| May 16, 2013 |
|
|
|
Voice Broadcaster Settles Robocall Charges with FTC
|
|
|
|
Sky Consulting, Inc., a California "voice broadcaster" that does business under the name CallFire, recently settled FTC charges that it violated the Telemarketing Sales Rule by making illegal "robocalls." Voice broadcasters like Sky Consulting use voice-over Internet services to permit clients to deliver pre-recorded messages simultaneously to a large number of recipients. According to
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
 |
|
|
| May 15, 2013 |
|
|
|
New Mexico Limits Employer Access to Job Applicants’ Social Media Accounts
|
|
|
|
New Mexico recently became the latest state to prohibit employer access to social media accounts when Governor Susana Martinez signed S.B. 371 into law. The law prohibits employers from requesting a password or otherwise demanding access to a job applicant's social media account. Interestingly, the bill does not prohibit employers from asking for passwords from current employees. Under the law, employ
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| May 14, 2013 |
|
|
|
New Jersey Law Protects Students Using School-Issued Electronic Devices
|
|
|
|
New Jersey Governor Chris Christie recently signed S. 2057 into law. The new law requires school districts and charter schools to notify students and their parents if school-issued laptops, cell phones, or other electronic devices contain cameras, GPS systems, or other features that may record or collect information on a student's activity or use of the device. The schools must also notify parents and children that the mo
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| May 13, 2013 |
|
|
|
UPMC’s Email, Messaging, and Social Media Policies Recently Found to Violate NLRA
|
|
|
|
An administrative law judge in Pittsburgh recently struck down an employer's email, e-messaging, and social media employment policies as inappropriate under the National Labor Relations Act. The policies in question belonged to the University of Pittsburgh Medical Center. In particular, the Medical Center's email and social media policies prohibited employees from using university emails to send non-work related messages, forbade employees from talking about the hospital system on social medi
. . .
Liisa M. Thomas
; Mary E. Kane
|
|
|
|
|
|
| May 10, 2013 |
|
|
|
NLRB Affirms Facebook Firings Violated Law, Rejecting Employer’s Conspiracy Argument
|
|
|
|
The National Labor Relations Board recently affirmed an administrative law judge's findings that Design Technology Group, doing business as Bettie Page Clothing, illegally fired three workers who discussed workplace complaints on Facebook. The three employees were all salespeople who worked at the employer's wholesale and retail clothing company. Two of the employees discussed work-related complaints in person, including complaining ab
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| May 9, 2013 |
|
|
|
New Arkansas Law Protects Employees’ Social Media Accounts
|
|
|
|
Arkansas Governor Mike Beebe recently signed H.B. 1901 into law, prohibiting employers from asking employees or job applicants for social media log-in information. Additionally, employers may not require that current or prospective employees add a supervisor to their social media contacts (i.e., "friending"), or require that privacy settings on social media accounts be changed. If an employer inadverten
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| May 6, 2013 |
|
|
|
Colombia Data Protection Framework Takes Effect
|
|
|
|
Colombia's data protection law of 2012 recently went into full effect, following a six-month phase-in period. The law covers consumer databases used for marketing or telemarketing purposes, those containing medical records, and those that contain information about minors. Among the law's requirements – which closely mirror those found in European countries – companies will typically need to obtain consent from consumers to use their information, and must register databases containing personal
. . .
Liisa M. Thomas
; Sara Skinner Chubb
|
|
|
|
|
|
| May 2, 2013 |
|
|
|
Guidance Released on BCRs for Data Processors
|
|
|
|
The European Commission's Article 29 Working Party recently made public an explanatory document on binding corporate rules ("BCRs") for data processors. BCRs are one way that companies can more easily transport personally identifiable data outside of the EU. If a company outside of the EU has its own binding corporate rules (which rules have been appr
. . .
Liisa M. Thomas
|
|
|
|
|
|
| May 1, 2013 |
|
|
|
No Privacy Right in Email Submission to Gossip Website
|
|
|
|
Recently, an arbitrator determined that Mario Lavandeira, operator of the gossip website PerezHilton.com, was not liable for breach of contract and other claims brought against him because he published an inflammatory email sent to him by a reader. In 2007, an individual used her work email account to send an email to Lavandeira that insulted both Lavandeira and the actress Angelina Jolie. Lavandeira
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| April 30, 2013 |
|
|
|
FTC Updates COPPA FAQs to Address New Rules
|
|
|
|
The FTC has updated its Frequently Asked Questions for complying with the Children's Online Privacy Protection Act Rule ("COPPA") as a follow up to recent revisions to the Rule. As we previously reported, changes to the COPPA Rule go into effect on July 1, 2013. The amendments to the Rule did not alter the fund
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| April 29, 2013 |
|
|
|
New Virginia Law Protects Personal Identifying Information of Employees
|
|
|
|
Virginia Governor Bob McDonnell recently signed into law H.B. 1931, which makes it unlawful to require an employer to release to third parties certain personal identifying information about current or former employees. In the bill, personal identifying information is defined as a home telephone number, mobile telephone number, email address, shift times or work schedule. The law creates an exception for the releas
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| April 24, 2013 |
|
|
|
FTC Files Mobile “Cramming” Case
|
|
|
|
The FTC recently filed its first court action against an alleged mobile "cramming" operation. In its complaint, the FTC alleges that Wise Media, LLC placed unauthorized charges on consumers mobile phone bills, a practice known as "cramming." The defendants purportedly charged consumers for premium text-message services that delivered messages with horoscopes, life advice, and other information. According to
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| April 18, 2013 |
|
|
|
FTC Soliciting Comments on Cross-Platform Security and Privacy Concerns
|
|
|
|
The Federal Trade Commission announced on April 17, 2013 that it is seeking comments about the consumer privacy and security issues posed by the rapidly growing connectivity of consumer devices. Often referred to as "The Internet of Things," many devices (cars, medical devices and appliances, to name a few) incorporate smart technology allowing them to connect with consumers and each other. The FTC notes that such capabilities can pose privacy and security threats. As a result, it is soliciti
. . .
Sara Skinner Chubb
; Liisa M. Thomas
|
|
|
|
|
|
| April 15, 2013 |
|
|
|
Illinois Court Finds Contest Sponsor's Unauthorized Use of Entrant's Image Violated Illinois Right of Publicity Act
|
|
|
|
An Illinois Appellate Court recently reversed a lower court's grant of summary judgment and awarded statutory damages, finding that McHenry County Living magazine used a mother and daughter's images without their written permission and in violation of the Illinois Right of Publicity Act when it published a photo of the two on a media kit used to generate advertising revenue for the monthly publicat
. . .
Caroline A. Wenzke
; Brian D. Fergemann
|
|
|
|
|
|
| April 9, 2013 |
|
|
|
New Virginia Law Enables Parents to Take Over Social Media Accounts of Deceased Children
|
|
|
|
Virginia Governor Bob McDonnell recently signed into law H.B. 1752, which enables parents of deceased children to take over the social media accounts of their deceased children. The law applies to "blogging, email, multimedia, personal, social networking, and other online accounts or comparable items as technology develops" managed, owned or operated by deceased children who were domiciled in Virginia at the time of their death.&
. . .
Marc H. Trachtenberg
; Liisa M. Thomas
|
|
|
|
|
|
| April 4, 2013 |
|
|
|
Utah Has New Healthcare Privacy Law with Increased Disclosure Requirements
|
|
|
|
Utah recently passed a new healthcare law that requires healthcare providers who participate in the state Medicaid or Children's Health Insurance Program to notify consumers that they have or may submit personally identifiable information to the state's Medicaid or Children's Health Insurance Program eligibility database. The law goes into effect on July 1, 2013. The bill was initially introduced as a result of a 2012 theft
. . .
Sara Skinner Chubb
; Liisa M. Thomas
|
|
|
|
|
|
| April 2, 2013 |
|
|
|
Federal Court Finds Plaintiff States Valid Claims Against Ex-Employer That Hacked LinkedIn Account, but Fails to Award Damages
|
|
|
|
The Eastern District of Pennsylvania recently ruled that an employee properly pled several state law causes of action against her previous employer, Edcomm, an employer she alleged hacked into her LinkedIn account. We reported on this case previously, when the court rejected plaintiff's Computer Fraud
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| March 26, 2013 |
|
|
|
Massachusetts High Court Rules in Case Involving Collection of Personal Information During Credit Card Transaction
|
|
|
|
The Massachusetts Supreme Judicial Court ruled recently in a case involving a class action brought by a plaintiff who alleged that a retailer requested her name, credit card number, and ZIP code in connection with credit card purchases she made. After that request, she allegedly began to receive unwanted marketing materials from the retailer. According to the court, Massachusetts General Law Section 105 governs a company's ability to obtain a customer's ZIP code—assuming the credit
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| March 25, 2013 |
|
|
|
FTC Action Shuts Down New York Telemarketing Operation for Telemarketing Sales Rule and FTC Act Violations
|
|
|
|
Acting on the FTC's motion, a New York district court recently entered a temporary restraining order against Instant Response Systems, LLC and its principal Jason Abraham for alleged violations of the Telemarketing Sales Rule and the FTC Act. According to the FTC's complaint, the defendants used deception, threats, and intimidation to induce elderly consumers to pay for medical alert systems they had not ordered. Defe
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| March 19, 2013 |
|
|
|
FTC Revises Online Advertising Disclosure Guidelines
|
|
|
|
The Federal Trade Commission ("FTC") has revised its guidance on online advertising disclosures, known as the "Dot-Com Disclosure Guidelines." Whereas the 2000 Guidelines dealt largely with disclosures made on traditional websites and on blogs, the new version addresses use of disclosures in social media and on mobile devices. As was expected, the basic rules have not changed: (1) if an advertiser makes an express o
. . .
Stephen E. Wieker
; Brian D. Fergemann
|
|
|
|
|
|
| March 18, 2013 |
|
|
|
Posts on Employer’s Blog and Employee’s Facebook Account May Make Employer Liable for Retaliation
|
|
|
|
The U.S. District Court for the Middle District of Tennessee recently allowed the retaliation claims of two former employees at Coyote Ugly, a chain of concept saloons, to continue, denying Coyote Ugly's bid to dismiss the claims. The employees were both part of a lawsuit against Coyote Ugly alleging violations of the Fair Labor Standards Act ("FLSA"). A month after the FLSA
. . .
Beth K. Louie
; Liisa M. Thomas; Eric M.D. Zion
|
|
|
|
|
|
| March 6, 2013 |
|
|
|
Facebook Files Lawsuit Against App Developer for Displaying Outdated User Data
|
|
|
|
Facebook recently filed a federal lawsuit in California against a former application developer, Profile Technology Ltd., alleging the New Zealand-based company violated the Facebook terms of service when it continued displaying outdated user data on its site, Profile Engine, after Facebook r
. . .
Liisa M. Thomas
; Caroline A. Wenzke
|
|
|
|
|
|
| February 27, 2013 |
|
|
|
Payment Card Industry Security Standards Council Releases New Guidance on Protecting Mobile Payment Data
|
|
|
|
The Payment Card Industry Data Security Standards (PCI DSS) Council, a global forum for the development of card security standards, recently released a set of best practices for merchants who process transactions involving card data from consumers using mobile devices. The Council's guidelines apply to "payment-acceptance applications that operate on any consumer electronic handhel
. . .
Liisa M. Thomas
; Caroline A. Wenzke
|
|
|
|
|
|
| February 25, 2013 |
|
|
|
FTC Permanently Bans Telemarketers for Violating the Telemarketing Sales Rule
|
|
|
|
The Federal Trade Commission has permanently banned Roy M. Cox, Jr. and several telemarketing operations he managed from future telemarketing for several violations of the Telemarketing Sales Rule. According to the FTC, the companies made pre-recorded calls to consumers to offer credit card interest rate reduction plans, extended car warranties, and home security systems. In December 2011, the FTC charged Cox and the co
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| February 12, 2013 |
|
|
|
Cab Companies Sued in Washington for Texting Practices
|
|
|
|
U.S. District Court for the Western District of Washington recently decided that a text message sent by two cab companies to a consumer could be considered "commercial" and thus regulated under Washington state law, but that plaintiff had not pled enough facts to state a claim under the federal Telephone Consumer Protection Act ("TCPA"). According to the plaintiff, the c
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| February 11, 2013 |
|
|
|
Maryland Creates Internet Privacy Unit
|
|
|
|
Maryland Attorney General Doug Gansler recently announced that his office is launching a new "Internet Privacy Unit" to combat online privacy law violations. According to Gansler's press release, the Unit will monitor companies to ensure compliance with state and federal consumer protection laws, including COPPA. The Unit also plans to "examine weaknesses in online privacy policies" and bring enforcement actions for vio
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| February 7, 2013 |
|
|
|
FTC Recommends Increased Consumer Disclosures in the Mobile Marketplace
|
|
|
|
In response to growing concerns over consumer privacy in the mobile marketplace, the Federal Trade Commission released a staff report on February 1, 2013 recommending various steps mobile marketplace participants can take to better inform consumers about their data collection practices. The report makes recommendations for mobile platforms (OS providers such as Apple and Android), application developers, advertising net
. . .
