Category Archives: Privacy

Subscribe to Privacy RSS Feed

EU and Japan Strike Tentative Data Transfer Deal

Shanna PearceLiisa ThomasBy Shanna Pearce and Liisa Thomas on Posted in EU Privacy, Privacy Shield
The EU and Japan have reached a “reciprocal adequacy” agreement to allow data to flow more easily between them. As part of a larger bilateral trade deal which included commitments by both parties to reduce tariffs, Japan also agreed to enact additional safeguards to comply with new EU data protection standards. Those additional safeguards include … Continue Reading

DOJ Report Suggests Direction For Addressing Cyber Threats

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Data Security, Government Privacy
As many of you have no doubt seen, the Justice Department recently released the report of the Attorney General’s Cyber Digital Task Force, a body the Attorney General had created in February. In the report, the Task Force, chaired by Deputy Attorney General Rod Rosenstein, seeks to answer the question: “How is the Department responding … Continue Reading

The California Privacy Law Is Coming: What Should Your Company Do Now?

Liisa ThomasCraig CardonBrian AndersonRachel Tarko HudsonShanna PearceBy Liisa Thomas, Craig Cardon, Brian Anderson, Rachel Tarko Hudson and Shanna Pearce on Posted in Consumer Privacy
As has been widely reported, California’s new privacy regime is set to come into effect on January 1, 2020. The law constitutes an expansion beyond California’s existing privacy laws, in particular California’s existing Shine the Light Law and the California Online Privacy Protection Act. Various provisions of the new law will apply to businesses with … Continue Reading

FTC Pursuing, and Getting More Specific, About Privacy Post-LabMD Finding

Matthew TuretzkyJonathan E. MeyerLiisa ThomasBy Matthew Turetzky, Jonathan E. Meyer and Liisa Thomas on Posted in Consumer Privacy, FTC
The Eleventh Circuit recently issued a long awaited ruling in the LabMD case. In that case, the FTC had gone after a cancer detection facility that suffered a data breach.  The agency criticized the company for lax data security and in July 2016 issued a broad order against the company requiring changes to the company’s … Continue Reading

FTC Provides Insight into COPPA Deletion Requirements

Shanna PearceBy Shanna Pearce on Posted in Children's Privacy, Consumer Privacy, FTC, Online Privacy
The Federal Trade Commission recently posted a blog entry reminding companies about the deletion requirements under the Children’s Online Privacy Protection Act. Namely, that companies under the Act must give parents the right to review and delete their children’s information. In addition COPPA also requires companies to delete children’s personal information when the information is … Continue Reading

FTC Signals that It Will Enforce Statements of GDPR Compliance

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Consumer Privacy, EU Privacy, FTC, GDPR
Just as companies may be catching their breath after sprinting to get ready for GDPR in time for its recent implementation date, the FTC has now entered the enforcement fray. It has stated that, where companies are choosing to apply GDPR protections to American consumers, the FTC may enforce any failures to abide by those commitments. … Continue Reading

FTC Outlines Expected Privacy Program Elements in BLU Settlement

Liisa ThomasPavel SternbergBy Liisa Thomas and Pavel Sternberg on Posted in Consumer Privacy, Data Security, FTC, Mobile Privacy
The FTC recently settled with the mobile phone company BLU Products, Inc., over allegations that the company was letting one of its vendors pull extensive and detailed personal information off of users’ phones. According to the FTC, BLU phones were pre-loaded with firmware updating tools made by ADUPS Technology. ADUPS, through its software, was then … Continue Reading

DoC Comments on Privacy Shield In Advance of GDPR

Liisa ThomasMatthew TuretzkyBy Liisa Thomas and Matthew Turetzky on Posted in Consumer Privacy, GDPR, Online Privacy, Privacy Shield
The Department of Commerce issued an update to explain how it has supported the E.U.-U.S. and Swiss-U.S. Privacy Shield frameworks. As we have written previously, the Shield gives E.U. companies a basis under which it can send personal data to entities in the U.S. The comments from Commerce come after the Europeans raised concerns about the … Continue Reading

DHS Releases New Cybersecurity Strategy

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Cybersecurity, Privacy Regulation
On May 15, the Department of Homeland Security released its long-awaited Cybersecurity Strategy. The Strategy aims to reduce cybersecurity risk through “an innovative approach that fully leverages our collective capabilities across the Department and the entire cybersecurity community.” It sets a course of cybersecurity policy for the Department for the next five years and signals … Continue Reading

FTC Expresses Concerns Over Mobile Security Updates

Liisa ThomasAlyssa ShauerBy Liisa Thomas and Alyssa Shauer on Posted in Consumer Privacy, FTC
In its recent report (Mobile Security Updates: Understanding the Issues), the FTC expressed concerns with the process for keeping mobile devices updated and secure. Of particular concern for the FTC were inconsistencies in the length of time that support is offered for mobile devices, the frequency of updates and the perceived lapse of time between … Continue Reading

