness and soliciting industry feedback on online tracking and behavioral advertising. Industry is portrayed as “too slow” to improve privacy practices in this arena. The report proposes a normative framework … Continue Reading
On October 28, 2010, the Payment Card Industry Data Security Standard (PCI DSS) 2.0 was released. There are no new requirements, mostly the PCI Security Standard Council (“Council”) made wording clarifications throughout the 12 existing requirements. These changes go into effect January 1, 2011, but merchants don’t have to be compliant with them until December … Continue Reading
The German Government does not see any need for them to take action with regard to the US-American “Safe Harbor” framework which has become subject to growing criticism. In a response to a query made by the SPD parliamentary group dated 25 October 2010 the Government refers the issue to the European Commission and the … Continue Reading