Liisa M. Thomas
; Sara Skinner Chubb; Caroline A. Wenzke
|
|
|
|
|
|
| February 6, 2013 |
|
|
|
Use of Spyware on Employees’ Computers Found Violation of Swiss Law
|
|
|
|
In a recent decision the Swiss Federal Tribunal found that the installation of spy software on employees' desktop, with the aim of monitoring their use of the Internet during work hours, is illegal. The dispute arose after a government employee was fired. His employer suspected he was using the Internet during work hours for non-work purposes. To co
. . .
Vanessa Alarcon Duvanel
; Liisa M. Thomas
|
|
|
|
|
|
| February 4, 2013 |
|
|
|
Social Networking App Settles FTC Charges
|
|
|
|
Path, Inc., the operator of the Path social networking app has settled FTC charges that it made deceptive privacy claims and violated the COPPA Rule, agreeing to pay $800,000 to the Commission. According to the FTC's complaint, Path's iOS app contained an "Add Friends" feature that provided three choices to users:
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| January 30, 2013 |
|
|
|
Insurance Company Need Not Defend Accountant Who Lost Sensitive Client Information
|
|
|
|
The U.S. Court of Appeals for the Seventh recently ruled that Nationwide Insurance Co. has no duty to defend or indemnify an accountant who lost sensitive personal information from client files. According to the lawsuit, the accountant's loss of the information stemmed from the theft of a CD containing confidential client information from the accountant's personal car. The CD contained the social security numbers, names
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| January 29, 2013 |
|
|
|
FFIEC Seeks Comments on Proposed Risk Management Guidance for Financial Institutions that Use Social Media
|
|
|
|
The Federal Financial Institutions Examination Council, the formal interagency body that sets uniform evaluation standards for federal banking regulators, recently published proposed risk management guidance for financial institutions that use social media to interact with consumers. The FFIEC invites comments on the proposed guidance by March 25, 2013. The proposed guidance, acknowledging the importance of social media sites such as Faceb
. . .
Liisa M. Thomas
; Jerry Loeser; Irene J. Paik
|
|
|
|
|
|
| January 28, 2013 |
|
|
|
HIPAA Rules Finalized, Effective March 26
|
|
|
|
The Department of Health and Human Services has issued a comprehensive final set of regulations designed to modify the Health Insurance Portability and Accountability Act rules. The rules were promulgated in order to implement changes provided for under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act of 2008, as well as to make other changes related to privacy, security and enforcement under HIPAA. The regulations a
. . .
Linda Lemel Hoseman
; Liisa M. Thomas
|
|
|
|
|
|
| January 22, 2013 |
|
|
|
Mobile App Companies Settle FCRA Charges with FTC
|
|
|
|
Two mobile app companies, as well as their owner and sole corporate officer, recently settled charges with the FTC over alleged violations of the Fair Credit Reporting Act ("FCRA"). The companies, Filiquarian Publishing LLC and Choice Level LLC, market and sell apps that allow consumers to conduct a criminal background check on potential employees. The FTC was conce
. . .
Liisa M. Thomas
; Jerry Loeser; Irene J. Paik
|
|
|
|
|
|
| January 16, 2013 |
|
|
|
California Attorney General Issues Mobile Privacy Recommendations
|
|
|
|
The California state Attorney General recently issued privacy recommendations for mobile app and operating system developers, app platform providers, advertising networks, and mobile carriers. The recommendations are intended to ensure that mobile apps comply with applicable privacy laws such as the California Online Privacy Protection Act, and ultimately aim to "minimize surprises to users from unexpected
. . .
Liisa M. Thomas
; Robert H. Newman
|
|
|
|
|
|
| January 15, 2013 |
|
|
|
Online Kids Gaming Company Agrees with CARU to Fix Age-Blocking Process
|
|
|
|
The operator of the website GirlsGoGames.com, SPIL Games, BV, has agreed to change certain of its online information collection practices in response to concerns raised by the self-regulatory group, the Children's Advertising Review Unit ("CARU"). CARU monitors websites directed to children (like the GirlsGoGames.com website) for compliance wi
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| January 14, 2013 |
|
|
|
Judge Upholds TCPA Claim Against Caribbean Cruise Line’s Motion to Dismiss
|
|
|
|
A federal judge has refused to dismiss a case brought against Caribbean Cruise Line and Economic Strategy Group by plaintiffs alleging violations of the Telephone Consumer Protection Act ("TCPA"). The two plaintiffs alleged that defendants made or caused unsolicited calls on their cellular phones using auto-dialing technology or artificial or prerecorded voices, in violation of TCPA.&nb
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| January 11, 2013 |
|
|
|
Idaho Hospice Settles Alleged HIPAA Security Rule Violations with HHS
|
|
|
|
The Hospice of North Idaho has agreed to pay $50,000 to settle allegations with the U.S. Department of Health and Human Services that it violated the HIPAA Security Rule by losing a laptop containing unencrypted personal health information of 441 patients. The settlement is the first of its kind involving a breach affecting fewer than 500 individuals. HHS determined that the Hospice of North Idaho had n
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| January 8, 2013 |
|
|
|
Michigan Bans Employers From Seeking Social Media Passwords
|
|
|
|
Michigan governor Rick Snyder signed H.B. 5523 into law at the end of 2012, barring Michigan employers and colleges from asking current or prospective employees and students for passwords or other information in order to access private social media accounts. Employers and colleges are also prohibited from penalizing, firing or failing to hire or admit employees or students for refusing to grant access to social media accounts. Th
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| January 7, 2013 |
|
|
|
New Jersey Bans Colleges From Requiring Students’ Social Media Passwords
|
|
|
|
New Jersey Governor, Chris Christie, recently signed a bill
intended to protect college students’ social media accounts. The bill
prohibits private and public college-level institutions in New Jersey from
requiring prospective and/or current students to provide the college with their username and
password to all social media sites.
The bill also gives students grounds to sue if they believe a colleg
. . .
Mary E. Kane
; Liisa M. Thomas
|
|
|
|
|
|
| January 3, 2013 |
|
|
|
Employer’s Access of Employee’s Cell Phone Did Not Violate the Stored Communications Act
|
|
|
|
The Fifth
Circuit held
that an employee’s cell phone was not covered under the Stored Communications
Act and therefore her employer did not violate the Act when it accessed the
cell phone without her permission. The employer, a city police department,
terminated the employee after it discovered images and text messages on her
cell phone that violated police rules. The court found t
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| January 2, 2013 |
|
|
|
National Labor Relations Board Orders Reinstatement of Workers Fired for Facebook Comments
|
|
|
|
Recently, the National Labor Relations Board affirmed the decision of an administrative law judge holding that an employer violated the National Labor Relations Act when it fired five workers for comments made on Facebook. The NLRB found that the employees, who believed a co-worker was going to bring certain concerns to management, were engaged in protected concerted activity because they were acting as a group to defend
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| December 26, 2012 |
|
|
|
FTC Issues Statement on Employer Requirements Under FCRA
|
|
|
|
The Federal Trade Commission recently issued a statement addressing the requirements under the Fair Credit Reporting Act for obtaining a consumer report for employment purposes. The statement was submitted to the U.S. Commission on Civil Rights and outlined the responsibilities of both consumer reporting agencies, who provide the reports, and employers. Consumer reporting agencies must take reasonable measures t
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| December 21, 2012 |
|
|
|
FTC Issues Orders for Information and Records from Data Brokers
|
|
|
|
The FTC recently issued orders requiring several data brokerage companies to provide information and documents detailing how they collect and use consumer data. According to the FTC, it will use the information to study privacy practices in the data broker industry and publish a report making recommendations on how the industry could improve its privacy practices. In its orders, the FTC seeks details abo
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| December 20, 2012 |
|
|
|
COPPA Rule Update to go Into Effect July 1, 2013
|
|
|
|
The FTC announced yesterday that it had made several important changes to the COPPA Rule, although the basics remain intact, as the underlying law hasn’t changed. Those who operate a website or online service directed to children under 13 must still give notice to parents and obtain their verifiable consent before collecting, using, or disclosing personal information from children under 13. As a result of the n
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| December 18, 2012 |
|
|
|
FTC Continues to Examine Children’s Mobile Apps
|
|
|
|
The FTC has conducted another survey to examine the use of privacy disclosures in mobile apps marketed to children. As we reported this past February, the FTC determined in its first survey that privacy disclosures in the market for children's mobile apps were inadequate and it called on mobile app stores, developers, and third parties to pro
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| December 17, 2012 |
|
|
|
Dispute Over Ownership of Twitter Account Settles
|
|
|
|
PhoneDog Media recently announced that it had reached a settlement with a former employee in a dispute over the ownership of a Twitter account created by the employee using the company's name. PhoneDog had sued the employee in California, claiming that the Twitter account was company property and that after the employee left the company, he unlawfully continued
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| December 13, 2012 |
|
|
|
The National Telecommunications and Information Administration Focuses on Mobile Privacy
|
|
|
|
The National Telecommunications and Information Administration (NTIA) of the Department of Commerce has been working on mobile privacy issues, and recently had another meeting with privacy advocates, industry participants, and privacy stakeholders to discuss best practices in the sector. Earlier this year the NTIA had announced its wish to create a "Mobile Application Transparency Code of Conduct," which would contain a series of best practices regarding the collection and use of consume
. . .
Mary E. Kane
; Liisa M. Thomas
|
|
|
|
|
|
| December 12, 2012 |
|
|
|
Guest Article: Singapore Passes Personal Data Protection Act
|
|
|
|
This article comes from our friends at Lee & Lee. Zech Chan of that firm has shared that Singapore now has a Personal Data Protection Act ("PDP Act"), passed this October, to be implemented in phases. The PDP Act regulates the collection, use, disclosure and retention of personal data, and imposes obligations on organizations subject to Singapore jurisdiction on how to m
. . .
Liisa M. Thomas
|
|
|
|
|
|
| December 11, 2012 |
|
|
|
Complaint Alleges Video Game Company Failed to Secure Customer Information
|
|
|
|
A class action lawsuit was filed this month against Blizzard Entertainment, Inc., the California-based manufacturer of video games including Warcraft, Starcraft, and Diablo. The complaint, which was filed in the U.S. District Court for the Central District of California, alleges that Blizzard Entertainment failed to secure customer information in violation of deceptive trade pra
. . .
Liisa M. Thomas
; Mary E. Kane
|
|
|
|
|
|
| December 10, 2012 |
|
|
|
Another Social Media Policy Found to Violate NLRA
|
|
|
|
On November 14, an administrative law judge for the National Labor Relations Board found that DISH Network Corp.'s social media policy violated the National Labor Relations Act. The policy included a provision prohibiting employees from making disparaging or defamatory comments about the company and did not allow employees to access social media sites with employer resources or during their working hours. The administrat
. . .
Beth K. Louie
; Liisa M. Thomas; Eric M.D. Zion
|
|
|
|
|
|
| December 5, 2012 |
|
|
|
Online Advertising Network Settles “History Sniffing” Charges with FTC
|
|
|
|
Epic Marketplace, a digital marketing company, has settled FTC charges about its use of "history sniffing" tools. Epic acts as an intermediary between websites where ads will be published and advertisers who wish to have their ads published. To get ads to online consumers, Epic buys advertising space on almost 45,000 websites, which it calls its "Epic Marketplace Network." Epic gathers information about consumers who visit the network by placing cookies on visitors computers. Epic t
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| December 4, 2012 |
|
|
|
FTC Changes Rule on Identity Theft “Red Flags”
|
|
|
|
The Federal Trade Commission ("FTC") has published an Interim Final Rule on identity theft "red flags," narrowing the creditors covered by the rule. Under the original Red Flags Rule, the FTC and several banking agencies issued joint regulations requiring financial institutions and creditors (as those terms are defined in the law) to implement a
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| December 3, 2012 |
|
|
|
Even More Light at the End of the Text-to-Stop Tunnel?
|
|
|
|
The Federal Communications Commission issued a Declaratory Ruling late last week that the Telephone Consumer Protection Act permits companies to send a one-time text message to confirm receipt of a consumer's request to receive no further text messages. The ruling responds to SoundBite Communications Inc.'s
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| November 28, 2012 |
|
|
|
Databases Have Until April 2013 to Register Under New Colombian Law
|
|
|
|
Colombia enacted Law No. 1581 to regulate personal data law after years of delay. The law is effective immediately, but the Colombia Industry and Commerce has until April 2013 to create a data protection authority (DPA), which will be responsible for enforcing the law. The law requires covered entities (i.e., companies subject to the Colombian law) that maintain data
. . .
Mary E. Kane
; Liisa M. Thomas
|
|
|
|
|
|
| November 26, 2012 |
|
|
|
Light at the End of the Text-to-Stop Tunnel?
|
|
|
|
The Southern District of California recently granted summary judgment in favor of the defendant in a class action alleging that it had violated the Telephone Consumer Protection Act (TCPA) by sending a confirmation text message in response to a consumer's text message opt-out request. The TCPA protects consumers
. . .
