Global Privacy & Security Compliance Law Blog

Tag Archives: Developments NA

FTC Issues Staff Report on Mobile Privacy Disclosures

By Jennifer Archie On Friday, Feb. 1, 2013, following the now expected series of public workshops and roundtables and well-timed enforcement actions, the Federal Trade Commission Staff issued a new 36-page staff report, Mobile Privacy Disclosures: Building Trust Through Transparency.  The Report summarizes past actions and guidance, and makes new recommendations for clearly and transparently … Continue Reading

HHS Publishes Omnibus HIPAA/HITECH Final Rule

By Susan Ambler Ebersole HHS today published the long-awaited HIPAA/HITECH omnibus final rule.  A pre-publication version of the Rule was released on January 17.  The Rule is effective March 26, 2013, but covered entities and business associates have until September 23, 2013 to comply.  While Latham & Watkins is still engaged in a comprehensive review … Continue Reading

California Limits Employer Access to Employee/Applicant Social Media

By Linda Inscoe and Joseph Farrell On September 27, 2012, California became the third state to enact legislation protecting employees, job applicants, university students and prospective students against coerced disclosure of usernames, passwords and other information related to personal social media accounts, such as Facebook, MySpace and Twitter accounts, text messages, private email accounts, blogs … Continue Reading

Compliance and Enforcement in the Hospitality Industry Webinar Available

An August 2 webcast on Compliance and Enforcement in the Hospitality Industry  looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.) Some … Continue Reading

FCC Examining Privacy, Security Issues Raised by Stored Customer Information on Mobile Devices

By Brian Murray The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as … Continue Reading

California AG’s Office Establishes Privacy Enforcement Unit

By Jennifer Archie, Kevin Boyle and Ghaith Mahmood As the home of the largest online and mobile businesses and platforms, and no doubt seeking to maintain the  reputation of her state as one of those leading the nation in enactment and enforcement of privacy laws and regulations, California Attorney General Kamala D. Harris on Thursday announced the formation … Continue Reading

PL&B Annual Conference, Day 2: The Patriot Act, Distinguishing Fact from Fiction?

By Gail Crawford and Amy Taylor It seems somewhat fitting to blog about the USA Patriot Act on this Fourth of July. On the second day of the annual Privacy Laws & Business conference in Cambridge, Peter McLaughlin, senior counsel at Foley & Lardner, took to the floor with the aim of “distinguishing fact and fiction about the scope of the law and … Continue Reading

NTIA Announces First Privacy Multistakeholder Meeting Pursuant to Obama Administration Privacy Blueprint

Focus on Mobile App Transparency Pursuant to the Obama Administration’s blueprint for consumer privacy released in February (and in accord with a request for comments published in March), the National Telecommunications and Information Administration (NTIA) has issued a notice setting July 12, 2012, as the date for the first meeting in its privacy multistakeholder process. Mobile app … Continue Reading

SEC Guidance on Cybersecurity Disclosures

By Kevin Boyle and Kee-Min Ngiam The SEC’s Staff of the Division of Corporation Finance recently issued guidance to help clarify public reporting companies’ disclosure obligations in the area of cybersecurity risks and cyber incidents. The guidance, which does not change existing disclosure obligations for public companies, should help company officers responsible for security, privacy, … Continue Reading

Unfair Software Design: Lessons from the FTC’s Proposed Frostwire Consent Judgment

A recent proposed FTC consent judgment sends a warning to avoid default program settings that compromise privacy when setup routines create the impression they do not. The FTC’s underlying complaint against Frostwire LLC, developer of P2P file-sharing applications, alleged that the firm’s software for the Android platform “was likely to cause a significant number of … Continue Reading

Caution for Employers: Don’t Read Too Much Into Your Social Media Policy

Many employers have adopted policies establishing guidelines for responsible blogging and use by employees of social networking media sites such as Facebook, MySpace, Twitter and YouTube.  These policies typically require that employees make clear that they are not speaking on behalf of their employer, unless specifically authorized to do so; comply with company policies regarding … Continue Reading

Unified Approach to US Breach Notification?

As part of its cyber security legislative proposal unveiled on May 12, the Obama administration sent to Congress a proposed Data Breach Notification bill that would supersede similar state laws.  If enacted, the bill would dramatically simplify response to data breaches involving residents from multiple states—a process that is now a maze of requirements, often … Continue Reading

March Madness or a Sign of Times to Come? Google’s Proposed Consent Agreement with Federal Trade Commission

Google has consented to the entry of a proposed Agreement Containing Consent Order with the US Federal Trade Commission, subjecting the company to sweeping government oversight of its privacy disclosure and product development and release practices, nominally arising out of the roll-out of its Buzz product in February 2010. The auditing and reporting requirements are … Continue Reading

Privacy Debate Moves to Capitol Hill

Following the change of control in the U.S. House of Representatives, privacy and security issues are frequently raised as likely subjects for hearings and new legislation in the U.S. Congress. Multiple committees in both houses repeatedly express interest in holding hearings and in exploring topics impacting privacy and data security regulations in the United States. For … Continue Reading

Commerce Department Speaks on Privacy

Following in the wake of the FTC’s report on online tracking, the Commerce Department has issued its “green paper” on privacy. The report is part of the Department’s ongoing review of privacy practices begun in April this year. While it avoids making many specific policy recommendations, the report does recommend the development of Fair Information … Continue Reading

FTC Issues Long Anticipated Privacy Report

In a long anticipated report entitled Protecting Consumer Privacy in an Era of Rapid Change, a divided U.S. Federal Trade Commission focused on raising consumer awareness and soliciting industry feedback on online tracking and behavioral advertising. Industry is portrayed as “too slow” to improve privacy practices in this arena. The report proposes a normative framework … Continue Reading

PCI 2.0 Released: Clarifications But No New Requirements

On October 28, 2010, the Payment Card Industry Data Security Standard (PCI DSS) 2.0 was released. There are no new requirements, mostly the PCI Security Standard Council (“Council”) made wording clarifications throughout the 12 existing requirements. These changes go into effect January 1, 2011, but merchants don’t have to be compliant with them until December … Continue Reading

German Government Does Not Criticize Safe Harbor

The German Government does not see any need for them to take action with regard to the US-American “Safe Harbor” framework which has become subject to growing criticism. In a response to a query made by the SPD parliamentary group dated 25 October 2010 the Government refers the issue to the European Commission and the … Continue Reading
LexBlog