NJ AG Settles with Chinese Firm Over COPPA Violations, FTC Sends Warning Letters

Liisa ThomasBy Liisa Thomas on Posted in Children's Privacy, COPPA, Online Privacy
The NJ attorney general recently announced that it settled with a Chinese entity over violations of COPPA. The company promotes itself as a “virtual beauty counter,” and makes a variety of apps that let consumers virtually try on makeup. These apps include facial recognition technology, as well as photo-editing tools that allow users to customize … Continue Reading

Dawn of the New FTC

Jonathan E. MeyerBy Jonathan E. Meyer on Posted in Consumer Privacy, FTC, Online Privacy
On April 26, the Senate voted to confirm nominees to all five Commissioner slots on the Federal Trade Commission. It was the first time the entire FTC has been confirmed at once since its founding in 1914. The new roster of Commissioners raises new questions about the role the FTC will play in cybersecurity and … Continue Reading

Biometric Breakdown Part IV – Protecting

Liisa ThomasShanna PearceBy Liisa Thomas and Shanna Pearce on Posted in Biometrics, Consumer Privacy, Employee Privacy
In continuing our series on biometrics, we conclude with an analysis of protection requirements and risks. Illinois, Texas, and Washington—the three states which have thus far implemented specific biometric privacy laws—each require companies to reasonably protect biometric data in their possession. Illinois and Texas have further specified that the data must be protected to the … Continue Reading

Biometric Breakdown Part III – Sharing

Shanna PearceLiisa ThomasBy Shanna Pearce and Liisa Thomas on Posted in Biometrics, Consumer Privacy, Employee Privacy
We’ve looked in our series to what companies should do when collecting biometric information, and now we turn to issues around sharing biometric information. The three states which have thus far enacted specific biometric privacy legislation—Illinois, Texas, and Washington—each place restrictions upon the sharing of biometric information. Illinois has imposed a blanket prohibition upon the … Continue Reading

Biometric Breakdown Part II – Collection

Liisa ThomasShanna PearceBy Liisa Thomas and Shanna Pearce on Posted in Biometrics, Consumer Privacy, Employee Privacy
Continuing our series, we look today at what a company should think about when collecting biometric data. Three U.S. states—Illinois, Texas, and Washington—have laws on-point. The Illinois statute is the most specific requiring written notice disclosing the purpose of collection and the length of time biometric information will be stored. It also requires companies to … Continue Reading

Biometric Breakdown – Part I

Shanna PearceLiisa ThomasBy Shanna Pearce and Liisa Thomas on Posted in Biometrics, Consumer Privacy
Technologies which use permanent physical characteristics for identification are increasingly popular. These “biometric” identifiers offer clear advantages over traditional passwords and keys: they can’t be lost or forgotten, and they are much more difficult to steal. No longer only the stuff of spy thrillers and science fiction, fingerprint and facial geometry scans are now commonly … Continue Reading

And Then There Was None: Alabama Becomes 50th State With Breach Notice Law

Amber ThomsonLiisa ThomasBy Amber Thomson and Liisa Thomas on Posted in Data Breach, Data Security, Privacy
Alabama is the final US state to enact data breach notification legislation. The new law takes effect on June 1, 2018 and applies to electronic “sensitive” data. This includes full Social Security and government-issued identification numbers, account and payment card numbers (in combination with security or access codes or PIN numbers), health information, and a … Continue Reading

Federal Court Curbs FCC Robocall Restrictions

Shanna PearceLiisa ThomasBy Shanna Pearce and Liisa Thomas on Posted in Consumer Privacy, Telecommunications Privacy
The Court of Appeals for the District of Columbia Circuit recently set aside two key provisions of the Federal Communication Commission’s Declaratory Ruling and Order issued in 2015. Namely, the FCC’s definition of autodialing equipment covered by the TCPA and its approach to reassigned telephone numbers. The ruling has been seen as a major victory … Continue Reading

Privacy, Data Security, and Your Board: Day Five

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy
In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will … Continue Reading

Privacy, Data Security, and Your Board: Day Four

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Consumer Privacy, Data Breach, Employee Privacy, Privacy
In our fourth installment of privacy, data (cyber) security, and your board, we look at crisis management and data breach issues. As part of providing appropriate duty of care and oversight, board members will want to ensure that the company has an incident response plan in place. They should review and understand the plan. They … Continue Reading

Privacy, Data Security, and Your Board: Day Three

Kari RollinsLiisa ThomasBy Kari Rollins and Liisa Thomas on Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Employee Privacy, Privacy
In our ongoing conversation about privacy, data security and your board, we turn next to cyber insurance and vendor management. Boards, when executing their duty of care, should keep in mind that while there may be some coverage for data incidents under a company’s CGL and D&O policies, there may be significant gaps in coverage … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree