Archives: Consumer Privacy

Subscribe to Consumer Privacy RSS Feed

Maryland Amends Personal Information Protection Act

The Maryland General Assembly has recently amended its Maryland Personal Information Protection Act, House Bill 974, effective January 1, 2018. Notable amendments expand the definition of personal information, modify the definition of breach of the security of the system, provide a 45-day timeframe for notification, allow alternative notice for breaches that enable an individual’s email … Continue Reading

Washington Joins Growing List of States with Laws Protecting Biometric Information

Not to be outdone by the recent attention to biometric information in Illinois, and the Prairie State’s Biometric Information Privacy Act (BIPA), Washington enacted a biometric data protection statute of its own, HB 1493, which became effective July 23, 2017. What it notable about Washington’s new biometric information law? It prohibits “persons” from “enrolling” “biometric … Continue Reading

Illinois Class Actions Spark New Attention For Biometric Data Applications

Capturing the time employees’ work can be a difficult business. In addition to the complexity involved with accurately tracking arrival times, lunch breaks, overtime, etc. across a range of federal and state laws (check out our Wage and Hour colleagues who keep up on all of these issues), many employers worry about “buddy punching” or … Continue Reading

Unsolicited Call Without Charge Held a Violation of TCPA

Recently, the United States Court of Appeals was called upon to determine whether an unsolicited call that did not result in a charge to the consumer violated the Telephone Consumer Protection Act (“TCPA”) and, if it did, was the harm sufficiently concrete to provide plaintiff with standing to sue. Susinno v. Work Out World, Inc. … Continue Reading

Retailer Successfully Defends Text Messaging TCPA Claim

Earlier this month, the United States Court of Appeals for the Seventh Circuit in Blow v. Bijora upheld a lower court decision rejecting a plaintiff’s claim that she did not consent to receive text messages from the defendant retailer. Plaintiff brought this class action seeking $1.8 billion in damages by alleging that the company’s practice … Continue Reading

Global Cyberattack Exploits Known Vulnerabilities

As you likely know by now, international cybercriminals launched a worldwide ransomware attack last Friday with the European law enforcement agency Europol reporting over 100,000 affected organizations in 150 countries, including the U.S. Reports indicate that health care providers, universities, and other large companies were all targeted. The Department of Health and Human Services also … Continue Reading

President Trump’s Executive Order on Cybersecurity…

On May 11, 2017 – after weeks of anticipation – the White House released an Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.  There could not be better timing with a global cyberattack unleashing ransomware against governments and companies in nearly 100 countries around the globe. This newly released Executive Order … Continue Reading

Will More States Follow New York’s Lead?

As you know if you regularly read this blog, the New York State DFS finally finalized its “first-in-the-nation” cybersecurity rules with an effective date of March 1, 2017. And their reach is quite large: DFS-supervised entities from insurers and banks to mortgage brokers and credit unions (and their third-party service providers) will have to begin … Continue Reading

At Last, the Final DFS Cybersecurity Regulations….

We wanted to keep you informed on the progress of the DFS cybersecurity regulations, as they complete their journey through the approval process. DFS has been working on the regulations since its 2013-2014 studies on cybersecurity risks to financial institutions. As reported in our article, Getting Prepared for the New York Department of Financial Services’ … Continue Reading

SCOTUS Won’t Slime Viacom in Class Action Challenging Tracking Children Online

A class action alleging Viacom illegally obtained and disclosed personally identifiable information from children under the age of thirteen through the Nickelodeon website recently reached the end of line (almost) when the class’ petition for writ of certiorari was denied by the Supreme Court this month. The high court chose not to further define the … Continue Reading

Maureen K. Ohlhausen Appointed as Acting FTC Chairwoman

On January 13, current FTC chairwoman Edith Ramirez announced that she would resign from her position effective February 10, 2017. Ramirez was instrumental in increasing the FTC’s cybersecurity enforcement authority, going after a wide range of data security related private offenders and demonstrating the FTC’s cyber “watchdog” status. Last Wednesday, January 25, President Trump’s administration … Continue Reading

Top 10 for 2017 – Happy Data Privacy Day

In honor of Data Privacy Day, we provide the following “Top 10 for 2017.”  While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2017. 1.  Phishing Attacks and Ransomware – Phishing, as the name implies, is the attempt, usually via email, to obtain sensitive or personal … Continue Reading

