Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Monthly Archives: July 2011

Feinstein Introduces Breach Notice Bill; Senate Committee May Consider Breach Notice Proposals Shortly

Posted in Congress, Data Breaches, Data Security, Federal Trade Commission, United States

For the fifth consecutive session of Congress, Sen. Dianne Feinstein (D-CA) has introduced legislation that would establish a federal data breach notification standard.  Sen. Feinstein’s legislation — the Data Breach Notification Act of 2011 (S. 1408) — is one of a number of breach notice proposals circulating on Capitol Hill that would preempt state breach… Continue Reading

CFTC Issues Final Rule Extending Financial Privacy Requirements to Swap Dealers and Major Swap Participants

Posted in Financial Institutions, Financial Privacy, United States

The Commodity Futures Trading Commission (“CFTC”) recently approved a final rule broadening the scope of the CFTC’s financial privacy regulations under the Gramm-Leach-Bliley Act (“GLBA”) to include “swap dealers” and “major swap participants,” two types of entities created by and subject to regulation under Dodd-Frank.  GLBA requires financial institutions to, among other requirements, establish safeguards… Continue Reading

FTC, Commerce Department Reiterate Support for Industry Codes of Conduct

Posted in Department of Commerce, Federal Trade Commission

Jon Leibowitz, chairman of the Federal Trade Commission, and Cameron Kerry, general counsel of the Department of Commerce, spoke today about the need for industry codes of conduct to address emerging privacy issues.  They were the featured speakers at an event held by the Brookings Institution on strategies to protect consumer privacy while ensuring continued… Continue Reading

CFPB Opens for Business

Posted in Financial Institutions, Financial Privacy, United States

Today, the Consumer Financial Protection Bureau (“CFPB”) assumed certain powers and authorities set forth in Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act.  The CFPB is tasked with implementing and enforcing Federal consumer financial laws to ensure that consumers have access to markets for consumer financial products and services, and that… Continue Reading

House Subcommittee Approves Bono Mack Breach Notification Legislation

Posted in Congress, Data Breaches, Data Security, United States

By David Fagan and Libbie Canter Yesterday, the House Subcommittee on Commerce, Manufacturing, and Trade voted to report the Secure and Fortify Electronic Data Act (H.R. 2577) — the SAFE Data Act — to the full House Energy & Commerce Committee, moving the legislation one step closer to passage. The legislation creates a national breach… Continue Reading

Commission Launches Enforcement Proceedings Against 20 Member States on “Cookie” Rules

Posted in Data Breaches, European Union, International, United Kingdom

On July 19, 2011, the European Commission announced that it sent formal requests for further information to 20 Member States regarding their failure to implement the EU’s new package of telecoms rules.  The rules, which include amendments to the E-Privacy Directive to create new consent requirements for the use of most web cookies, were required to… Continue Reading

Connecticut Latest State to Prohibit Employers from Using Credit Reports in Employment Decisions

Posted in Financial Privacy, United States

On July 13, 2011, Connecticut adopted a law prohibiting certain employers from using employees’ or prospective employees’ credit report information in making employment or hiring decisions.  Hawaii, Illinois, Oregon, Washington, and Maryland also have statutes that prohibit employers’ use of credit report information for employment purposes.  Other states currently considering similar legislation include California, New… Continue Reading

FFIEC Releases Supplement to Authentication Guidance

Posted in Data Security, Financial Institutions, United States

The Federal Financial Institutions Examination Council (FFIEC) released the long-awaited supplement to its authentication guidance, Authentication in an Internet Banking Environment.  The supplement represents the most current and authoritative guidance regarding data security in connection with online banking platforms.  Here are a few highlights of the supplement: Financial institutions should perform periodic risk assessments that… Continue Reading

Preliminary Results Reported From Stanford “Tracking the Trackers” Study

Posted in Advertising & Marketing, Federal Trade Commission, Online

This week, Stanford Security Lab reported preliminary results from a platform it has been developing, a chief application of which is to detect various forms of third-party tracking in an automated manner.  According to researcher Jonathan Mayer’s release, which emphasizes that these are “preliminary findings from experimental software,” Stanford’s system has detected that over half… Continue Reading

Two House Energy & Commerce Subcommittees Hold Hearing on Internet Privacy

Posted in Children's Privacy, Congress, Data Security, Federal Communications Commission, Federal Trade Commission, Social Media, United States

By Katie Keith Yesterday, two Subcommittees of the House Energy and Commerce Committee (Commerce, Manufacturing and Trade and Communications and Technology) held a joint hearing entitled “Internet Privacy:  The Views of the FTC, the FCC, and NTIA” that featured testimony from FCC Chairman Julius Genachowski, FTC Commissioner Edith Ramirez, and NTIA Assistant Secretary Lawrence Strickling. … Continue Reading

Hong Kong Moves Closer to New Privacy Amendment

Posted in China, International, Marketing

On July 13, the Personal Data (Amendment) Bill 2011 was introduced to Hong Kong’s Legislative Council for final approval.  The Bill, which is designed to implement the recommendations of a April 2011 government report on privacy reform, aims to address a spate of recent concerns about the prevalence of direct marketing-related data sales and transfers… Continue Reading

