Russian Parliament Moving To Advance Commencement Date On Data Protection And Information Legislation

In July 2014, the Russian President signed data protection and information legislation that requires all “data operators” who are processing personal data of Russian citizens, including over the Internet, to do so from servers/databases within Russia.  While the original law provided for a September 1, 2016 commencement date, new legislation is moving through the Russian Parliament that would advance the commencement date to January 1, 2015.  This law should significantly impact the collection, processing and storage of personal data of Russian citizens.

This issue was recently reported on by our friends at Bird & Bird.  Click this link to read the Bird & Bird alert.

California To Expand Its Data Breach Notification Rules

California has broadened its data breach notification statutes in response to the increasing number of large data breaches of customer information.  AB 1710, which Governor Jerry Brown signed into law, amends California’s Data Breach Notification Law to (1) ban the sale, advertising for sale or offering for sale of social security numbers, (2) extend the existing data-security law and obligations applicable to entities that own or license customer information to entities that “maintain” the information, and (3) require that if the person or business providing notification of a breach under the statute was the source of the breach then the notice must include an offer to provide appropriate identity theft prevention and mitigation services, if any, at no cost for 12 months along with any information necessary to take advantage of the offer.  The last of these amendments has spurned some debate over whether the statute actually mandates an offer of credit monitoring or other services given its use of the phrase “if any.”  It is also unclear what exactly is intended by or who qualifies as “the source of the breach.”

Continue Reading

Trending Information: The Connection Between Data Brokers and the Fashion Industry

Consumers frequently reveal personal information about themselves through a variety of daily online and offline activities.  For fashion designers and retailers, this consumer information represents a valuable tool to identify, target, and expand customer advertising and messaging.  This information can be utilized by employing a data broker, or a company who aggregates consumer information and do provide information about the relevant consumer marketplace.  Data brokers collect, maintain, manipulate, and share a significant amount of data about consumers without ever directly interacting with them.  While data brokers afford a major advantage for retailers, including fashion companies, they also raise privacy concerns for the consumers that data brokers profile.  The Federal Trade Commission (“FTC”) recently issued a report summarizing the results of its study on the activities of nine data brokers, and recommended that Congress consider enacting legislation to make data broker practices more transparent or to give consumers greater control over the personal information that is collected about them and shared by data brokers.[1]  This post summarizes the portions of the FTC’s report that are most relevant for fashion retailers and designers.

Continue Reading

International Safe Harbor Privacy Compliance: What You Need to Know

Since early 2014, the Federal Trade Commission has charged at least fourteen U.S. businesses in varying industries, from fashion to telecommunications, for falsely claiming to participate in the US – EU Safe Harbor privacy. Three of the companies were also charged with similar violations of the US – Swiss Safe Harbor. The Safe Harbor provisions were designed to provide U.S. and European organizations a legal, cost-effective means for transmitting consumer data outside of European countries, which maintain strict data privacy laws. On June 25, 2014, the FTC reported approval of final orders settling charges of US – EU Safe Harbor violations against the fourteen entities.

Continue Reading

Call Me Maybe?: The New TCPA Position Announced by The Federal Communications Commission in Nigro v. Mercantile Adjustment Bureau

As federal courts continue to grapple with the explosion of litigation brought by plaintiffs under the Telephone Consumer Protection Act (“TCPA”), the Federal Communications Commission (“FCC”) is increasingly being called upon to address complex questions arising from the application of this analog statute to the digital world.  The latest example is a brief amicus curiae filed by the FCC in Nigro v. Mercantile Adjustment Bureau, LLC.  In that case, Albert Nigro contacted a power company in New York to discontinue the service of his recently deceased mother-in-law and provided the company with his cell phone number in doing so.  Thereafter, a debt collector (acting on behalf of the power company) called Nigro 72 times over a nine month period to collect on a $67 delinquency that remained on his mother-in-law’s account.

Continue Reading

The Eleventh Circuit Interprets Prior Express Consent Under The TCPA

In Osorio v. State Farm Bank, F.S.B., No. 13-10951, 2014 U.S. App. LEXIS 5709 (11th Cir. Mar. 28, 2014), the U.S. Court of Appeals for the Eleventh Circuit has provided some guidance on the parameters of “prior express consent” under the Telephone Consumer Protection Act (“TCPA”).  In particular, the court held: (1) consent can be given on behalf of another person if an agency relationship exists and (2) a party may orally revoke consent.

Continue Reading

Seventh Circuit Affirms Lodestar Method to Determine Attorneys’ Fees in TCPA Class Action Settlement

In Americana Art China Company, Inc. v. Foxfire Printing & Packaging, Inc., 743 F.3d 243 (7th Cir. Feb. 18, 2014), the U.S. Court of Appeals for the Seventh Circuit affirmed the district court’s attorneys’ fees award in a class action settlement arising from the defendant’s faxing of thousands of unsolicited advertisements in violation of the federal Telephone Consumer Protection Act.  In doing so, the Seventh Circuit reaffirmed the district court’s discretionary power to use the lodestar method, rather than the percentage method, to determine an appropriate fee award for class counsel.  The Seventh Circuit held that the lodestar methodology was properly applied and  permissible under the circumstances.

Continue Reading

Third and Seventh Circuit Courts of Appeals Issue TCPA Decisions

The Telephone Consumer Protection Act, 47 U.S.C. § 227, et seq. (“TCPA”), prohibits “robo-calls” to cell phones, text messages and “junk” faxes without prior consent. It imposes statutory penalties from $500 to $1,500 per violation, regardless of any actual damage, and is thus increasingly popular with the plaintiffs’ class action bar. Though passed in 1991, there are relatively few Circuit Court of Appeals decisions regarding the TCPA. In August of 2013, however, both the Third and Seventh Circuits issued TCPA decisions—one involving the revocation of prior express consent and the other involving cy pres awards in TCPA class actions.

Continue Reading

European Cybersecurity Directive One Step Closer

On March 13, 2014, the European Parliament voted to approve the draft Network and Information Security Directive (as known as the Cybersecurity Directive), which contains new rules designed to improve the cybersecurity of the European Union.  In the most recent draft of the Directive, removes the requirement that certain technology service providers (including social networks, search engines, e-commerce platforms and online payment gateways) notify national authorities of data systems breaches.  Only providers who own, operate or provide infrastructure which, if disrupted or destroyed, would have a significant impact on a Member State will be subject to the notification requirements of the Directive.  Now that the current draft of the Directive has been approved by the European Parliament, it will be negotiated with the European Commission and the Council.  Read more about the EU Cybersecurity Directive here.

FTC Examines Predictive Scoring

Growing concern over the use of consumer data to generate scores designed to predict consumer behavior, what some refer to as predictive analytics or alternative scoring products, has caught the attention of the Federal Trade Commission.  Earlier this month, the FTC held a seminar focused on exploring the use and impact of predictive scoring.  While these analytic products have traditionally been used for purposes of marketing, advertising, identify verification and fraud prevention, some consumer advocates are concerned that their increasing use is disparately impacting vulnerable communities through, among other things, what offers and prices to offer products to these consumers.  They urge the FTC to use the Fair Credit Reporting Act to regulate these products, as it has historically done in connection with the sale of credit reports under certain circumstances.  The FTC has express some apprehension over the fact that consumers may not be aware these analytic products are used and have little access to correct or challenge underlying consumer data that may not be correct.  The seminar was one of several steps the FTC is currently taking as it delves more deeply into predictive scoring and the data broker industry.  For more information or to review the transcript or materials presented at the seminar click here.