Liisa M. Thomas
; Sara Skinner Chubb
|
|
|
|
|
|
| November 21, 2012 |
|
|
|
UK Government to Examine Online Personalized Pricing Practices
|
|
|
|
The Office of Fair Trading ("OFT")—the UK's consumer and competition authority, with powers similar to the U.S. Federal Trade Commission—recently announced that it will investigate how businesses monitor online shoppers and target them with personalized prices. The OFT reports that it plans to look at how online companies gather data on consumers' browsing history, purchases, hardware, and demo
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| November 19, 2012 |
|
|
|
Employer Not Liable for Terminating Employee After Facebook Message
|
|
|
|
An Ohio court recently ruled that an employee's termination did not fall within the public policy exception to the employment-at-will doctrine and dismissed the employee's claims against the employer. The employee, erroneously believing that a supervisor with whom she had a contentious relationship had been fired, sent a message through Facebook celebrating the news of the firing. The
. . .
Liisa M. Thomas
; Jennifer Rappoport; Beth K. Louie
|
|
|
|
|
|
| November 15, 2012 |
|
|
|
Manager’s Facebook Post Did Not Establish Invasion of Privacy/Emotional Distress Claims
|
|
|
|
A Minnesota court recently dismissed the invasion of privacy and intentional infliction of emotional distress claims of a former employee after a manager posted about the employee's termination on Facebook. The case was brought by an aerobic coordinator at LA Fitness who was fired. After the employee's termination, customers posted questions on LA Fitness' F
. . .
Liisa M. Thomas
; Jennifer Rappoport; Beth K. Louie
|
|
|
|
|
|
| November 14, 2012 |
|
|
|
FTC Holding Cross-Border Codes of Conduct Forum on Nov. 29
|
|
|
|
The Federal Trade Commission recently announced the agenda for its upcoming forum on cross-border codes of conduct. The forum will be an all-day series of panels held on November 29, in the FTC's office on New Jersey Avenue, in Washington, D.C. Although the forum tackles the topic of cross-border codes of conduct generally, and includes topics
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| November 8, 2012 |
|
|
|
Payday Lenders Settle FTC Charges of Improperly Disposing Consumer Data
|
|
|
|
PLS Financial Services, Inc. and The Payday Loan Store of Illinois, Inc.—companies involved in the payday lending and check cashing industries—have agreed to pay a total of $101,500 to settle FTC charges that they violated federal law by improperly disposing of sensitive consumer in dumpsters. The FTC alleges that the defendants failed to take reasonable measures to protect consumer information, including Social
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| November 5, 2012 |
|
|
|
FTC Shuts Down Five “Cardholder Services” Robocallers
|
|
|
|
The FTC has announced that it received temporary restraining orders against five robocalling operations that allegedly tricked consumers out of hundreds or thousands of dollars by making false claims that they could reduce credit card interest rates in return for a fee. The pre-recorded, automated calls often started with the message: “Hi, this is Rachel from cardholder services….” These actions come on the heels o
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| November 2, 2012 |
|
|
|
Canadian Supreme Court Finds Reasonable Expectation of Privacy in Work Computer
|
|
|
|
The Canadian Supreme Court recently held (in Her Majesty the Queen v. Cole) that an employee had a reasonable expectation of privacy in his employer-issued work computer. The case began when a school teacher with administrative rights accessed a student's email account. The teacher did this from his work computer, and found that the student had nude images of another student in an email. In
. . .
Liisa M. Thomas
; Eric M.D. Zion; Sheryl A. Falk
|
|
|
|
|
|
| October 30, 2012 |
|
|
|
California AG Announces Settlement with Health Insurer Over Social Security Number Disclosures
|
|
|
California Attorney General Kamala D. Harris recently announced a settlement with Anthem Blue Cross, part of WellPoint Inc., regarding allegations that the health insurer unlawfully disclosed the Social Security numbers of about 33,000 Medicare subscribers between April 2011 and March 2012. According to the state’s complaint (filed simultaneously with the settlement), Anthem printed the Social Security numbers on letters to policyholders that could be seen through the envelope window. The state
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| October 29, 2012 |
|
|
|
FTC Offers $50,000 Challenge to Discover Robocall Solution
|
|
|
|
The FTC recently opened a public "challenge" for the "public to create an innovative solution to block illegal commercial robocalls on landlines and mobile phones." The FTC has offered a $50,000 cash prize for the best technical solution. As we reported in June, the FCC has taken a keen interest in robocalls recently by, among other things, publishing a final ru
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| October 25, 2012 |
|
|
|
Cable Company Sued Over Data Retention and Privacy Practices
|
|
|
|
A class action lawsuit was recently filed in California against Bright House Networks LLC, a cable operator, alleging that the company violated the Cable Communications Policy Act (47 U.S.C. § 551(a), (e)) by indefinitely retaining customers' personally identifiable information and failing to send annual privacy notices to customers. The Act requires that cable operators destroy the personally identifiable information of former subsc
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| October 24, 2012 |
|
|
|
Web Analytics Firm Settles FTC Charges Over Collection and Use of Consumer Information
|
|
|
|
Compete Inc., a Boston-based web analytics company, settled charges with the FTC regarding alleged violations of the Federal Trade Commission Act for false and deceptive privacy practices. The FTC accused Compete of using its web tracking software without properly disclosing the extent of personal information it collected and failing to honor promises to protect the personal data collected. According
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| October 22, 2012 |
|
|
|
West Virginia Senator Launches Investigation into Data Broker Privacy Practices
|
|
|
|
Senator John D. Rockefeller IV (D-W.Va.) recently sent a letter to nine data brokers, asking them to provide detailed information about their privacy policies and practices for compiling, storing, and selling information about consumers. The nine firms – Acxiom, Experian, Equifax, Epsilon, Transunion, Reed Elsevier, Spokeo, Datalogix, and Rapleaf – are expected to respond to th
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| October 18, 2012 |
|
|
|
Swiss Banks Under Fire for Cross-Border Transfers of Personnel Information
|
|
|
|
Employees privacy rights and their protection in the cross-border transfer of data have been the subject of a significant controversy in Switzerland in the past couple of weeks. Further to an investigation opened by the New York Attorney General against several Swiss banks for allegedly assisting U.S. tax payers in tax evasion, six Swiss banks transmitted to the United States Department of Justice information about 7,000 to 10,000 of their employees, former employees, portfolio managers
. . .
Vanessa Alarcon Duvanel
; Liisa M. Thomas
|
|
|
|
|
|
| October 17, 2012 |
|
|
|
Equifax Settles FTC Charges Over Failure to Adequately Protect Consumer Information
|
|
|
|
Equifax Information Services LLC, one of the countries "big three" consumer reporting agencies, has settled charges with the FTC that it improperly sold lists of consumers who were late on their mortgage payments in violation of the FTC Act and the Fair Credit Reporting Act ("FCRA"). Equifax will pay $393,000 to resolve allegations that it
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| October 16, 2012 |
|
|
|
Employer May be Liable for Accessing Employee’s LinkedIn Account
|
|
|
|
A Pennsylvania court recently found that a plaintiff who alleged her employer unlawfully took control of her LinkedIn account could not proceed on claims under the Computer Fraud and Abuse Act and the Lanham Act, although the court did find that the former employee could proceed on her state law claims for invasion of privacy, identity theft, conversion, and tortu
. . .
Beth K. Louie
; Liisa M. Thomas; Eric M.D. Zion
|
|
|
|
|
|
| October 15, 2012 |
|
|
|
UK ICO Releases New Cloud Computing Guidance
|
|
|
|
The UK Information Commissioner's Office recently published guidance on compliance with the Data Protection Act of 1988 for those who use cloud computing. The guidance emphasizes that a business may outsource its data processing through the use of cloud computing services, but that business remains responsible for how da
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| October 12, 2012 |
|
|
|
Employer Did Not Violate Law in Firing Employee for Facebook Post
|
|
|
|
The National Labor Relations Board recently adopted the decision of an administrative law judge finding that an employer lawfully discharged an employee for a Facebook post made about a car accident at the workplace (an auto dealership). The administrative law judge held that the employee's post about the accident was not protected by the National L
. . .
Beth K. Louie
; Liisa M. Thomas; Eric M.D. Zion
|
|
|
|
|
|
| October 11, 2012 |
|
|
|
Irish Data Protection Commission Fines Eircom Over Breach
|
|
|
|
The Irish data protection office ("ODPC") brought legal action last month against telecommunications firm Eircom and two of the company’s cell phone subsidiaries for failing to encrypt two stolen laptops, as required by Irish Regulation 4(I) of SI 336, and then waiting more than one month to notify the ODPC and subscribers of the breach. The Irish law requires notification of a breach to both impacted individuals and the Irish
. . .
Liisa M. Thomas
; Caroline A. Wenzke
|
|
|
|
|
|
| October 10, 2012 |
|
|
|
Spyware Installed on Employee’s Computer Violated Electronic Communications Privacy Act
|
|
|
|
An Illinois court recently held that an employer violated the Electronic Communications Privacy Act when it intercepted the employee’s work and personal email accounts. The employer installed software on the employee’s computer that sent all of the employee’s work emails to a dummy account, which was monitored by the employer. The court found that this constituted an “interception” of the emails under the meaning of the law, even though the full emails were not actually delivered to the accou
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| October 9, 2012 |
|
|
|
Vodafone Fined in Ireland for Unsolicited Calls and Texts
|
|
|
|
Ireland's Office of the Data Protection Commissioner recently announced an agreement with Vodafone under which Vodafone will pay a total of €40,000 ($51,432) to several registered charities to settle complaints that the company violated regulations on unsolicited marketing calls and texts. The commissioner alleged that Vodafone's marketing violated Irish privacy laws. Vodafone must also make goodwill gestures directly
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| October 8, 2012 |
|
|
|
California Employers Prohibited From Asking for Social Media Passwords
|
|
|
|
On September 27, 2012, California Governor Jerry Brown signed into law Assembly Bill 1844, which prohibits employers from asking current or prospective employees for the log-in information for their personal social media accounts. A.B. 1844 also prohibits employers from requiring that employees or applicants access their social media accounts in the presence of the employer. Fi
. . .
Eric M.D. Zion
; Liisa M. Thomas; Beth K. Louie
|
|
|
|
|
|
| October 4, 2012 |
|
|
|
FTC Settles COPPA Allegations with Operator of Justin Bieber Fan Website
|
|
|
|
Artist Arena LLC—an operator of fan web sites for Justin Bieber, Selena Gomez, Rihanna, and Demi Lovato—has agreed to pay $1 million to settle the Federal Trade Commission's charges that the sites violated the Children's Online Privacy Protection Act. Artist Arena allegedly collected personal information, such as name, e-mail address, street address, and phone number, from children under the age of 13 without the
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| October 3, 2012 |
|
|
|
First Self-Regulatory Enforcement Actions Brought Against Advertisers
|
|
|
|
The Online Interest-Based Advertising Accountability Program (OIAAP), the body charged with enforcement of the Self-Regulatory Principles for Online Behavioral Advertising, recently released five decisions following inquiries into the practices of Kia Motors America and the advertising networks that serve Kia ads. The OIAAP determined that certain Kia ads failed to comply with
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| October 1, 2012 |
|
|
|
NLRB Invalidates Several Employers’ Social Media Policies
|
|
|
|
As we recently reported, the National Labor Relations Board (NLRB) and its administrative law judges have issued decisions striking down several workplace social media policies, creating uncertainty as to what social media activities employers may lawfully regulate or prohibit. In one such case, an administrative law judge for the NLRB
. . .
Beth K. Louie
; Liisa M. Thomas; Eric M.D. Zion
|
|
|
|
|
|
| September 27, 2012 |
|
|
|
FTC Settles Computer Spying Charges with Several Companies
|
|
|
|
A software design firm and seven computer rent-to-own companies have settled charges with the Federal Trade Commission that the companies spied on consumers through software surreptitiously installed on rented computers. The software design firm, DesignerWare LLC, licensed software to several players in the rent-to-own business. The software—known as PC Rental A
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| September 25, 2012 |
|
|
|
Ninth Circuit Affirms Facebook Beacon Settlement Award
|
|
|
|
Facebook launched its "beacon" program in 2007. The program is intended to let members share with friends information about what they do elsewhere on the Internet. The program operated by updating a member's personal profile to reflect certain actions the member had taken on websites belonging to companies that had contracted with Facebook to participate in the beacon program. Although Facebook initially designed the Beacon program to give members opportunities to prevent the broadcast o
. . .
Jason W. Gordon
; Liisa M. Thomas
|
|
|
|
|
|
| September 19, 2012 |
|
|
|
Illinois Court Concludes “Sniffing” Public Wi-Fi Network is Not a Wiretap Act Violation
|
|
|
|
The U.S. District Court for the Northern District of Illinois recently ruled on the interception of communications on unencrypted, public Wi-Fi networks, like those used at hotels and coffee shops. According to the court, the interception technique (frequently called "data sniffing") does not violate the federal Wiretap Act, under an exception to that law. This case originally started as a patent infringement case, where in connection with the discovery process, the plaintiff used a laptop an
. . .
