Category Archives: Privacy

Subscribe to Privacy RSS Feed

DoC Comments on Privacy Shield In Advance of GDPR

Liisa ThomasMatthew TuretzkyBy Liisa Thomas and Matthew Turetzky on Posted in Consumer Privacy, GDPR, Online Privacy, Privacy Shield
The Department of Commerce issued an update to explain how it has supported the E.U.-U.S. and Swiss-U.S. Privacy Shield frameworks. As we have written previously, the Shield gives E.U. companies a basis under which it can send personal data to entities in the U.S. The comments from Commerce come after the Europeans raised concerns about the … Continue Reading

DHS Releases New Cybersecurity Strategy

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Privacy Regulation
On May 15, the Department of Homeland Security released its long-awaited Cybersecurity Strategy. The Strategy aims to reduce cybersecurity risk through “an innovative approach that fully leverages our collective capabilities across the Department and the entire cybersecurity community.” It sets a course of cybersecurity policy for the Department for the next five years and signals … Continue Reading

FTC Expresses Concerns Over Mobile Security Updates

Liisa ThomasAlyssa ShauerBy Liisa Thomas and Alyssa Shauer on Posted in Consumer Privacy, FTC
In its recent report (Mobile Security Updates: Understanding the Issues), the FTC expressed concerns with the process for keeping mobile devices updated and secure. Of particular concern for the FTC were inconsistencies in the length of time that support is offered for mobile devices, the frequency of updates and the perceived lapse of time between … Continue Reading

NJ AG Settles with Chinese Firm Over COPPA Violations, FTC Sends Warning Letters

Liisa ThomasBy Liisa Thomas on Posted in Children's Privacy, COPPA, Online Privacy
The NJ attorney general recently announced that it settled with a Chinese entity over violations of COPPA. The company promotes itself as a “virtual beauty counter,” and makes a variety of apps that let consumers virtually try on makeup. These apps include facial recognition technology, as well as photo-editing tools that allow users to customize … Continue Reading

Dawn of the New FTC

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Consumer Privacy, FTC, Online Privacy
On April 26, the Senate voted to confirm nominees to all five Commissioner slots on the Federal Trade Commission. It was the first time the entire FTC has been confirmed at once since its founding in 1914. The new roster of Commissioners raises new questions about the role the FTC will play in cybersecurity and … Continue Reading

Biometric Breakdown Part IV – Protecting

Liisa ThomasShanna PearceBy Liisa Thomas and Shanna Pearce on Posted in Biometrics, Consumer Privacy, Employee Privacy
In continuing our series on biometrics, we conclude with an analysis of protection requirements and risks. Illinois, Texas, and Washington—the three states which have thus far implemented specific biometric privacy laws—each require companies to reasonably protect biometric data in their possession. Illinois and Texas have further specified that the data must be protected to the … Continue Reading

Biometric Breakdown Part III – Sharing

Shanna PearceLiisa ThomasBy Shanna Pearce and Liisa Thomas on Posted in Biometrics, Consumer Privacy, Employee Privacy
We’ve looked in our series to what companies should do when collecting biometric information, and now we turn to issues around sharing biometric information. The three states which have thus far enacted specific biometric privacy legislation—Illinois, Texas, and Washington—each place restrictions upon the sharing of biometric information. Illinois has imposed a blanket prohibition upon the … Continue Reading

Biometric Breakdown Part II – Collection

Liisa ThomasShanna PearceBy Liisa Thomas and Shanna Pearce on Posted in Biometrics, Consumer Privacy, Employee Privacy
Continuing our series, we look today at what a company should think about when collecting biometric data. Three U.S. states—Illinois, Texas, and Washington—have laws on-point. The Illinois statute is the most specific requiring written notice disclosing the purpose of collection and the length of time biometric information will be stored. It also requires companies to … Continue Reading

Biometric Breakdown – Part I

Shanna PearceLiisa ThomasBy Shanna Pearce and Liisa Thomas on Posted in Biometrics, Consumer Privacy
Technologies which use permanent physical characteristics for identification are increasingly popular. These “biometric” identifiers offer clear advantages over traditional passwords and keys: they can’t be lost or forgotten, and they are much more difficult to steal. No longer only the stuff of spy thrillers and science fiction, fingerprint and facial geometry scans are now commonly … Continue Reading

And Then There Was None: Alabama Becomes 50th State With Breach Notice Law

Amber ThomsonLiisa ThomasBy Amber Thomson and Liisa Thomas on Posted in Data Breach, Data Security, Privacy
Alabama is the final US state to enact data breach notification legislation. The new law takes effect on June 1, 2018 and applies to electronic “sensitive” data. This includes full Social Security and government-issued identification numbers, account and payment card numbers (in combination with security or access codes or PIN numbers), health information, and a … Continue Reading

Federal Court Curbs FCC Robocall Restrictions

Shanna PearceLiisa ThomasBy Shanna Pearce and Liisa Thomas on Posted in Consumer Privacy, Telecommunications Privacy
The Court of Appeals for the District of Columbia Circuit recently set aside two key provisions of the Federal Communication Commission’s Declaratory Ruling and Order issued in 2015. Namely, the FCC’s definition of autodialing equipment covered by the TCPA and its approach to reassigned telephone numbers. The ruling has been seen as a major victory … Continue Reading