FTC Chairwoman Edith Ramirez Steps Down

The Federal Trade Commission (“FTC”) recently announced that FTC chairwoman Edith Ramirez will be stepping down effective February 10, 2017. Ms. Ramirez guided the agency through a period of significant enforcement activity, particularly in the areas of cybersecurity and consumer privacy. President-elect Donald Trump will now have the opportunity to fill three vacancies at the … Continue Reading

FTC Settles Claim of False Representations by Digital Advertising Company

The Federal Trade Commission (“FTC”) has entered into a Consent Order to resolve a complaint brought against a digital advertising company, Turn Inc. Turn provided advertisers with the ability to engage in targeted advertising by tracking consumer’s activities or characteristics to deliver ads tailored to the consumer’s interests.  The FTC alleged that Turn violated federal … Continue Reading

DFS’ Proposed Cybersecurity Regulation Edges Closer to Becoming Final Following Public Hearing

The New York State Assembly Committee on Banks held a public hearing on December 19, 2016, receiving testimony about both the benefits and challenges of a recently proposed regulation to address the growing threat posed by cyber-attacks on banks, insurance companies and most other entities which are regulated by the Department of Financial Services (DFS). The … Continue Reading

Study Finds Companies May Do Too Much For Data Breach Victims

A recent study at the University of Arkansas suggests that organizations should avoid doing too much for individuals affected by a data breach. That is, when organizations provide compensation to breach victims that exceeds the victims’ expectations it could backfire. Those victims may become suspicious, thinking the organization has something to hide, which could have … Continue Reading

EU Top Court Rules IP Addresses Maybe Protected Personal Data

In a decision that could have significant impact for online companies that have European operations, the European Union’s (EU) top court ruled that Internet Protocol addresses (IP addresses) could, under certain circumstances, constitute protected data under EU data protection law (Breyer v. Bundesrepublik Deutschland, E.C.J., No. C-582/14, 10/19/16).  As most of us know, the IP … Continue Reading

HHS Issues Cloud Computing Guidance Which Is Helpful To All Users of Cloud Services

Last week, the Department of Health and Human Services’ Office for Civil Rights (OCR) provided guidance for HIPAA covered entities and business associates that use or want to use cloud computing services involving protected health information (PHI). Covered entities and business associates seeking cloud services often have many concerns regarding HIPAA compliance, and this guidance … Continue Reading

3 Essential Steps For Responding To Ransomware Attacks

Likely because most victims comply with their demands, the incidence of attacks by ransomware hackers has exploded in 2016. Guidance issued by the U.S. Department of Health and Human Services (“HHS”) in July notes that, on average, there have been 4,000 reported ransomware attacks per day thus far in 2016, far exceeding the average of … Continue Reading

Nebraska Amends Data Breach Notification Law

On April 13, 2016, Nebraska’s breach notification statute was amended when Governor Pete Ricketts signed LB835 into law.  The Amendment included a variety of changes, including a regulator notification requirement and broadens the definition of “personal information” in the state data breach notification statute, Neb. Rev. Stat. §87-802 – 87-804. These amendments become effective on … Continue Reading

FCC Chair Proposes New Broadband Rules

One year ago, in March 2015, the Federal Communications Commission (“FCC”) reclassified broadband Internet access service as a common carrier Telecommunications Service subject to regulation under Title II of the Communications Act.  At that time, however, the FCC recognized that the then-current rules were not well suited to broadband privacy.  On March 10, 2016, the … Continue Reading

Internet of Things Bill Introduced

Recognizing the growing number of connected and interconnected devices, a bipartisan group of Senators recently introduced a bill which would convene a working group of Federal stakeholders to provide recommendations to Congress on how to appropriately plan for and encourage the proliferation of the Internet of Things (IoT). The Developing Innovation and Growing the Internet of … Continue Reading

European Commission Unveils EU-U.S. Privacy Shield (Update)

Earlier today, the European Commission (the Commission) issued a draft “adequacy decision” as well as the texts that will constitute the EU-U.S. Privacy Shield (the Privacy Shield). This includes the Privacy Shield Principles companies have to abide by, as well as written commitments by the U.S. Government on the enforcement of the arrangement, including assurance … Continue Reading
LexBlog