Sara Skinner Chubb
; Liisa M. Thomas
|
|
|
|
|
|
| September 17, 2012 |
|
|
|
Italy and Portugal Release Data Breach Notification Rules
|
|
|
|
The Garante per la Protezione dei Dati Personali (the Italian data protection authority) has released a new set of data breach notification rules that implement the European Union's 2009 amendments to the existing privacy laws (2009/136/EC). These amendments, among other things, require notification by providers of "publicly a
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| September 13, 2012 |
|
|
|
FTC Files Complaint Against DISH Network For Placing Unwanted Telemarketing Calls
|
|
|
|
The FTC recently filed a complaint against DISH Network LLC, alleging that the company violated the Telephone Sales Rule by making millions of unwanted telephone calls to consumers who had previously requested not be contacted. The complaint alleges that DISH Network and many of its authorized dealers collected and maintained lists of consumers who had requested not to be contacted by or on behalf of DISH Network; however
. . .
Sara Skinner Chubb
; Liisa M. Thomas; Stephen E. Wieker
|
|
|
|
|
|
| September 12, 2012 |
|
|
|
UK Issues Monetary Penalty in Privacy Breach Case
|
|
|
|
The UK Information Commissioner's Office recently announced that it had fined Torbay Care Trust over $275,000 in monetary penalties for the Trust's accidental publishing of employees' personal information on its website. Information that was published was part of an equality and diversity study the company was conducting, and included birth dates, insurance numbers,
. . .
Liisa M. Thomas
|
|
|
|
|
|
| September 11, 2012 |
|
|
|
FTC Pushes Mobile Apps to Provide Privacy By Design
|
|
|
|
The Federal Trade Commission ("FTC") has composed guidelines to assist mobile app developers comply with FTC's truth-in-advertising standards and basic privacy principles. The FTC hopes the guidance, titled "Marketing Your Mobile App: Get It Right from the Start," will help new app developers build compliance from the outset of the development process and remind established businesses of their ongoing legal o
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| September 10, 2012 |
|
|
|
Uruguay's Data Privacy Law Deemed "Adequate" by EU
|
|
|
|
The European Union recently approved Uruguay's data privacy law as providing "adequate" protection. Under the EU Data Privacy Directive, personal data cannot be transferred out of an EU member state to a non-EU member state unless the third country's laws are adequate, or other exceptions apply.
. . .
Liisa M. Thomas
|
|
|
|
|
|
| September 6, 2012 |
|
|
|
Hungary Fines Company for Data Deletion and Transfer Failures
|
|
|
|
In what is being reported as one of the largest fines assessed to-date, the Hungarian data protection authority recently fined Weltimmo SRO approximately $44,000 for allegedly failing to delete consumer information and for improperly transferring consumer data to third parties. Weltimmo is based in Slovakia, but operates real estate services for the Hungarian market. The fines were assessed
. . .
Liisa M. Thomas
|
|
|
|
|
|
| September 5, 2012 |
|
|
|
Wyndham Files Motion to Dismiss FTC Privacy Suit
|
|
|
|
In a strongly-worded motion filed in federal district court in Arizona, Wyndham Hotels & Resorts LLC recently asked the court to dismiss all charges filed by the Federal Trade Commission alleging Wyndham engaged in unfair and deceptive privacy practices. As we reported in June, according to the FTC, these practices allegedl
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| September 4, 2012 |
|
|
|
Philippines Privacy Law Enacted
|
|
|
|
The Philippines recently enacted a privacy law (the Data Privacy Act of 2012), which law was modeled on the EU Data Privacy Directive, as well as the APEC privacy framework. The law generally applies to personal information processed by those located in the Philippines; those that have offices, branches or agents in the country; and those that use equipment in the Philippines to process personal information. The law provides fo
. . .
Liisa M. Thomas
|
|
|
|
|
|
| August 29, 2012 |
|
|
|
NIST Issues Final Guidance on Computer Security Incidents
|
|
|
|
The National Institute of Standards and Technology ("NIST") released the final version of its revised guidance document on handling computer security incidents "efficiently and effectively." The final guide reiterates the NIST's recommendation that companies create an incident response plan, staff an incident response team, and conduct a thorough review of each incident after it occurs. In response to comments, the guide add
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| August 28, 2012 |
|
|
|
Debt Collection Messages Received on Cell Phone Gives Rise to Claim Under TCPA
|
|
|
|
A woman who sued a debt collection agency -alleging that the numerous calls she received on cell phone violated the Telephone Consumer Protection Act- successfully showed that she had suffered enough injury for her case to continue. The debt collection agency, National Enterprise Systems, had moved to dismiss the TCPA claim on the grounds that the plaintiff lacked standing to bring a claim because she did not allege facts that indicate that she suffered an injury in-fact as a result of the ph
. . .
Liisa M. Thomas
; Robert H. Newman
|
|
|
|
|
|
| August 23, 2012 |
|
|
|
WOMMA Updates Social Media Marketing Disclosure Guide
|
|
|
|
The Word of Mouth Marketing Association ("WOMMA") recently updated its Guide to Disclosure in Social Media Marketing ("Guide"). The current Guide is released as part of an ongoing effort on the part of WOMMA to memorialize best practices in the word of mouth marketing industry. WOMMA published the original version of the Guide—released in 2009—in response to the FTC's
. . .
Stephen E. Wieker
; Anthony E. DiResta
|
|
|
|
|
|
| August 22, 2012 |
|
|
|
New Illinois Law Limits Employers Access to Employees’ Social Media Accounts
|
|
|
|
Illinois recently amended the Illinois Right to Privacy in the Workplace Act to prohibit employers from requesting any password or other related account information in order to gain access to an employee's or prospective employee's social networking account or profile. Illinois joins Maryland as the second state to pass a law of t
. . .
Robert H. Newman
; Liisa M. Thomas
|
|
|
|
|
|
| August 21, 2012 |
|
|
|
Court Rules Video Privacy Act Applies to Free Online Streaming Websites
|
|
|
|
A California federal magistrate judge recently ruled that the Video Privacy Protection Act, 18 U.S.C. § 2710, is not limited to brick-and-mortar stores, and thus applies to online video
. . .
Liisa M. Thomas
; Caroline A. Wenzke
|
|
|
|
|
|
| August 20, 2012 |
|
|
|
New York Updates SSN Protection Law
|
|
|
|
New York last week passed new legislation updating its social security number protection law. The amendment will go into effect at the end of the year. It prohibits companies from requiring individuals to share their social security numbers, or from denying services or rights because someone has refused to share their social security numbers. As
. . .
Liisa M. Thomas
|
|
|
|
|
|
| August 16, 2012 |
|
|
|
Facebook Settles Consumer Privacy Complaint with the FTC
|
|
|
|
The FTC announced it has accepted a final settlement and consent agreement with Facebook. This settlement resolves the FTC's complaint that Facebook deceived consumers by telling them they could keep their information on Facebook private, yet allegedly allowing information to nevert
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| August 15, 2012 |
|
|
|
Employment Screening Company Pays $2.6 to Settle Alleged FCRA Violations
|
|
|
|
A company that provides consumer background reports to employers agreed to pay $2.6 million to settle charges brought by the Federal Trade Commission that the company violated the Fair Credit Reporting Act (FCRA). The FTC charged that the company (1) failed to reasonably ensure that consumer information in reports it provided to credit reporting agencies was accurate, (2) failed to prevent obviously inaccurate consumer information fr
. . .
Liisa M. Thomas
; Beth K. Louie
|
|
|
|
|
|
| August 14, 2012 |
|
|
|
Court Dismisses Competitor Suit Alleging Misuse of Consumer Data
|
|
|
|
A California federal district court recently dismissed Quadrant Information Services' lawsuit against its competitor, LexisNexis Risk Solutions, in which Quadrant alleged LexisNexis's InsurView service violated California's Unfair Competition Law. According to Quadrant, LexisNexis allegedly sourced and used consumer information improperly. LexisNexis's Ins
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| August 10, 2012 |
|
|
|
FTC Seeks Public Comments on Latest Proposed Revisions to COPPA Rule
|
|
|
|
The FTC has published a Federal Register Notice seeking public comments by September 10, 2012 on additional proposed modifications to the Children’s Online Privacy Protection Rule (“COPPA Rule”). The original COPPA Rule—which went into effect on April 21, 2000—has been reviewed by the FTC several times over the past decade. As we pre
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| August 8, 2012 |
|
|
|
France Updates Rules on Processing Customer Data
|
|
|
|
In 2005, the French Data Protection Authority (CNIL) issued standard procedures for reporting if a company is engaging in automatic processing of existing and prospective customers. The procedures outline how to report if a company is using automated systems to process personal data for purposes such as contracts, deliveries, invoices, accounting, loyalty programs, prospective activities, statistics, and the like. Recently, the CNIL updat
. . .
Blaise Deltombe
; Liisa M. Thomas
|
|
|
|
|
|
| August 7, 2012 |
|
|
|
South Carolina Supreme Court Holds Parent May Vicariously Consent to Wiretap of Child
|
|
|
|
The South Carolina Supreme Court recently held that under the South Carolina Wiretap Act a parent has the implied right to vicariously consent to a recording of their minor child's conversations, although the parent's motive for making the recording is an important factor in the validity of the vicarious consent. The South Carolina Wiretap Act permits intercept
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| August 2, 2012 |
|
|
|
Blockbuster Settles Class Action Lawsuit Over Use of Personal Information
|
|
|
|
Blockbuster recently settled a class action lawsuit that was filed in September 2011 in a Minnesota district court. The complaint had alleged the company violated the Video Privacy Protection Act (VPPA) by allegedly failing to destroy personal information in a timely manner. The VPPA requires that video tape service providers must destroy personal information as soon as practicable, but no later than one year after collect
. . .
Jason W. Gordon
; Liisa M. Thomas
|
|
|
|
|
|
| August 1, 2012 |
|
|
|
Cross-Border Privacy Rules System Moves Forward
|
|
|
|
The United States recently received approval as the first formal participant in the Asia-Pacific Economic Cooperation (“APEC”) Cross-Border Privacy Rules System (“CBPR”). The APEC’s CBPR is a self-regulatory code of conduct designed to create more consistent privacy protections for consumers when thei
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| July 31, 2012 |
|
|
|
Men’s Journal Wins Motion to Dismiss Over Data Sharing Practices
|
|
|
|
Men's Journal recently obtained the dismissal of a putative class action lawsuit alleging that it failed to disclose its information sharing practices in compliance with California's "Shine the Light" law. Under the law, companies that share personal information with third parties for those third parties marketing purposes have specific disclosure requirements, namely to provide statutorily-requir
. . .
Jason W. Gordon
; Liisa M. Thomas
|
|
|
|
|
|
| July 30, 2012 |
|
|
|
German DPA Issues Cloud Computing Guidance
|
|
|
|
Companies that use cloud computing services in Europe need to keep in mind that they are viewed as "data controllers," and the cloud computing services as "data processors." As such, under the EU Data Privacy Directive, those using cloud computing services must ensure that the service is adequately safeguarding any personally identifiable information the company puts in the cloud. We recently reported on
. . .
Liisa M. Thomas
|
|
|
|
|
|
| July 26, 2012 |
|
|
|
California Attorney General Creates Privacy Enforcement and Protection Unit
|
|
|
|
California Attorney General Kamala D. Harris recently announced the creation of the Privacy Enforcement and Protection Unit in the state’s Department of Justice. This team will focus its efforts on prosecuting state and federal privacy laws regulating collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. It will also educate consumers on privacy matters and form partnerships with industry. According to a
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| July 23, 2012 |
|
|
|
CNIL Issues Cloud Computing Recommendations
|
|
|
|
Cloud computing services offers have recently increased. However, according to the French data protection authority (CNIL), most cloud computing providers do not give much information about the types of security measures that are in place to protect information. It’s also not clear that there are sufficient technical or procedural measures in plac
. . .
Liisa M. Thomas
; Blaise Deltombe
|
|
|
|
|
|
| July 18, 2012 |
|
|
|
CNIL Fines French Company €10,000 for Refusing Employee Access to Data
|
|
|
|
The French data protection authority (CNIL) recently fined a company €10,000 due its refusal give an employee access to, and allow him to get a copy of, his personal data. According to CNIL, this constituted a violation of French privacy laws. The company was also faulted for not cooperating with CNIL in its investigations of the company for this same matter. In particular, CNIL had sent the company several letters, and had notified the company formally that the practice of permitting employe
. . .
Liisa M. Thomas
; Blaise Deltombe
|
|
|
|
|
|
| July 16, 2012 |
|
|
|
Israeli Site Needs Parental Consent Under Local Law to Collect Information
|
|
|
|
A website that permitted Israeli children to apply to be contestants on various reality TV shows recently settled with of the Israeli Justice Ministry. According to the ministry, the website was collecting personally identifiable information about the children, and their parents and friends, without first getting parental consent. This violated Israeli data privacy laws, according to the Israel Law, Information and Technology Authority (IL
. . .
Liisa M. Thomas
|
|
|
|
|
|
| July 13, 2012 |
|
|
|
Mobile App Maker Settles New Jersey COPPA Lawsuit
|
|
|
|
Mobile app developer 24x7digital LLC, along with two of its officers, settled alleged violations of the Children’s Online Privacy Protection Act (“COPPA”) and the FTC’s COPPA Rule. In its lawsuit, New Jersey stated that 24x7digital’s “Teach Me Apps” encouraged preschoolers, kindergartners, and first- and seco
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| July 12, 2012 |
|
|
|
Connecticut Amends Its Data Breach Notification Law
|
|
|
|
Connecticut recently amended its data breach notification law to require companies to notify the Connecticut Attorney General if they suffer a breach incident. This is in addition to the existing requirement to notify impacted Connecticut residents. The notice provided to the Connecticut Attorney General must be made no later than when the notice is provided to the Connecticut residents. With the exception of this noti
. . .