Working Party 29 Releases New Opinion on the Meaning of “Consent”

Posted in European Union

w consents can be given over Bluetooth advertising boards; consents for employee pictures to be posted to company intranets;  consents regarding electronic health records and full body security scanners; and consents given during the use of an online social network; among others. Written partly in response to a Commission request, the Opinion will no doubt… Continue Reading

Key Holdings in Google Street View Litigation: WiFi Not “Readily Accessible to the General Public” and ECPA Preempts State Wiretap Laws

Posted in Litigation, United States

The Northern District of California issued two key rulings last week in denying in part a motion to dismiss in In re Google Inc. Street View Electronic Communications Litigation, a consolidated action arising out of Google’s acknowledged interception of “payload data,” including emails, usernames, password, and other private data, from unencrypted home wireless networks using… Continue Reading

House Energy & Commerce Committee To Hold Internet Privacy Hearing On Thursday

Posted in Congress, Federal Communications Commission, Federal Trade Commission, United States

On Thursday, July 14, 2011 two Subcommittees of the House Energy and Commerce Committee (Commerce, Manufacturing, and Trade and Communications and Technology) will hold a joint hearing entitled “Internet Privacy:  The Views of the FTC, the FCC, and NTIA.“  The hearing, which is the first in a series of anticipated dialogues aimed at examining how… Continue Reading

Industry Develops New Notice and Consumer Outreach Initiatives

Posted in Advertising & Marketing, Congress

As Congress continues to consider the need for privacy legislation, a number of organizations are working on new ways to better inform consumers about how data is collected, used, and shared online.  A roundup of recent developments: Game developer Zynga has introduced an interactive tutorial called PrivacyVille.  Players who follow along and learn about the… Continue Reading

Courts Address Locational Privacy Issues

Posted in Litigation

As we previously noted here and here, locational privacy continues to be an area of ongoing interest.  Yesterday, a New Jersey appeals court ruled that a husband’s privacy rights were not invaded when his wife put a GPS tracking device in his car.  In Villanova v. Innovative Investigations, Inc., A-0654-10T2 (N.J. Sup. Ct. App. Div…. Continue Reading

Peruvian President Signs Privacy Law

Posted in International

On July 2, 2011 Peruvian President Alan Garcia signed into law the country’s Personal Data Protection Law (Ley de Protección de Datos Personales, Proyecto de Ley, available here), making Peru the latest Latin American country to adopt European-style privacy legislation. Peru is expected to develop implementing regulations to the new law in the coming months…. Continue Reading

Qatar Seeks Views on Draft Privacy Law

Posted in International

Qatar has published a first version of its new Personal Information Privacy Protection Law. This is a groundbreaking development as, should the law be enacted, it will make Qatar the only country in the Middle East to have nationally-applicable data protection legislation. The draft legislation applies to operators in the private and public sectors and… Continue Reading

European Parliament Approves Report on Privacy Reform

Posted in European Union

The European Parliament approved the report of rapporteur Axel Voss yesterday.  Titled “Personal data protection in the European Union”, the report endorsed the Commission’s aim of reforming the Data Protection Directive (95/46/EC) and suggested specific directions for the upcoming reform.  Among other positions explored by the report, the European Parliament: Repeated calls for more regulation… Continue Reading

UK ICO Calls for More Privacy Audits

Posted in United Kingdom

The U.K. Information Commissioner’s Office (ICO) issued a press release yesterday calling on companies to undergo more data protection audits.  (Currently, only some public sector entities in the UK can be made to undergo audits — the ICO can effectively only request to audit a private sector company).  The ICO issued the “warning” after releasing… Continue Reading

Senator Franken Focuses on Privacy of Geolocation Data

Posted in Congress, Mobile, United States

Among the numerous federal privacy and data security bills that have been introduced in Congress over the last four months, Senator Franken’s “Location Privacy Protection Act” (S. 1223) focuses specifically on the collection of geolocation data by covered entities through mobile devices.  The bill would prohibit entities that offer or provide services to certain mobile devices from collecting and… Continue Reading

House Energy & Commerce Committee Members Launching Review of Privacy Issues

Posted in Congress, Department of Commerce, Federal Communications Commission, Federal Trade Commission, United States

As we previously discussed, the House Energy & Commerce Committee announced last month that it would be undertaking a comprehensive review of electronic privacy concerns.  That process will kick off on July 14, 2011 with a joint hearing by the Commerce, Manufacturing, and Trade Subcommittee and the Communications and Technology Subcommittee.  Regulators from the Federal… Continue Reading

Supreme Court Reaffirms Application of First Amendment to Children

Posted in Advertising & Marketing, Children's Privacy, Mobile, Online, United States

Last week, the Supreme Court issued its much anticipated decision in the Brown v. Entertainment Merchant’s Association case.  Justice Scalia, writing for Justices Kennedy, Ginsburg, Sotomayor, and Kagan, held that a California law restricting the sale or rental of violent video games to minors, and mandating “18” labels for such games, violates the First Amendment. The decision is not… Continue Reading