Nearly two and a half years following the appeal of the Federal Communications Commission’s (FCC) July 2015 Order, the U.S. Court of Appeals for the District of Columbia issued a ruling on March 16, 2018. On appeal, over a dozen … Continue Reading
Category Archives: Privacy
Subscribe to Privacy RSS FeedU.S. Companies: Are You Ready for GDPR?
Posted in Data portability, EU Data Protection, Privacy, RegulationOn May 25, 2018, the General Data Protection Regulation (GDPR) goes into effect. Are you ready?
Who’s affected?
Organizations, anywhere in the world, that process the personal data of European Union (EU) residents should pay attention to GDPR and its … Continue Reading
Cybersecurity: FINRA Guidance through 2018 Priorities and Recent Exam Findings
Posted in Cybersecurity, Financial Services Information Management, Information Management, Notification, PrivacyThe Financial Industry Regulatory Authority (FINRA) is ramping up on their commitment to assist the industry in its cybersecurity compliance efforts. Recent guidance to the industry from FINRA includes:
- an Examination Findings Report, detailing observations from recent broker-dealer examinations
Child’s Play: VTech Settles FTC Lawsuit Over Data Security in Connected Toys
Posted in Consumer Privacy/FTC, Data breach, FTC enforcement, PrivacyOn January 8, 2018, the FTC announced that VTech, maker of electronic toys for children, agreed to settle charges that it violated the law by collecting personal information without parental consent.
When Congress enacted the Children’s Online Privacy Protection Act … Continue Reading
No Written Consent, But Still No Harm: TCPA Class Certification Denied Where Spokeo Creates Individualized Questions of Consent
Posted in Consumer Privacy/FTC, Privacy, RetailEarlier this year, the Northern District of Illinois declined to certify a Telephone Consumer Protection Act (TCPA) class action even though the key issue in the case – whether class members had provided prior express written consent to receive prerecorded … Continue Reading
The 2018 Virginia General Assembly Session Hasn’t Begun, but Legislation on Student Privacy and Credit Freeze Charges is Already Pending
Posted in Data breach, Legislation, PrivacyAs previously written about in this blog, student privacy figured prominently in a few campaigns for the Virginia House of Delegates this past Fall. A progressive special interest group utilized Virginia’s Freedom of Information Act to request and receive … Continue Reading
Federal Agencies Respond to Concerns About Student Privacy
Posted in Privacy, RegulationThe Federal Trade Commission (FTC) and U.S. Department of Education (ED) increasingly are responding to concerns about educational technology and its ability to capture and manipulate massive quantities of private student and parent data. “EdTech,” as it is called, broadly … Continue Reading
Behavioral Advertising: What Companies Need to Know About Evolving Advertising Technologies
Posted in Consumer Privacy/FTC, Privacy, Profiling, Social MediaRapidly changing and complex technology, the rise of “Big Data” and an increasing focus on digital advertising has made advertising legal compliance an increasingly complex area for companies. In-house attorneys and their outside counsel must wrestle with understanding the legal … Continue Reading
First Annual Review and the Privacy Shield is Still Standing: What’s Next?
Posted in E-commerce, EU Data Protection, Other, PrivacyOn October 18, 2017, the European Commission issued its report on the first annual review of the EU- U.S. Privacy Shield, aimed at allowing personal data transfer from the EU to the U.S. through the implementation of a data … Continue Reading
The Politics of Access to Student Data
Posted in Legislation, PrivacyCombine several hotly contested elections for state office, traditional voter registration and mobilization tactics, a progressive special interest group and the use of an existing law to gain access to tens of thousands of individual student phone numbers and email … Continue Reading
The New CFPB Consumer Protection Principles
Posted in Consumer Privacy/FTC, Cybersecurity, Financial Services Information Management, Notification, PrivacyOn October 18, 2017, the Consumer Financial Protection Bureau (CFPB) issued a set of Consumer Protection Principles regarding the sharing and aggregation of consumers’ financial data. The timing of the announcement in light of last month’s disclosure of the Equifax … Continue Reading
Update: Another Court Gives Broad Reading to Illinois Biometric Privacy Act
Posted in Privacy, Social MediaAnother court ruling this week concludes that the Illinois Biometric Information Privacy Act (IBIPA) covers face geometry scans that are created from digital images, again rejecting the argument that the statute should apply only to facial scans made in person. … Continue Reading
Call Me Maybe: Equivocal Statements May Partially Revoke Consent Under TCPA
Posted in Litigation, PrivacyIn a recent decision, the 11th U.S. Circuit Court of Appeals reversed a grant of summary judgment in favor of a bank on Telephone Consumer Protection Act (TCPA) claims, by holding that a consumer can partially revoke her previously provided … Continue Reading
Business as Usual: UK’s New Data Protection Bill and the GDPR
Posted in EU Data Protection, Legislation, PrivacyThe UK Government will introduce a new Data Protection Bill (the “Bill”) this year. As highlighted in the Queen’s speech back in June, the Government has committed to introduce the new law and, on Monday, published a Statement of Intent… Continue Reading
New Guidance Issued by EU Data Protection Regulators – Does Your Organization Use Social Media During Recruitment?