Liisa M. Thomas
; Robert H. Newman
|
|
|
|
|
|
| July 11, 2012 |
|
|
|
Are You Using Google Analytics? Do You Need to Follow German Disclosure Expectations?
|
|
|
|
Late last year, to relatively little fanfare, the Hamburg data protection office issued guidelines about disclosures it expected companies to make if those companies were using Google Analytics. It has recently come to our attention that in some instances, German authorities are contacting US-based companies that it believes may not be following EU behavioral advertising requirement
. . .
Liisa M. Thomas
|
|
|
|
|
|
| July 10, 2012 |
|
|
|
National Association of Attorneys General to Undertake Year-Long Privacy Initiative
|
|
|
|
The National Association of Attorneys General (“NAAG”), a nonpartisan organization of chief legal officers from each state, recently announced that Internet privacy will be a key area of its attention over the next year. Upon accepting his election as the 105th president of NAAG, Maryland Attorney General Douglas Gansler (D) stated his intention to examine “privacy in the digital age” as his year-long presidential initiative. In a statement, Attorney General Gansler said: "
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| July 9, 2012 |
|
|
|
Facebook Apps Will Need Privacy Policies
|
|
|
|
California's Attorney General, Kamala Harris, has announced that Facebook signed on to the Joint Statement of Principles about privacy policies and mobile apps. As we reported in February, the Principles call for all mobile apps to have a privacy policy in order to comply w
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| July 5, 2012 |
|
|
|
Article 29 Working Party Outlines Common Cookies That Don’t Require Consent
|
|
|
|
As many who follow European privacy developments are aware, the European Union established a "working party" to study various aspects of data privacy regulations. That Working Party recently examined the application of much-discussed "cookie consent exemptions" contained in Article 5.3 of Directive 2009/136/EC. (The Directive requires obtaining affirmative, prior consent before setting
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| July 3, 2012 |
|
|
|
Canadian Privacy Commissioner Announces OBA Activities Covered by Privacy Law
|
|
|
|
The Office of the Privacy Commissioner of Canada recently issued guidelines that state online behavioral advertising (“OBA”) activities are covered by Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), and thus these activities require user consent. Consent in Canada, however, can be of the opt-out variety if informed
. . .
Liisa M. Thomas
; Caroline A. Wenzke
|
|
|
|
|
|
| June 29, 2012 |
|
|
|
Class Action Claims LinkedIn Failed to Secure Customer Information
|
|
|
|
A recent class action filed in California federal court alleges that the popular networking site LinkedIn failed to adhere to industry best practices and its own privacy policy by improperly safeguarding users personally identifiable information. The class action follows shortly after news broke that hackers had stolen and published 6.5 million user passwords from LinkedIn. The company has indicate
. . .
Liisa M. Thomas
; Stephen E. Wieker
|
|
|
|
|
|
| June 28, 2012 |
|
|
|
Invasion of Privacy Possible In New Jersey When Supervisor Coerced Co-Worker to Provide Access to Employee’s Facebook Posts
|
|
|
|
A New Jersey court has held that an employee stated a claim for invasion of privacy against her employer when she alleged that her supervisor viewed her private Facebook page by forcing a co-worker to provide access. The employee, a registered nurse and paramedic who was also president of the employee union, posted an entry on Facebook criticizing paramedics who r
. . .
Beth K. Louie
; Liisa M. Thomas; Eric M.D. Zion
|
|
|
|
|
|
| June 27, 2012 |
|
|
|
FTC Sues Wyndham for Alleged Data Security Failures
|
|
|
|
The Federal Trade Commission announced that it has filed suit in Arizona against Wyndham Worldwide Corporation and three of the company's subsidiaries for alleged data security failures, which led to three separate breaches. According to the FTC, the breaches impacted over 600,000 consumer payment card account numbers—many of which were exported to a domain registered in Russia—and more than $10.6 million in fraud loss. The <
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| June 26, 2012 |
|
|
|
Vermont Amends Its Data Breach Notification Law
|
|
|
|
Amendments to Vermont’s data breach notification law recently went into effect. The amendments revise the timing and manner of notification in the event of a data breach. They also modify the definition of a breach. Notice of a security breach must now be given to consumers no later than 45 days after the discovery of a breach. (The law did not previously provide a specific deadline, just that it be made “expediently” and “wit
. . .
Liisa M. Thomas
; Robert H. Newman
|
|
|
|
|
|
| June 25, 2012 |
|
|
|
Hospital Sued for Loss of Patient Information in Potential Class Action
|
|
|
|
A purported class action filed against Emory Healthcare Inc. seeks damages for loss of personally-identifiable, protected health information. According to the complaint, potentially unencrypted computer disks containing patient information for approximately 315,000 patients were taken from an unsecured location that was overseen by an improperly trained employee. The information allegedly contained pat
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| June 21, 2012 |
|
|
|
U.K. ICO Fines Health Agency $498,300 for Data Security Failures
|
|
|
|
The Brighton and Sussex University Hospitals NHS Trust, located in southern England, recently agreed to pay the U.K. Information Commissioner's Office (ICO) a total of €325,000 ($498,300) in civil penalties to resolve a data breach incident. The issue came to light after the Trust discovered that four Trust hard drives had been sol
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| June 20, 2012 |
|
|
|
FCC Issues Report on Privacy Issues Regarding Location-Based Services
|
|
|
|
The Federal Communications Commission (FCC) recently published a report analyzing consumer privacy for location-based services, which it defined as "mobile services that combine information about a user's physical location with online connectivity." The FCC sees the industry as a growing one, including not just wireless carriers but companies in a variety of sectors, such as gaming, entertainment, advertising, and m
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| June 19, 2012 |
|
|
|
Does Your Social Media Policy Violate Federal Law?
|
|
|
|
The National Labor Relations Board Acting General Counsel, Lafe Solomon, recently issued a report on employer policies governing the use of social media in the workplace. Winston & Strawn partner, Brian Heidelberger, drafted a summary of the report which was published in Advertising Age.
. . .
Liisa M. Thomas
; Beth K. Louie
|
|
|
|
|
|
| June 18, 2012 |
|
|
|
Washington Court Dismisses Two Claims Against Amazon in Cookie Dispute
|
|
|
|
A federal court in Washington state recently dismissed two claims against Amazon.com for allegedly violating the Computer Fraud and Abuse Act ("CFAA") and common law trespass to chattel when installing cookies on users' computers, allegedly without their knowledge or consent. Plaintiffs had argued that they suffered actionable harm when Amazon installed cookies by exploiting know
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| June 14, 2012 |
|
|
|
Text Message Lawsuits Continue in California
|
|
|
|
While one class action lawsuit is settling in California for $49,100 against a group of car dealerships, another has been filed against the Pittsburgh Penguins. In the first case, the plaintiffs alleged that the car dealerships sent text messages to consumers without their prior express consent. Plaintiff’s counsel had originally indicated that damages –when calcula
. . .
Liisa M. Thomas
|
|
|
|
|
|
| June 13, 2012 |
|
|
|
New Developments on Laws That Bar Employers From Demanding Employee Passwords
|
|
|
|
As we reported in March, federal and state lawmakers have responded quickly to reports that employers have requested employees and job applicants' social media passwords. Recently, Maryland Governor Martin O'Malley signed the first U.S. law that prevents employers from discharging, disciplining, or otherwise penalizing an employee for refusi
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| June 12, 2012 |
|
|
|
FCC Publishes Final Robocall Rule, Impacts Text as Well
|
|
|
|
The Federal Communications Commission published yesterday in the Federal Register its final rule on auto-dialed and pre-recorded calls under the Telephone Consumer Protection Act. As we reported earlier this year, the revised rule will require written consent to contact consumers using auto-dial technology, technology that is frequently used for sending text messages. It al
. . .
Liisa M. Thomas
|
|
|
|
|
|
| June 11, 2012 |
|
|
|
FTC Settles Charges Over Exposure of Consumers’ Sensitive Personal Information
|
|
|
|
The FTC recently announced that it settled charges with two businesses for exposing sensitive personal information of thousands of consumers through use of peer-to-peer (“P2P”) software. In the first case, EPN, Inc., a debt collector whose clients include healthcare providers and commercial credit companies, allowed P2P file-sharing software on its Chief Operating Officer’s computer. The P2P software enabled social security number
. . .
Stephen E. Wieker
; Liisa M. Thomas
|
|
|
|
|
|
| June 8, 2012 |
|
|
|
New Jersey AG Sues Children’s App Developer for COPPA Violations
|
|
|
|
New Jersey Attorney General Jeffrey S. Chiesa recently announced that his office has filed suit against 24x7 digital, LLC. The company develops and operates a series of educational apps under the "TeachMe" brand. Products include "TeachMe: Toddler," "TeachMe: Kindergarten," "TeachMe: 1st Grade," and "TeachMe: 2nd Grade," all of which are sold in the Apple App Store. These products are marketed as "simple and in
. . .
Liisa M. Thomas
; Caroline A. Wenzke
|
|
|
|
|
|
| June 7, 2012 |
|
|
|
Class Action to Proceed in Arkansas for Improper Access of DMV Data
|
|
|
|
An Arkansas court recently certified a class action lawsuit against several companies that purchased the entire Arkansas motor vehicle records database and used it for marketing and other purposes. The lawsuit alleges that such actions constituted a violation of the federal Driver Privacy Protection Act. The Act imposes liability on those who, inter alia, obtain
. . .
Liisa M. Thomas
; Marc H. Trachtenberg
|
|
|
|
|
|
| June 6, 2012 |
|
|
|
EU Refers Five Countries for Failure to Implement Cookie Directive
|
|
|
|
Belgium, the Netherlands, Poland, Portugal, and Solvenia have been referred to the European Court of Justice for failing to enact national legislation to implement the update to the EU e-Privacy Directive. These updates have commonly been referred to as the "cookie directive," and require that website hosts obtain user consent before using non-necessary cookies. Individual EU Member States had until May 25, 2011 to enact national legislation. The EU Commission, which referred the action,
. . .
Liisa M. Thomas
|
|
|
|
|
|
| June 5, 2012 |
|
|
|
Self-Regulatory Program Issues Seven OBA Decisions
|
|
|
|
The Digital Advertising Alliance's Self-Regulatory Program for Online Behavioral Advertising includes an enforcement arm, the Online Interest-Based Advertising Accountability Program (OIAAP). The OIAAP pursues companies that engage in online behavioral advertising (OBA) without following the industry's self-regulatory program (Self-Regulatory Principles for Online Behavioral Advertising), which includes providing con
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| June 4, 2012 |
|
|
|
Court Continues Lawsuit Over iPhone and iPad Personal Data Collection
|
|
|
|
Apple continues to face a putative class action lawsuit over its collection of personal data from iPhone and iPad users after a federal judge in California denied its motion to dismiss on May 3. Plaintiffs allege the apps' retention of Unique Device Identifiers and Apple's transmission of this data to third party developers violated federal and California privacy and computer laws, including the Stored Communications Act, the Electronic Communications Privacy Act, the California Constitu
. . .
Caroline A. Wenzke
; Liisa M. Thomas
|
|
|
|
|
|
| June 1, 2012 |
|
|
|
Amended Class Action Lawsuit Against Facebook Seeks $1.5 Trillion
|
|
|
|
Plaintiffs in a class action lawsuit against Facebook recently filed an amended complaint seeking $1.5 trillion in statutory damages under the Wiretap Act, as well as additional statutory and actual damages under the Stored Communications Act, Computer Fraud and Abuse Act and California state law. The lawsuit alleges that Facebook intercepted the plaintiffs' electronic communications by tracking and intercepting their browsing habi
. . .
Marc H. Trachtenberg
; Liisa M. Thomas
|
|
|
|
|
|
| May 31, 2012 |
|
|
|
Cardiology Practice Settles Alleged HIPAA Violations with Payment of $100,000
|
|
|
|
Under a settlement agreement with the federal government, a cardiology practice in Arizona has agreed to pay $100,000 and implement a corrective actions plan for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA). The Department of Health and Human Services Office for Civil Rights alleged that, among other violations, the cardiology group posted patients' protected health information (PHI) on a publicly accessible Internet-based calendar, did not provid
. . .
Marc H. Trachtenberg
; Liisa M. Thomas
|
|
|
|
|
|
| May 30, 2012 |
|
|
|
Motion to Dismiss TCPA Claims Against Adult Club Denied
|
|
|
|
An adult club called The Playhouse, owned by B&B Entertainment, was accused of sending unsolicited text messages to potential customers using an automated telephone dialing machine in violation of the Telephone Consumer Protection Act. B&B filed a motion to dismiss, arguing that the plaintiffs in the class complaint had not alleged what numbers were called or whether B&B had stopped sending messages upon consumer requests.
. . .
Liisa M. Thomas
; Caroline A. Wenzke
|
|
|
|
|
|
| May 29, 2012 |
|
|
|
FTC Updates Privacy Rules Review Schedule
|
|
|
|
Last year the FTC increased the frequency with which it reviews the regulations under its purview. Currently, the FTC is reviewing 22 of its 65 industry rules and guides to examine their economic impact, whether there is a continuing need for the rule or guide, if it conflicts with other laws (whether federal, state or local), and if the rule or guide has been impacted by any technological or other changes. Of the privacy rules under review right now are the Children's Online Privac
. . .
Liisa M. Thomas
; Jason W. Gordon
|
|
|
|
|
|
| May 22, 2012 |
|
|
|
Calling Reassigned Cell Numbers Likely Violates TCPA
|
|
|
|
The Seventh Circuit recently declined to dismiss a lawsuit against a debt collector that repeatedly called individuals who had inherited their cell phone numbers. The individuals claimed that the company, Enhanced Recovery Co. LLC, had violated the Telephone Consumer Protection Act (TCPA) because they had never given consent to receive calls sent using an auto-dialer. Instead, their cell phone numbers had been previously held by other individuals – who may have granted consent,
. . .
Liisa M. Thomas
|
|
|
|
|
|
| May 17, 2012 |
|
|
|
Marketing Company Agrees to Stop Spamming Facebook Users
|
|
|
|
The Washington Attorney General recently entered into a consent decree with Adscend Media LLC prohibiting the online marketing company from sending "spam" social networking communications. The AG's office had sued Adscend for a program where a Facebook user was allegedly tricked into "liking" certain Adscend-created Facebook pages, which inadvertently spread the sales pitches to their Facebook
. . .
Monique N. Bhargava
; Liisa M. Thomas
|
|
|
|
|
|
| May 16, 2012 |
|
|
|
Massachusetts Issues First Annual Report On Data Breaches
|
|
|
|
The Massachusetts Consumer Affairs and Business Regulation office recently issued its first annual report on data breach notifications. The report is based on information taken from data breach notices filed by companies with the office. These notices are required under Massachusetts law, and have provided the office with extensive information about the nature of breaches of the past several years
. . .
Liisa M. Thomas
; Jason W. Gordon
|
|
|
|
|
|
| May 11, 2012 |
|
|
|
Facebook Sued In Class Action Over Purchases By Minors
|
|
|
|
A class action lawsuit recently filed against Facebook alleges that the company illegally profited off of purchases made by minors within Facebook apps. According to the complaint, the plaintiff’s son (a minor) used her credit card to buy $20 worth of “Facebook Credits,” which could be used in Facebook applications for in-app purchases of virtual items. After that initial purchase, her son then spent hundreds of dollars on more credits, thinking he was spending vi
. . .
Liisa M. Thomas
; Sara Skinner Chubb
|
|
|
|
|
|
| May 10, 2012 |
|
|
|
D.C. Circuit Says Firing Employee Who Secretly Records Meeting is an Unfair Labor Practice
|
|
|
|
On April 20, the United States Court of Appeals for the District of Columbia Circuit upheld a National Labor Relations Board (“NLRB”) ruling that an employer committed an unfair labor practice by firing an employee who secretly recorded a conversation with his supervisor. The employee, a union steward, confronted the supervisor because he believed the supervisor was about to conduct a disciplinary investigation interview with a co-worker without allowing the co-worker to have a witness presen
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| May 9, 2012 |
|
|
|
MySpace Settles FTC Charges of Sharing Information with Advertisers
|
|
|
|
The MySpace privacy policy indicates, according to the FTC, that a users’ personally identifiable information will not be shared for purposes inconsistent with the reasons why it was submitted. MySpace is also a participant in the EU-US Safe Harbor program, under which it self-certified that it would tell users how information was used and give users the ability to opt-out. The FTC recently charged that MySpace, in violation of its pub
. . .
Liisa M. Thomas
|
|
|
|
|
|
| May 3, 2012 |
|
|
|
French Data Protection Authority Announces Audit Priorities
|
|
|
|
The French data protection authority (CNIL) recently announced that this year it will conduct 450 investigations, focusing on current privacy developments including mobile privacy, data breaches, and health data. These investigations are part of an annual audit program conducted by CNIL. For mobile privacy, CNIL will focus its audit efforts on understanding how smartphones collect customer data (at point of sale, during phone usage, and through downloads and use of smartphone apps). For healt
. . .
Liisa M. Thomas
|
|
|
|
|
|
| May 2, 2012 |
|
|
|
Enforcement for Failure to Have Mobile Privacy Policies May Begin This Fall
|
|
|
|
As we reported in February, all of the major app platforms agreed with the California Attorney General that they would require apps sold through their platforms to have privacy policies. A member of the California AG's office said that in six months the AGs office will be looking to bring actions against companies that have failed to put privacy policies in their apps. To provide guidance for companies abo
. . .
Liisa M. Thomas
|
|
|
|
|
|
| April 30, 2012 |
|
|
|
Tennessee Health Plan Pays $1.5 Million for Data Security Problems
|
|
|
|
The Tennessee BlueCross BlueShield health insurance plan suffered a data breach in 2009, and as required by the HITECH Breach Notice law, submitted a report about the breach to the Department of Health and Human Services (HHS). Commentators have noted that the breach suffered by the Tennessee Blue Plan was routine, namely that several of its hard drives were stolen. According to an HHS investigation though, the plan had provided insufficient protection for the health information located
. . .
Liisa M. Thomas
|
|
|
|
|
|
| April 26, 2012 |
|
|
|
Seventh Circuit Holds Company Can Print Credit Card’s Middle Digits on Receipt
|
|
|
|
The Seventh Circuit recently held that Shell Oil had not violated the Fair and Accurate Credit Transactions Act (FACT Act) by printing on sales receipts the middle four digits –instead of the last four digits- of the number on its customers’ credit cards. The Act states that a sales receipt cannot display “more than the last five digits of the card number.” 15 U.S.C. § 1681c(g). Shell Oil issues its own gas cards, which are credit cards that can be used by customers at its gas pumps. These ca
. . .
Liisa M. Thomas
|
|
|
|
|
|
| April 17, 2012 |
|
|
|
FCC Seeking Comment on Whether Confirmation Text to Opt-Out Request Violates TCPA
|
|
|
|
As we have written in the past, several companies have been sued recently for allegedly violating the Telephone Consumer Protection Act when they sent a confirmation text in reply to a consumer's request to stop receiving text messages. In other words, a consumer that texts "STOP" receives a text message from the company that says "we will stop." This confirmation is required under industry group standards
. . .
Liisa M. Thomas
|
|
|
|
|
|
| April 16, 2012 |
|
|
|
Payless Shoes Settles Text Message Class Action Lawsuit
|
|
|
|
Payless recently settled claims that it violated the Telephone Consumer Protection Act by allegedly sending thousands of text message ads using automatic dialers without obtaining consent. According to the complaint, while the consumers had voluntarily provided their cell phone numbers to Payless at the point of purchase, they had not given "express prior consent" for those numbers to be used to re
. . .
Jason W. Gordon
; Liisa M. Thomas
|
|
|
|
|
|
| April 12, 2012 |
|
|
|
Spain Data Breach Law Goes Into Effect, Cookie Consent Requirement Also Updated
|
|
|
|
Spain has recently amended its privacy laws to require notice when there has been a breach of electronic networks or services. The amendment to the country's telecommunications law also now requires use of adequate security measures to protect electronic networks and services. In addition, the updates take into account the EU Directive that companies must get consent prior to putting cookies on users' computers.
TIP: These new requirements serve as a reminder to US companies t
. . .
Liisa M. Thomas
|
|
|
|
|
|
| April 5, 2012 |
|
|
|
FTC Recommends Targeted Data Tracking Legislation and Self-Regulatory Codes
|
|
|
|
On March 26, the FTC released a final report with a framework for consumer privacy. The framework and report has recommendations to lawmakers and businesses alike. In the report, the FTC focused on five key areas: (1) do-not-track; (2) mobile privacy and the development of easy-to-read disclosures; (3) data-broker collection and use of consumer information; (4) tracking of consumer activity by large platforms like ISP, browsers or social media providers; and (5) self-regulatory
. . .
Sara Skinner Chubb
; Liisa M. Thomas
|
|
|
|
|
|
| April 4, 2012 |
|
|
|
Stolen Laptop Results in $15,000 Fine In Massachusetts
|
|
|
|
Maloney Properties Inc., a Massachusetts property management company, recently agreed to pay $15,000 in civil penalties after an employee’s laptop, containing the personal information of approximately 620 residents, was stolen from the employee’s car. In addition to the civil penalties, the company entered to an Assurance of Discontinuance, in which the company agreed to comply with the provisions of its own “Written Information Security Program,” ensure that company-owned laptops and portabl
. . .
Liisa M. Thomas
; Robert H. Newman
|
|
|
|
|
|
| April 3, 2012 |
|
|
|
FTC Settles Security Case for $250,000 in Civil Penalties
|
|
|
|
RockYou, a website that lets users create and share photo slideshows, has settled FTC allegations that it failed to provide adequate security over its online systems (security measures it alleged to be using in its privacy policy). According to the FTC, as a result of RockYou's security failures, hackers were able to access the unencrypted email addresses and passwords of over 32 million users. This is not the first time that RockYou has been under fire for these same security pract
. . .
Liisa M. Thomas
|
|
|
|
|
|
| March 30, 2012 |
|
|
|
Employer Requests for Social Networking Passwords of Job Applicants May Lead to Liability
|
|
|
|
Recently, a maelstrom of publicity arose over a Maryland public agency's practice of asking job applicants to disclose their Facebook or other social networking passwords. Two Senators called for the Equal Employment Opportunity Commission and the Department of Justice to determine whether any federal laws, such as Title VII or the Stored Communications Act, are being broken. In addition, a few state legislatures are currently considering bills that would ban the practice, and some Repre
. . .
Beth K. Louie
; Eric M.D. Zion
|
|
|
|
|
|
| March 28, 2012 |
|
|
|
Mobile Application Makers Accused of Harvesting Address Book Data
|
|
|
|
A complaint filed recently in Texas accuses many well-known mobile application makers (like Twitter, Facebook, Foursquare, and many others) of surreptitiously taking users' address book data. The complaint also names Apple for its role in facilitating the purchase of these apps. According to the complaint, the defendants have violated, inter alia, the Electronic Communications Privacy Ac
. . .
Liisa M. Thomas
|
|
|
|
|
|
| March 27, 2012 |
|
|
|
Class Action for Allegedly Selling Personal Prescription Data Dismissed
|
|
|
|
A class action lawsuit filed against a major pharmacy for allegedly misusing prescription information was recently dismissed. According to the complaint, the misuse had allegedly included sending letters to consumers' physicians suggesting that they prescribe alternate drugs, and providing consumer data to drug companies and data vendors. The plaintiffs based their claim in significant part on an alleged failure by the company to comply with its privacy policies and promises to only
. . .
Robert H. Newman
; Liisa M. Thomas
|
|
|
|
|
|
| March 26, 2012 |
|
|
|
Vicarious Liability for Sending Texts Possible
|
|
|
|
A group of plaintiffs allege that they received unauthorized Jiffy Lube text messages from Heartland, a Jiffy Lube franchisee. Some of the plaintiffs had apparently given their phone numbers to Heartland on their invoices. The messages were sent by a third-party vendor, TextMarks, which sends messages on its clients' behalf. The plaintiffs sued both entities. Heartland filed a motion to dismiss, arguing that it did not send the messages, but only engaged TextMarks, which in turn sent the mess
. . .
Liisa M. Thomas
|
|
|
|
|
|
| March 22, 2012 |
|
|
|
Employer Who Believed Employee Was Suicidal May Be Liable Under the Americans with Disabilities Act
|
|
|
|
In a recent case out of Washington state, a court allowed an employee’s Americans with Disabilities Act (“ADA”) claim to continue even though the employer presented evidence that the employee posed a threat to herself. An employee who had previously been diagnosed with depression and prescribed medication and psychotherapy was assigned to work an early shift. The employee sent an email to her supervisor, stating that the early shift was “stressing [her] out and exhausting [her],” and that she
. . .
Liisa M. Thomas
; Eric M.D. Zion; Beth K. Louie
|
|
|
|
|
|
| March 20, 2012 |
|
|
|
Clinic Found Not Liable for Employee's Disclosure of Patient Health Information
|
|
|
|
A New York medical clinic was sued for breach of confidentiality and other torts after an employee disclosed a patient's confidential health information to the employee's family member, including the fact that the patient was seeking treatment for a sexually transmitted disease. The District Court for the Western District of New York dismissed the case, holding that in this situation the clinic could not be held vicariously liable for the employee's actions. In reaching its conclusion, the co
. . .
Liisa M. Thomas
; Robert H. Newman
|
|
|
|
|
|
| March 13, 2012 |
|
|
|
Global Mobile App Privacy Guidelines Released
|
|
|
|
The GSM Association, which represents mobile carriers worldwide and is headquartered in London, has released guidelines to help mobile app developers create privacy disclosures for their users. The guidelines can be downloaded here from the GSMA website. Under the guidelines, apps should let users know who is collecting information, why, and how it is being used (including if there i
. . .