Privacy, Data Security, and Your Board: Day Five

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy
In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will … Continue Reading

Privacy, Data Security, and Your Board: Day Four

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Consumer Privacy, Data Breach, Employee Privacy, Privacy
In our fourth installment of privacy, data (cyber) security, and your board, we look at crisis management and data breach issues. As part of providing appropriate duty of care and oversight, board members will want to ensure that the company has an incident response plan in place. They should review and understand the plan. They … Continue Reading

Privacy, Data Security, and Your Board: Day Three

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy
In our ongoing conversation about privacy, data security and your board, we turn next to cyber insurance and vendor management. Boards, when executing their duty of care, should keep in mind that while there may be some coverage for data incidents under a company’s CGL and D&O policies, there may be significant gaps in coverage … Continue Reading

Privacy, Data Security, and Your Board: Day Two

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Cybersecurity, Data Security, Employee Privacy, Privacy
In our continuing series about privacy, data security and your board, we next turn to how to best educate a board. Yesterday we mentioned about how board members have a duty of care. Part of that duty includes effectively overseeing matters relating to privacy and data security (or the often-used buzzword “cybersecurity”). How can board … Continue Reading

Justice Department Creates Cyber-Digital Task Force

Jonathan E. MeyerTownsend BourneBy Jonathan E. Meyer and Townsend Bourne on Posted in Cybersecurity, Data Security, Government Privacy
On February 20, the Department of Justice announced that Attorney General Sessions had created a new, cross-departmental Cyber-Digital Task Force. He directed the Task Force to advise him on the most effective ways for DOJ to confront cyber threats and keep Americans safe. Specifically, the Task Force is charged with canvassing the work the Department … Continue Reading

Connected Toys, COPPA, and What’s Next

Shanna PearceBy Shanna Pearce on Posted in Children's Privacy, Internet of Things, Online Privacy
The settlement between VTech Electronics Ltd. and the FTC in the first Internet-connected toys COPPA case is a reminder for companies looking to enter the connected toys space not to forget this child-focused law. The FTC complaint alleged that VTech violated the Children’s Online Privacy Protection Act and the FTC’s COPPA Rule because it collected … Continue Reading

Car Dealer’s Attempt to Crash Data Privacy Class Action Sputters Out

David PoellBy David Poell on Posted in Consumer Privacy, Privacy
A Texas court recently affirmed the vitality of potential nationwide class actions brought under the federal Driver’s Privacy Protection Act (“DPPA”), in a case brought by an individual whose personal information had allegedly been obtained illegally from the Texas DMV database. The case was filed by a local individual, Arthur Lopez, who complained of getting … Continue Reading

How to Prepare Interest-Based Video Ads for the April 1 Deadline

Liisa ThomasBy Liisa Thomas on Posted in Behavioral Advertising, Consumer Privacy, Online Privacy
The Better Business Bureau’s Online Interest Based Advertising Accountability Program announced that that it will require interest-based video ads to provide notice and choice to viewers as of April 1, 2018, as we reported in our Advertising blog, in compliance with the Digital Advertising Alliance’s self-regulatory principles for interest-based advertising. As providers of interest-based video … Continue Reading

2018: The Year of the FTC and Informational Injuries?

Liisa ThomasSnehal DesaiBy Liisa Thomas and Snehal Desai on Posted in Consumer Privacy, Data Security, Privacy
What constitutes actionable consumer injuries post-breach or data misuse is a hotly contested topic. As we reported in our Advertising blog late last year the FTC hosted a workshop on December 12th to look at the issue. A large focus during the workshop was what constitutes harm to consumers. While there is a school of thought that … Continue Reading

The Encryption Battle Will Continue in 2018

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Data Security, Privacy, Privacy and Data Security
While they may disagree in other areas, one thing that former FBI Director James Comey, current Deputy Attorney General Rod Rosenstein, and current FBI Director Christopher Wray all have in common is their distaste for strong encryption that prevents the government from accessing information. In 2016, Comey and the Justice Department went to court to … Continue Reading

As GDPR Looms, Australia to Participate in APEC’s CBPR Program

Liisa ThomasBy Liisa Thomas on Posted in Cross-Border Data Transfers, GDPR, International Privacy
Late last year, Australia’s Attorney General confirmed that Australia planned to participate in APEC’s Cross Border Privacy Rules (CBPR) system. The CBPR system was intended to help companies that want to transfer personal data across the borders of participating countries. Currently there are five participating countries: Canada, Japan, South Korea, Mexico, and the US. This … Continue Reading

2018 Likely a Year of Rising Government Standards for Securing Information

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Data Security, Government Privacy
For companies that do business with the government, 2017 was a year of transition, as many began to follow the NIST Cybersecurity Framework, worked to accomplish Federal Risk and Authorization Management Program (FedRAMP) certification, or rushed to rid their systems of products from Kaspersky Lab. Perhaps most significant was the rush of Pentagon contractors to come … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree