Winston & Strawn: Privacy Law News Client Bulletin

Ninth Circuit Affirms Facebook Beacon Settlement Award
Facebook launched its “beacon” program in 2007. The program is intended to let members share with friends information about what they do elsewhere on the Internet. The program operated by updating a member’s personal profile to reflect certain actions the member had taken on websites belonging to companies that had contracted with Facebook to participate in the beacon program. Although Facebook initially designed the Beacon program to give members opportunities to prevent the broadcast…

FTC Settles Computer Spying Charges with Several Companies
A software design firm and seven computer rent-to-own companies have settled charges with the Federal Trade Commission that the companies spied on consumers through software surreptitiously installed on rented computers. The software design firm, DesignerWare LLC, licensed software to several players in the rent-to-own business. The software—known as PC Rental …

West Virginia Senator Launches Investigation into Data Broker Privacy Practices
Senator John D. Rockefeller IV (D-W.Va.) recently sent a letter to nine data brokers, asking them to provide detailed information about their privacy policies and practices for compiling, storing, and selling information about consumers. The nine firms – Acxiom, Experian, Equifax, Epsilon, Transunion, Reed Elsevier, Spokeo, Datalogix, and Rapleaf – are expected to respond to …

[top]

FTC Settles COPPA Allegations with Operator of Justin Bieber Fan Website
Artist Arena LLC—an operator of fan web sites for Justin Bieber, Selena Gomez, Rihanna, and Demi Lovato—has agreed to pay $1 million to settle the Federal Trade Commission’s charges that the sites violated the Children’s Online Privacy Protection Act. Artist Arena allegedly collected personal information, such as name, e-mail address, street address, and phone number, from children under the age of 13 without the …

[top]

FTC Offers $50,000 Challenge to Discover Robocall Solution
The FTC recently opened a public “challenge” for the “public to create an innovative solution to block illegal commercial robocalls on landlines and mobile phones.” The FTC has offered a $50,000 cash prize for the best technical solution. As we reported in June, the FCC has taken a keen interest in robocalls recently by, among other things, publishing a final …

FTC Shuts Down Five “Cardholder Services” Robocallers
The FTC has announced that it received temporary restraining orders against five robocalling operations that allegedly tricked consumers out of hundreds or thousands of dollars by making false claims that they could reduce credit card interest rates in return for a fee. The pre-recorded, automated calls often started with the message: “Hi, this is Rachel from cardholder services….”

Vodafone Fined in Ireland for Unsolicited Calls and Texts
Ireland’s Office of the Data Protection Commissioner recently announced an agreement with Vodafone under which Vodafone will pay a total of €40,000 ($51,432) to several registered charities to settle complaints that the company violated regulations on unsolicited marketing calls and texts. The commissioner alleged that Vodafone’s marketing violated Irish privacy laws. Vodafone must also make goodwill gestures directly…

[top]

Cable Company Sued Over Data Retention and Privacy Practices
A class action lawsuit was recently filed in California against Bright House Networks LLC, a cable operator, alleging that the company violated the Cable Communications Policy Act (47 U.S.C. § 551(a), (e)) by indefinitely retaining customers’ personally identifiable information and failing to send annual privacy notices to customers. The Act requires that cable operators destroy the personally identifiable information of former …

Irish Data Protection Commission Fines Eircom Over Breach
The Irish data protection office (“ODPC”) brought legal action last month against telecommunications firm Eircom and two of the company’s cell phone subsidiaries for failing to encrypt two stolen laptops, as required by Irish Regulation 4(I) of SI 336, and then waiting more than one month to notify the ODPC and subscribers of the breach. The Irish law requires notification of a breach to both impacted individuals and the Irish …

[top]

Equifax Settles FTC Charges Over Failure to Adequately Protect Consumer Information
Equifax Information Services LLC, one of the countries “big three” consumer reporting agencies, has settled charges with the FTC that it improperly sold lists of consumers who were late on their mortgage payments in violation of the FTC Act and the Fair Credit Reporting Act (“FCRA”). Equifax will pay $393,000 to resolve allegations that it …

Payday Lenders Settle FTC Charges of Improperly Disposing Consumer Data
PLS Financial Services, Inc. and The Payday Loan Store of Illinois, Inc.—companies involved in the payday lending and check cashing industries—have agreed to pay a total of $101,500 to settle FTC charges that they violated federal law by improperly disposing of sensitive consumer in dumpsters. The FTC alleges that the defendants failed to take reasonable measures to protect consumer information, including Social …

[top]

California AG Announces Settlement with Health Insurer Over Social Security Number Disclosures
California Attorney General Kamala D. Harris recently announced a settlement with Anthem Blue Cross, part of WellPoint Inc., regarding allegations that the health insurer unlawfully disclosed the Social Security numbers of about 33,000 Medicare subscribers between April 2011 and March 2012. According to the state’s complaint (filed simultaneously with the settlement), Anthem printed the Social Security numbers on letters to policyholders that could be seen through the envelope window. .

