Category Archives: Consumer Protection

Subscribe to Consumer Protection RSS Feed

Assessing GDPR Guidelines Part II: Data Impact Assessments

Following up on yesterday’s blog about profiling and automated decision making, we now look at guidance on data protection impact assessment (DPIA). The same guidance we discussed also directs companies to conduct a DPIA where profiling or automated decision making results in the “systematic and extensive evaluation” of an individual and decisions are made based … Continue Reading

Assessing GDPR Guidelines Part I: Profiling and Automated Decision Making

The Article 29 Data Protection Working Party recently issued guidelines on how to handle profiling and automated decision making under the General Data Protection Regulation. Under GDPR, “profiling” means the automated collection of personal information in order to evaluate personal aspects about an individual. For example, companies may use profiling to predict individuals’ spending habits, targeting … Continue Reading

Lessons Learned from Cyber Awareness Month – Part Two

Following up on our last post about Cyber Awareness, we now focus on cybersecurity in the workplace. All organizations – large and small, for-profit and non-profit – need to be vigilant about cybersecurity. According to one analysis, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017, or … Continue Reading

CFPB Provides Guidance on Consumer Data Protection

The Consumer Financial Protection Bureau (CFPB) recently released a set of Consumer Protection Principles aimed at the Fintech field. The Principles describe obligations when sharing or aggregating consumer financial information. The CFPB regulates and enforces consumer financial laws, and issued this release as part of its review of the Fintech industry. These Principles follow a … Continue Reading

BIPA Fingerprint Suits Continue

Employees in Illinois are continuing to file class action complaints against their employers. Bob Evans Restaurants and Suparossa Restaurant Group are two of the latest to be accused of violating the Illinois’ Biometric Information Privacy Act. Both companies’ employees took issue with their employers’ use of their fingerprints and other biometric information in time-clock and … Continue Reading

Global Body Issues Guidance for Autonomous and Connected Vehicles

The International Conference of Data Protection and Privacy Commissioners, a collection of data and privacy regulators from around the world, recently issued non-binding guidance concerning the privacy rights of autonomous and connected vehicle users. The guidance calls on manufacturers and service providers to “fully respect the users’ rights to the protection of their personal data and … Continue Reading

FTC Gives COPPA Guidance on Voice Recordings

The FTC announced that it has given guidance on when the Children’s Online Privacy Protection Act (COPPA) requires collection of parental consent before collecting voice recordings online from children under 13. The issue arose because, as the FTC noted, voice is beginning to be a “replacement for written words,” especially when conducting searches or instructing … Continue Reading

WannaCry Ransomware Alert

This is not a drill. Companies and law enforcement agencies around the world have been left scrambling after the world’s most prolific ransomware attack hit over 500,000 computers in 150 countries over a span of only 4 days. The ransomware – called WannaCry, WCry, WannaCrypt, or WannaDecryptor – infects vulnerable computers and encrypts all of … Continue Reading

Barbarians at the Gate: Seventh Circuit Finds Article III Standing for Data Breach Class Actions

As a result of the Supreme Court’s decision in Clapper v. Amnesty Int’l USA, 133 S. Ct. 1138, 1147 (2013), data breach class actions were largely considered dead in the water.  The overwhelming majority of courts, relying heavily on Clapper, dismiss data breach actions for the simple reason that until a consumer suffers actual identity … Continue Reading

Russian Parliament Moving To Advance Commencement Date On Data Protection And Information Legislation

In July 2014, the Russian President signed data protection and information legislation that requires all “data operators” who are processing personal data of Russian citizens, including over the Internet, to do so from servers/databases within Russia.  While the original law provided for a September 1, 2016 commencement date, new legislation is moving through the Russian … Continue Reading

California To Expand Its Data Breach Notification Rules

California has broadened its data breach notification statutes in response to the increasing number of large data breaches of customer information.  AB 1710, which Governor Jerry Brown signed into law, amends California’s Data Breach Notification Law to (1) ban the sale, advertising for sale or offering for sale of social security numbers, (2) extend the … Continue Reading

The Federal Trade Commission’s Proposed Framework For Consumer Privacy Protection – The Basics

The preliminary Staff Report issued by the FTC earlier this month is the most aggressive effort by the FTC to date on the issue of online and mobile privacy generally. The preliminary Staff Report proposes a “do not track” mechanism along with an overall online privacy framework that would rigidly regulate how information is collected … Continue Reading
LexBlog