Liisa M. Thomas
|
|
|
|
|
|
| March 12, 2012 |
|
|
|
Have You Read the Canadian OBA Guidance?
|
|
|
|
Late last year the Canadian Privacy Commissioner issued online behavioral advertising guidelines, that in many ways mirrors the self-regulatory program in the United States. Companies should, according to the Canadian body, give clear and conspicuous notice about tracking activities over time in order to serve targeted advertising. In addition, companies engaging in such activities should give consumers the
. . .
Liisa M. Thomas
|
|
|
|
|
|
| March 8, 2012 |
|
|
|
NIST’s Cloud Computing Privacy Guidelines a Useful Tool
|
|
|
|
The National Institute of Standards and Technology (NIST), a division of the U.S. Department of Commerce, has issued a new Guidelines on Security and Privacy in Public Cloud Computing. In its comments, the NIST acknowledged that cloud computing technologies vary widely, and coexist with many different technologies. This makes the security challenges quite difficult, including those faced by public clouds whose infrastru
. . .
Jason W. Gordon
; Liisa M. Thomas
|
|
|
|
|
|
| March 7, 2012 |
|
|
|
In Iowa, Invasion of Privacy Claim Does Not Require Actual Viewing or Recording
|
|
|
|
Recently, the Iowa Supreme Court allowed an employee to continue with a case against an employer who placed a video camera in a restroom, even though the camera was inoperable where it was placed. The employer had two female assistants, the plaintiff and her co-worker, in his insurance company. The employer found a hypodermic needle in the office's parking lot and suspected that the co-worker was using illegal drugs. He installed a security camera in the office's bathroom, but was u
. . .
Eric M.D. Zion
; Liisa M. Thomas; Beth K. Louie
|
|
|
|
|
|
| March 6, 2012 |
|
|
|
Recent Data Breach Class Actions Dismissed
|
|
|
|
A District Court in California recently dismissed a class action against IBM and Health Net of California after determining plaintiffs lacked standing because they failed to allege "injury in fact" stemming from a data breach. Defendants lost server drives containing personal and medical information of more than 800,000 California residents; however, the Court concluded that named plaintiffs failed to allege a "particularized, real and immediate harm" stemming from the data loss. The court di
. . .
Sara Skinner Chubb
; Liisa M. Thomas
|
|
|
|
|
|
| March 5, 2012 |
|
|
|
Employer Access of Employee’s Personal Email Account May Give Rise to Liability
|
|
|
|
In a recent decision from Massachusetts, a principal and teacher who were employed at the same middle school – and had a romantic relationship – were allowed to continue with their invasion of privacy claim against the town and other school employees. After personal and professional disputes between the principal and superintendent of the school district arose, the superintendent began monitoring the principal's school email account, with the help of other school employees. Evidence
. . .
Beth K. Louie
; Liisa M. Thomas; Eric M.D. Zion
|
|
|
|
|
|
| March 2, 2012 |
|
|
|
Employer May be Liable for Searching Employee’s Email Account Where There Was No Policy of Email Monitoring
|
|
|
|
In a case out of the Northern District of California, two employees of the City and County of San Francisco Department of Emergency Communications ("DEC") brought suit against their employer for violation of the Stored Communications Act ("SCA") and state privacy law. DEC provided a bank of computers for employees to use to check their personal email and surf the internet. DEC did not have a policy concerning email privacy or stating that employee emails and email use may be monitor
. . .
Beth K. Louie
; Liisa M. Thomas; Eric M.D. Zion
|
|
|
|
|
|
| March 1, 2012 |
|
|
|
FCC Robo Call Revision Heightens "Consent" for Sending Texts
|
|
|
|
In new rules approved by the FCC on February 15, companies that want to contact consumers through auto-dialed or pre-recorded calls or texts will need to get prior express written consent. For text messages, it appears that obtaining consent can be done through a text from the consumer, provided that the consumer is clearly told what will happen if he or she sends in a text to provide consent in this manner. Consent can also be obtained online (for example, in situations where the company is
. . .
Liisa M. Thomas
|
|
|
|
|
|
| February 29, 2012 |
|
|
|
Class Action Lawsuits Alleging Violations of California's "Shine the Light" Law
|
|
|
|
Several companies were sued at the end of last year for violations of California's "Shine the Light" law, which requires companies to take certain notification steps if sharing personal information with third parties for those third parties' advertising purposes. Those steps include having a link on the home page to a disclosure about its sharing practices called "Your Privacy Rights" or "Your California Privacy Rights" (this wording can be added to the to the privacy policy link, such a
. . .
Liisa M. Thomas
|
|
|
|
|
|
| February 28, 2012 |
|
|
|
Taiwan Delays Implementation of Privacy Law, China Website Privacy Law Effective March 15
|
|
|
|
Taiwan's 2010 Personal Data Protection Act will require data security and data breach notification obligations to the country's existing law: the Computer-Processed Personal Data Protection Act. Following the country's January presidential elections, however, the implementation date of the rules has been delayed. In China, on the other hand, websites will have to follow nationwide rules that, according to sources, require more heightened notice to users about how information will be used. The
. . .
Liisa M. Thomas
|
|
|
|
|
|
| February 27, 2012 |
|
|
|
Cruise Line Sued in NY for Alleged TCPA Violation
|
|
|
|
In February 2012 a class action suit was brought against Caribbean Cruise Line alleging violations of the Telephone Consumer Protection Act (TCPA). According to the complaint, the named defendant received a call that used an artificial or pre-recorded voice, indicating that if he stayed on the line, he could take a survey and have a chance to win a free cruise. According to the complaint, if a consumer did stay on the line, he was connected to a representative who promoted the company's
. . .
Liisa M. Thomas
|
|
|
|
|
|
| February 24, 2012 |
|
|
|
Third Circuit Rules FACT Act Prohibits Printing Partial Expiration Dates On Receipts
|
|
|
|
The Third Circuit recently ruled that Tommy Hilfiger U.S.A., Inc. had violated the Fair and Accurate Transactions Act ("FACT Act") by printing the month that the credit card expires (but not the year). The FACT Act provides that merchants who accept credit or debit cards shall not print the "expiration date" of the cards upon any receipt provided to the cardholder at the point of sale. Although the term expiration date was not defined in the statute, Tommy Hilfiger argued that it re
. . .
Liisa M. Thomas
; Jason W. Gordon
|
|
|
|
|
|
| February 23, 2012 |
|
|
|
Your Smartphone App Needs a Privacy Policy Says CA AG, App Stores to Implement Requirement
|
|
|
|
For companies that have apps for mobile phones, having a privacy policy is now a must in California. In an interesting move, the California Attorney General reached an agreement with what her office is calling "the six companies whose platforms comprise the majority of the mobile apps market." Under the agreement, apps must have a privacy policy, and that policy must be available to users before they download the app. The AG
. . .
Liisa M. Thomas
|
|
|
|
|
|
| February 21, 2012 |
|
|
|
Supreme Court Rules GPS Tracking is a Search Requiring Warrant
|
|
|
|
The U.S. Supreme Court recently ruled that the government's use of a GPS tracking device on a vehicle constitutes a search, thus requiring a warrant under the Fourth Amendment. In the case, the government had obtained a search warrant to install a GPS tracking device on a drug suspect's vehicle. The warrant authorized installation within ten days of the warrant in Washington D.C., but the agents installed the device on the 11th day, and in Maryland. The vehicle's movements were trac
. . .
Liisa M. Thomas
; Jason W. Gordon
|
|
|
|
|
|
| February 16, 2012 |
|
|
|
FTC Releases Report That Privacy Disclosures in Kids’ Mobile Applications Inadequate
|
|
|
|
The Federal Trade Commission released a report today showing the details of a survey of privacy disclosures and mobile apps for children. The survey results show that neither the app stores nor the app developers provide parents with notice regarding what types of information are collected from children. To create its report, the FTC looked at the Apple App store and Android Marketplace promotion pages, as well as the appl
. . .
Liisa M. Thomas
; Sara Skinner Chubb
|
|
|
|
|
|
| February 10, 2012 |
|
|
|
CDA Found Inapplicable to Use of Names and Likenesses in Facebook’s Sponsored Ads
|
|
|
|
A putative class action was filed against Facebook alleging that Facebook unlawfully misappropriated the plaintiffs' names, photographs, and likenesses for use in paid "Sponsored Stories" without first obtaining the plaintiffs' consent. A "Sponsored Story" is a paid advertisement that appears on a Facebook page and generally contains another friend's name, profile picture, and a statement that the person "likes" the advertiser (which communicates that the friend has used Facebook's "like" fun
. . .
Robert H. Newman
; Brian D. Fergemann
|
|
|
|
|
|
| February 9, 2012 |
|
|
|
Illinois Data Breach Law Amendment in Effect, New Security Provisions Added: Are You Compliant?
|
|
|
|
Illinois has had a data breach notification law since 2005, but on January 1, 2012, an amendment went into effect. Under this amendment companies must include specific disclosures in their notices to consumers. These notices must be sent if covered information has been breached, as defined by Illinois law. This amendment brings the Illinois law into harmony with the requirements of other states. The new requirements include telling consumers that they can file a police report, how to place a
. . .
Liisa M. Thomas
|
|
|
|
|
|
| February 8, 2012 |
|
|
|
Minnesota AG Sues Debt Collection Agency For Alleged HIPAA Violations
|
|
|
|
The Minnesota Attorney General recently filed suit against a company that served as both a debt collection agency and revenue cycle management service provider for hospitals, alleging it violated the federal Health Insurance Portability and Accountability Act (HIPAA) and the Minnesota Health Records Act by failing to protect private patient information it obtained through contracts with two Minnesota hospital systems. The complaint alleges that Accretive Health Inc., the debt collection agenc
. . .
Sara Skinner Chubb
; Marion Kristal Goldberg; Liisa M. Thomas
|
|
|
|
|
|
| February 1, 2012 |
|
|
|
Class Action Suit Filed Over Zappos.com Data Breach, AGs Request More Information
|
|
|
|
A complaint was filed on January 16, 2012 in Kentucky against Amazon.com on behalf of a putative class of some 24,000,000 customers of Zappos.com, which is owned by Amazon.com. The suit alleges that Amazon violated the Fair Credit Reporting Act ("FCRA"), when it allowed a hacker to access part of its internal network and systems, enabling the hacker to gain access to customer personal information such as names and addresses, email addresses, phone numbers, encrypted passwords, and the la
. . .
Marc H. Trachtenberg
; Liisa M. Thomas
|
|
|
|
|
|
| January 27, 2012 |
|
|
|
EU Releases Final Data Protection Framework
|
|
|
|
The European Union has released a much-anticipated draft data protection regulation, which would replace the existing EU privacy framework, in place since 1996. Under the current framework, each member state has put into place its own implementing legislation under an EU directive. Under the proposal, there would be both a directive for national legislation, as well as an EU-level regulation on privacy. Key changes from the existing laws would include a requirement to notify lo
. . .
Liisa M. Thomas
; Monique N. Bhargava
|
|
|
|
|
|
| January 26, 2012 |
|
|
|
No Requirement for Extra Consent for use of Google Analytics in Ireland
|
|
|
|
The Irish Data Protection Agency has clarified that website operators in Ireland using Google Analytics to collect information from website visitors do not need to obtain “explicit separate consent” from visitors. However, according to the Irish DPA, website operators should generally disclose the use of cookies on the website, including the use of analytics technology. The Irish DPA’s clarification comes in response to the implementation of its new rules pursuant to modifications
. . .
Monique N. Bhargava
; Liisa M. Thomas
|
|
|
|
|
|
| January 25, 2012 |
|
|
|
Mobile Marketing Association Releases Mobile App Privacy Guidelines
|
|
|
|
As companies work this year towards creating privacy policies that are clear and comprehensible in the mobile environment, they may find the proposed "Mobile Application Privacy Policy Framework" from the Mobile Marketing Association helpful. The framework recommends content that mirrors what many already have in their privacy policies: (1) what information is collected by the application; (2) if geo-location information is obtained; (3) if third parties have access to information; (4) if inf
. . .
Liisa M. Thomas
; Monique N. Bhargava
|
|
|
|
|
|
| January 17, 2012 |
|
|
|
Massachusetts Court Notes ZIP Codes Personally Identifiable Under Credit Card Transaction Laws
|
|
|
|
Following the lead of California courts, a Massachusetts district court recently held that ZIP codes are personal identifiable information under a Massachusetts law that prohibits recording such information on a credit card transaction form. In that case, the plaintiffs alleged that a large national retailer collected and recorded ZIP codes on credit card transaction forms at the time of purchase, and used the ZIP codes in conjunction with other information to obtain plaintiffs’ home addresse
. . .
Liisa M. Thomas
; Sara Skinner Chubb
|
|
|
|
|
|
| January 12, 2012 |
|
|
|
FTC Settles With College Savings Provider Over Toolbar’s Alleged Insufficient Safeguards
|
|
|
|
The Federal Trade Commission brought an action against Upromise Inc., a company that provided services to consumers trying to save money for college, alleging that the "Turbosaver Toolbar" offered by the company deceptively collected and transmitted consumer personal information. Upromise's Turbosaver Toolbar allowed consumers to identify and select merchants from which the consumer could receive rebates which were then placed into the consumer's college savings account. The Turbosaver T
. . .