Posted in EU Data Protection, Privacy, Regulation
The Article 29 Data Protection Working Party (comprising representatives from the data protection regulators in each EU Member State, the European Data Protection Supervisor and the European Commission) has issued an opinion on data processing at work (2/2017) (the Opinion). … Continue Reading
Former Employee Need Not Allege Emails Were Unopened to Assert Claim of Unauthorized Access Under Stored Communications Act
Posted in Data retention, PrivacyEarlier this month, a federal court denied an employer’s motion to dismiss a claim that it violated the Stored Communications Act (SCA) by accessing a former employee’s personal emails, concluding that the plaintiff need not allege the emails were unopened … Continue Reading
Law Firms’ Data Duty: Protecting Client Information From Cybercriminals
Posted in Cyber Insurance, Cybersecurity, Data breach, Data Security, Health Information, Information Management, Litigation, Other, PrivacyThe impact from the recent Petya/NotPetya ransomware attack — or what was reported as a ransomware attack but now appears to be something even more damaging — continues to spread around the globe, with several new companies coming forward as … Continue Reading
New UK Subject Access Code of Practice
Posted in EU Data Protection, PrivacyIn June the ICO updated its Subject Access Code of Practice, which gives guidance to data controllers on how to respond to subject access requests from data subjects. The Code itself is not legally binding, but provides advice on … Continue Reading
“Big Data” and Student Privacy Create Tensions for Lawmakers and Educators
Posted in Legislation, Privacy“Big data” in the education context refers to the massive amount of information collected by K-12 schools and higher education institutions on student socio-economics, race and sex, test performance, academic performance, graduation rates, behavior and a myriad of other data … Continue Reading
The WannaCry Cyberattack: Steps Businesses Must Take Now
Posted in Cybersecurity, Data breach, Data Security, PrivacyWith the commencement of the workweek, experts predict the WannaCry cyberattack will spread further through systems that rely on older or unpatched versions of Microsoft Windows. The following alert explains the WannaCry ransomware and its impact on businesses and organizations … Continue Reading
AT&T Privacy Rule Goes Too Far Says NLRB
Posted in Litigation, PrivacyLast week a National Labor Relations Board (NLRB) administrative judge ruled that AT&T Mobility interfered with employees’ labor rights with an overly broad privacy rule. The rule prohibited employees from recording any conversation without approval from the company’s legal department.… Continue Reading
Trump Privacy Rollback Continues, States Step Up
Posted in Consumer Privacy/FTC, FCC, Legislation, Privacy, SurveillanceOn April 3, 2017, President Trump signed a repeal of new Federal Communications Commission (FCC) rules that would have subjected broadband internet service providers (ISPs) to more stringent consumer privacy regulations. Specifically, the FCC’s rule would have required ISPs to … Continue Reading
D.C. Circuit Strikes FCC’s Rule Requiring Opt-Out Notice on Solicited Faxes
Posted in PrivacyOn March 31, the U.S. Court of Appeals for the D.C. Circuit struck down a Federal Communications Commission (FCC) rule requiring that solicited fax advertisements contain a notice on how to opt out of future faxes. Following the ruling, such … Continue Reading
21st Century Data Breaches: Not All Fun and Games
Posted in Data breach, Data Security, Privacy, RetailData breaches can occur in the most surprising places. When data breaches affect sensitive, private information—especially those of children—companies can face scrutiny from regulatory agencies and be exposed to civil (and perhaps even criminal) liability. While hackers are still targeting … Continue Reading