[top]

UK ICO Releases New Cloud Computing Guidance
The UK Information Commissioner’s Office recently published guidance on compliance with the Data Protection Act of 1988 for those who use cloud computing. The guidance emphasizes that a business may outsource its data processing through the use of cloud computing services, but that business remains responsible for how …

Swiss Banks Under Fire for Cross-Border Transfers of Personnel Information
Employees privacy rights and their protection in the cross-border transfer of data have been the subject of a significant controversy in Switzerland in the past couple of weeks. Further to an investigation opened by the New York Attorney General against several Swiss banks for allegedly assisting U.S. tax payers in tax evasion, six Swiss banks transmitted to the United States Department of Justice information about 7,000 to 10,000 of their employees, former employees, portfolio managers …

FTC Holding Cross-Border Codes of Conduct Forum on Nov. 29
The Federal Trade Commission recently announced the agenda for its upcoming forum on cross-border codes of conduct. The forum will be an all-day series of panels held on November 29, in the FTC’s office on New Jersey Avenue, in Washington, D.C. Although the forum tackles the topic of cross-border codes of conduct generally, and includes topics…

[top]

First Self-Regulatory Enforcement Actions Brought Against Advertisers
The Online Interest-Based Advertising Accountability Program (OIAAP), the body charged with enforcement of the Self-Regulatory Principles for Online Behavioral Advertising, recently released five decisions following inquiries into the practices of Kia Motors America and the advertising networks that serve Kia ads. The OIAAP determined that certain Kia ads failed to comply with …

Web Analytics Firm Settles FTC Charges Over Collection and Use of Consumer Information
Compete Inc., a Boston-based web analytics company, settled charges with the FTC regarding alleged violations of the Federal Trade Commission Act for false and deceptive privacy practices. The FTC accused Compete of using its web tracking software without properly disclosing the extent of personal information it collected and failing to honor promises to protect the personal data collected.

UK Government to Examine Online Personalized Pricing Practices
The Office of Fair Trading (“OFT”)—the UK’s consumer and competition authority, with powers similar to the U.S. Federal Trade Commission—recently announced that it will investigate how businesses monitor online shoppers and target them with personalized prices. The OFT reports that it plans to look at how online companies gather data on consumers' browsing history, purchases, hardware, and demo …

[top]

NLRB Invalidates Several Employers’ Social Media Policies
As we recently reported, the National Labor Relations Board (NLRB) and its administrative law judges have issued decisions striking down several workplace social media policies, creating uncertainty as to what social media activities employers may lawfully regulate or prohibit. In one such case, an administrative law judge for the NLRB …

California Employers Prohibited From Asking for Social Media Passwords
On September 27, 2012, California Governor Jerry Brown signed into law Assembly Bill 1844, which prohibits employers from asking current or prospective employees for the log-in information for their personal social media accounts. A.B. 1844 also prohibits employers from requiring that employees or applicants access their social media accounts in the presence of the employer.

Spyware Installed on Employee’s Computer Violated Electronic Communications Privacy Act
An Illinois court recently held that an employer violated the Electronic Communications Privacy Act when it intercepted the employee’s work and personal email accounts. The employer installed software on the employee’s computer that sent all of the employee’s work emails to a dummy account, which was monitored by the employer. The court found that this constituted an “interception” of the emails under the meaning of the law, even though the full emails were not actually delivered to the account …

Employer Did Not Violate Law in Firing Employee for Facebook Post
The National Labor Relations Board recently adopted the decision of an administrative law judge finding that an employer lawfully discharged an employee for a Facebook post made about a car accident at the workplace (an auto dealership). The administrative law judge held that the employee’s post about the accident was not protected by the National …

Employer May be Liable for Accessing Employee’s LinkedIn Account
A Pennsylvania court recently found that a plaintiff who alleged her employer unlawfully took control of her LinkedIn account could not proceed on claims under the Computer Fraud and Abuse Act and the Lanham Act, although the court did find that the former employee could proceed on her state law claims for invasion of privacy, identity theft, conversion, and …

Manager’s Facebook Post Did Not Establish Invasion of Privacy/Emotional Distress Claims
A Minnesota court recently dismissed the invasion of privacy and intentional infliction of emotional distress claims of a former employee after a manager posted about the employee’s termination on Facebook. The case was brought by an aerobic coordinator at LA Fitness who was fired.

Employer Not Liable for Terminating Employee After Facebook Message
An Ohio court recently ruled that an employee’s termination did not fall within the public policy exception to the employment-at-will doctrine and dismissed the employee’s claims against the employer. The employee, erroneously believing that a supervisor with whom she had a contentious relationship had been fired, sent a message through Facebook celebrating the news of the firing.

Canadian Supreme Court Finds Reasonable Expectation of Privacy in Work Computer
The Canadian Supreme Court recently held (in Her Majesty the Queen v. Cole) that an employee had a reasonable expectation of privacy in his employer-issued work computer. The case began when a school teacher with administrative rights accessed a student’s email account. The teacher did this from his work computer, and found that the student had nude images of another student in an email.

[top]

Attorney Advertising Materials

These materials have been prepared by Winston & Strawn for informational purposes only, and are not intended as, nor should they be used as a substitute for, legal advice which turns on specific facts. Receipt of this information does not create an attorney-client relationship. Along with this client bulletin, a library of all the Winston & Strawn LLP Client Bulletins published to date can be accessed by visiting the Publications section of Winston & Strawn’s Web site (www.winston.com).

October/November 2012

PODCASTS

WINSTON & STRAWN CONTACTS