Liisa M. Thomas
; Monique N. Bhargava
|
|
|
|
|
|
| December 19, 2011 |
|
|
|
Class Action Against Amazon.com Over Browser Privacy Settings Dismissed
|
|
|
|
On December 1, 2011, the U.S. District Court for the Western District of Washington dismissed a class action lawsuit against Amazon.com alleging violation of the Computer Fraud and Abuse Act ("CFAA") and several state law claims based on Amazon.com's use of cookies and related tracking technologies. In dismissing the case, the court found that the plaintiffs failed to allege that Amazon's actions caused any legally cognizable harm. The plaintiffs had alleged that Amazon exploited a known weak
. . .
Liisa M. Thomas
; Marc H. Trachtenberg
|
|
|
|
|
|
| December 18, 2011 |
|
|
|
FTC Settles with Telemarketer Who Threw Customer Data into Dumpsters
|
|
|
|
On September 29, 2011, the U.S. District Court for the District of Maryland approved stipulated injunctions against a debt relief group and a mortgage relief group to settle an FTC enforcement action for deceptive marketing practices, violations of the Telemarketing and Consumer Fraud and Abuse Act (TCPA), and violations of the Telemarketing Sales Rule (TSR). The FTC alleged that the defendants deceived financially distressed homeowners in order to sell them debt and mortgage assistance
. . .
Liisa M. Thomas
; Marc H. Trachtenberg
|
|
|
|
|
|
| December 16, 2011 |
|
|
|
Class Action Complaint Filed Against Facebook for Tracking Logged-Out Users
|
|
|
|
In a case mirroring one we reported on recently filed in Arkansas, Facebook is facing another class action complaint regarding its tracking of users. According to the complaint, this time filed in Kansas, Facebook allegedly tracked, collected, and stored its users' wire or electronic communications, including their Internet browsing history even when the users were not logged-in to Facebook, without their
. . .
Liisa M. Thomas
; Jason W. Gordon
|
|
|
|
|
|
| December 15, 2011 |
|
|
|
California Restricts Employer Use of Credit Reports
|
|
|
|
Governor Jerry Brown recently signed into law a new restriction on the ability of employers to obtain credit reports for employment purposes. The law, California Assembly Bill 22 (“AB 22”), prohibits employers from using credit reports in the hiring or promotion processes. There are exceptions to the prohibition in AB 22, however. Employers may obtain credit reports for prospective or current employees who fall into certain exempt categories, including managerial positions
. . .
Liisa M. Thomas
; Cardelle B. Spangler; Beth K. Louie
|
|
|
|
|
|
| December 15, 2011 |
|
|
|
Use of GPS Tracking Device on Employee’s Car Found Reasonable
|
|
|
|
On November 23, 2011, a New York state appeals court found that the Department of Labor (DOL) acted lawfully when the agency’s Office of the Inspector General placed a GPS device on an employee’s car, even though the device tracked the employee outside of work hours. The employee had a long history of work misconduct, and the DOL believed that the employee was leaving work without permission and falsifying time records. The DOL attempted to have a private investigator follo
. . .
Liisa M. Thomas
; Cardelle B. Spangler; Beth K. Louie
|
|
|
|
|
|
| December 14, 2011 |
|
|
|
Web Rewards Program Sign-Up Disclosures Found to be Sufficient
|
|
|
|
In a recent class action lawsuit, an online marketing company was accused of tricking consumers into enrolling into certain membership programs. The District Court for the District of Massachusetts granted the defendants’ motion for summary judgment, reasoning that the plaintiff “cannot now show the necessary connection between the allegedly deceptive materials and her mistaken enrollment such that the defendants would be responsible for the asserted harm.” The court furthe
. . .
Liisa M. Thomas
; Robert H. Newman
|
|
|
|
|
|
| December 13, 2011 |
|
|
|
Facebook Sued in (Another) Class Action Over Tracking Practices
|
|
|
|
Facebook is facing another consumer class action suit over its alleged practice of using tracking cookies to collect information from users when they were logged out of their Facebook accounts. Plaintiffs allege that Facebook tracked, collected and stored users’ online activities, including portions of internet browsing history. Further, plaintiffs allege that the information collected by Facebook when users were logged off contained personal data and electronic communicati
. . .
Liisa M. Thomas
; Sara Skinner Chubb
|
|
|
|
|
|
| December 12, 2011 |
|
|
|
Entertainment Website Settles Class Action Claim Over Flash Cookies
|
|
|
|
In another class action suit over flash cookie tracking, video entertainment website Metacafe agreed to a settlement barring it from using flash cookies to track users without their consent. Plaintiffs alleged Metacafe used flash cookies to track users and transmit personally identifiable information to third parties, and through the use of those flash cookies, circumvented users’ browser settings (which is where a user normally rejects or deletes cookies). Under the propos
. . .
Liisa M. Thomas
; Sara Skinner Chubb
|
|
|
|
|
|
| December 9, 2011 |
|
|
|
Pandora Sued for Allegedly Sharing User Data Without Consent
|
|
|
|
A class action lawsuit was recently filed against Internet radio service Pandora for alleged violations of Michigan’s Video Rental Privacy Act. The complaint alleges that although Pandora said users’ profile pages would be accessible only to other registered Pandora users who knew an individual’s “unique-mail address,” Pandora made these records publicly available. The plaintiffs further allege that Pandora integrated users’ profile pages with their Facebook accounts withou
. . .
Liisa M. Thomas
; Robert H. Newman
|
|
|
|
|
|
| December 8, 2011 |
|
|
|
France Telecom Industry Launches Do-Not Call Registry
|
|
|
|
Industry groups in France recently launched the Pacitel list, a national Do-Not-Call registry that will allow consumers to each add up to six phone numbers. Creation of the list is aimed at curbing unsolicited marketing phone calls to consumers. Participating companies, which account for nearly 80 percent of companies that make telephone sales calls in France, have agreed not to call any of the numbers on the list. Additionally, participants agree to restrict calls to numbe
. . .
Liisa M. Thomas
; Sara Skinner Chubb
|
|
|
|
|
|
| December 7, 2011 |
|
|
|
Employees Fired for Facebook Posts Awarded Backpay
|
|
|
|
An administrative law judge recently found that an employer violated the National Labor Relations Act when it fired five employees for posting Facebook comments about a co-worker’s criticism of their work. The co-worker, Lydia Cruz-Moore, told the employees that she was going to tell a manager that they were not doing their jobs correctly. One employee posted a message on her own personal Facebook page regarding the complaint, and other employees, including Cruz-Moore, also
. . .
Liisa M. Thomas
; Cardelle B. Spangler; Beth K. Louie
|
|
|
|
|
|
| December 6, 2011 |
|
|
|
Proposed Federal Acquisition Rule Would Require Contractor Privacy Training
|
|
|
|
A proposed Federal Acquisition Regulation rule, published on October 14, 2011 in the Federal Register, would require that federal government contractors who work with government records or personal information complete privacy training. The proposed rule would deny contractors access to the records until they completed the training. The rule would also mandate seven areas the privacy training must cover, including the handling and safeguarding of personally identifiable inf
. . .
Liisa M. Thomas
; Cardelle B. Spangler; Beth K. Louie
|
|
|
|
|
|
| December 5, 2011 |
|
|
|
Actress Sues Over Posting of Her Age on IMDB.com
|
|
|
|
An actress (who filed the complaint as “Jane Doe”) recently sued IMDb.com (and its owner Amazon.com, Inc.) for disclosing her age on the IMDb.com website. IMDb.com attempts to list every production upon which a writer, performer or crew member has ever worked. IMDb.com offers a paid service, called IMDbPro, which provides additional information to paying customers. According to the complaint, the actress subscribed to IMDbPro, and provided her personal and credit card infor
. . .
Liisa M. Thomas
|
|
|
|
|
|
| December 2, 2011 |
|
|
|
RockYou Settles Case Alleging Failure to Protect User Login Information
|
|
|
|
As we wrote in January 2010, RockYou Inc., maker of certain social media applications, was sued in California for failure to protect consumers' information, including usernames and passwords. The plaintiff argued that because these combinations were usually a user's email address plus the same password that the user employed for the email account, if this information was accessed by an unauthorized third party, the consumer would be put at risk. In particular, tha
. . .
Liisa M. Thomas
|
|
|
|
|
|
| December 2, 2011 |
|
|
|
Case Regarding Ability to Send Text After Consumer Opts Out Survives Motion to Dismiss
|
|
|
|
According to a complaint filed in the Southern District of California, a bank customer received an unsolicited text message from his bank after inquiring about a personal line of credit. The message indicated that the bank needed to talk to the customer about "your recent application." The customer opted out as directed in the text, and received a confirmation text indicating that the bank would no longer send him text messages. The customer filed suit, alleging that both messages v
. . .
Liisa M. Thomas
|
|
|
|
|
|
| December 1, 2011 |
|
|
|
Court Upholds $1 Million Damages Award Against Credit Reporting Service
|
|
|
|
A federal court in California recently upheld a $1 million verdict against Equifax Information Services. The case involves an individual whose identity was stolen while he was undergoing cancer treatment. Shortly thereafter, he received letters from financial institutions thanking him for credit applications that he submitted. Plaintiff’s thief was charged and convicted with a criminal violation of HIPAA, since the thief was a medical professional at the cancer center where
. . .
Liisa M. Thomas
; Jason W. Gordon
|
|
|
|
|
|
| November 30, 2011 |
|
|
|
Facebook Settles Privacy Complaints with Federal Trade Commission
|
|
|
|
The Federal Trade Commission has just announced a settlement with Facebook, Inc. in connection with charges by the FTC that Facebook engaged in deceptive privacy practices. The FTC alleged that Facebook did not disclose to users that their Facebook information could be accessed by third parties without the users' explicit authorization. In particular, according to the FTC, although Facebook's privacy controls led users to believe that they could control who could see and access their profile
. . .
Liisa M. Thomas
; Monique N. Bhargava
|
|
|
|
|
|
| November 8, 2011 |
|
|
|
Kids Social Networking Site Settles COPPA Charges, Includes Civil Penalties of $100,000
|
|
|
|
The FTC has just announced a settlement with the operator of a social networking website for kids. The website, Skid-E-Kids (www.skidekids.com), is directed to children between 7 and 14, and bills itself as the "Facebook and MySpace for Kids." According to the FTC complaint, a child who visits Skid-E-Kids is able to register and begin using his or her account without parental consent. A child provides his or her birthdate (which can be un
. . .
Liisa M. Thomas
|
|
|
|
|
|
| October 20, 2011 |
|
|
|
Credit Reporting Agency to Pay $1.8 Million for Alleged FCRA Violations
|
|
|
|
Teletrack Inc., a consumer credit reporting agency being investigated by the FTC, agreed to a consent judgment in which it will pay $1.8 million due to alleged violations of the Fair Credit Reporting Act (FCRA). In the complaint, the FTC alleged that Teletrack sold sensitive consumer information without a permissible purpose. The FTC argued that Teletrack is subject to the FCRA because it “regularly sells...information on consumers that it assembles for the purpose of furnishing consumer repo
. . .
Liisa M. Thomas
|
|
|
|
|
|
| October 19, 2011 |
|
|
|
California Court Rules Song-Beverly Does Not Apply Online
|
|
|
|
The California Song-Beverly Act prohibits retailers from collecting certain personally identifiable information during a credit card transaction. In a case brought against the online website, Craigslist, the plaintiff asserted that Craigslist should have complied with that law, and should not have collected addresses and phone numbers during a credit card transaction online. The court dismissed the case, finding that the Act does not apply to online businesses.
TIP: This is a
. . .
Liisa M. Thomas
|
|
|
|
|
|
| October 17, 2011 |
|
|
|
FTC Issues Proposed Revisions to COPPA Rule
|
|
|
|
The FTC issued proposed revisions to the Children’s Online Privacy Protection Rule (the “Rule”) and is seeking comment. The Commission proposes modifications to the Rule in the following five areas: Definitions, Notice, Parental Consent, Confidentiality and Security of Children’s Personal Information, and Safe Harbor Programs. In addition to modifying these provisions, the Commission proposes adding a new Rule section addressing data retention and deletion.
The proposed rules seek to
. . .
Liisa M. Thomas
|
|
|
|
|
|
| October 14, 2011 |
|
|
|
Defunct Internet Marketer to Pay $2.4 Million in Class Action Settlement
|
|
|
|
NebuAd, Inc., an online advertising company that recently went out of business, has agreed to settle class action claims stemming from alleged violations of federal and state privacy laws. As we previously reported in June, plaintiffs filed suit against NebuAd and several defendant ISPs because of their collective practice of tracking consumers’ online activities in order to deliver targeted advertisements. The complaint stated that the ISP
. . .
Liisa M. Thomas
|
|
|
|
|
|
| October 13, 2011 |
|
|
|
Another Class Action Complaint Filed for Use of Cookies
|
|
|
|
A class action complaint was recently filed against a major internet service provider alleging violations of the Electronic Communications Privacy Act, the Computer Fraud and Abuse Act, as well as violations of the Privacy Act of Massachusetts. When a consumer downloads a web page that contains video content designed to be displayed using Adobe’s Flash software, the Adobe Flash Player software installed on the consumer’s computer can be used to display that video content on a Web page. When a
. . .
Liisa M. Thomas
|
|
|
|
|
|
Select A Region
Search for an attorney.
