Updates on Developments in Data Privacy and Cybersecurity
In a report released on September 28, 2011, Verizon concluded that only 21 percent of organizations subject to the payment card industry’s data security standards (PCI-DSS) were fully compliant with PCI-DSS. Verizon’s prior report found that 22 percent of organizations were fully compliant with PCI-DSS. The PCI-DSS consist…
Continue Reading Verizon Report Concludes that Industry’s Compliance with PCI Standards Remains Low
As covered in our earlier blog post, the Dodd-Frank Wall Street Reform and Consumer Protection Act establishes the Office of Financial Research (OFR) to collect and analyze U.S. financial data for financial regulators. The OFR is tasked with, among other responsibilities, supporting the Financial Stability Oversight Council’s oversight of…
Continue Reading The Office of Financial Research and Legal Entity Identifiers
Reps. Lee Terry (R-NE) and Ed Towns (D-NY) have introduced the Mobile Informational Call Act of 2011 (H.R. 3035). H.R. 3035 would amend the Telephone Consumer Protection Act — which is administered and enforced by the Federal Communications Commission but also authorizes private rights of action — to…
Continue Reading Reps. Terry and Lee Introduce TCPA Reform Measure
Earlier this month, the Payment Card Industry Council (“PCI”) unveiled the first set of point-to-point encryption (“P2PE”) standards designed for providers of P2PE hardware-based encryption and decryption solutions. P2PE providers develop for merchants point-of-sale hardware such as payment card readers and electronic cash registers that completely encrypt payment card data…
Continue Reading PCI Point-to-Point Encryption Standards May Simplify Compliance
Today, Senator Charles Schumer (D-NY) sent letters to Federal Trade Commission chairman Jon Liebowitz and OnStar executive director Linda Marshall regarding recent controversial changes to OnStar’s privacy policies. OnStar provides in-vehicle GPS navigation, emergency response, and concierge services for millions of U.S.-manufactured vehicles. In providing these services, OnStar collects data…
Continue Reading Senator Schumer Calls on FTC to Investigate OnStar’s Privacy Practices
Yesterday, the Senate Judiciary Committee approved legislation introduced by Committee Chairman Patrick Leahy (D-VT) (S. 1151) that would require firms to develop comprehensive data security programs and would impose a federal breach notice obligation on firms. The same day, the Committee also approved amended versions of breach notification…
Continue Reading Senate Judiciary Committee Passes Breach Notices Bills
Yesterday, Judge Lucy Koh of the U.S. District Court for the Northern District of California granted defendants’ motions to dismiss the consolidated, amended complaint in In re iPhone Application Litigation for lack of Article III standing, with leave to amend. In finding lack of standing, the Court stated that plaintiffs’ allegations were “clearly insufficient” as plaintiffs did not allege “injury in fact to themselves” and “did not identify a concrete harm from the alleged collection and tracking of their personal information sufficient to create injury in fact.” Further, the Court found that the plaintiffs had failed to allege any injury fairly traceable to Apple or any of the Mobile Industry Defendants.
In addition, the Court articulated specific deficiencies with respect to each of the causes of action, in the event plaintiffs choose to file an amended complaint. These shortcomings include the fact that plaintiffs did not allege economic damages sufficient to meet the required threshold to state a civil claim under the Computer Fraud and Abuse Act. The Court also found, as an increasing body of authority has held, that a plaintiff’s “personal information” does not constitute money or property under California’s Unfair Competition Law.Continue Reading In re iPhone Application Litigation Dismissed
The Federal Trade Commission announced this week that it will host a workshop to explore potential privacy and security implications raised by the increasing use of facial recognition technology. The discussion will take place on December 8, 2011 in Washington, DC.
According to the FTC, the workshop, which is free and open to the public, may focus on topics including:Continue Reading FTC To Hold Facial Recognition Technology Workshop
Politico and other news sources are reporting that the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade plans to hold a hearing on the FTC’s proposed revisions to the Children’s Online Privacy Protection Act rule. We previously analyzed the FTC’s proposal here.
The hearing has not…
Last Thursday, the Senate Judiciary Committee began its consideration of the several pending data security bills by marking up S. 1151, the legislation introduced by Sen. Patrick Leahy (D-VT).
S. 1151 would require business entities to develop a data privacy and security plan for protecting sensitive personally identifiable information, require agencies and business entities to notify U.S. residents in the event of a security breach involving such information, and impose criminal penalties for intentionally and willfully failing to provide notice of a security breach.
The original version of the bill also contained separate privacy requirements for data brokers, but a substitute amendment deleting that title was adopted by the Committee on Thursday. The panel also accepted an amendment proposed by Sen. Chuck Grassley (R-IO), which clarified that the definition of “exceeds authorized access” in the Computer Fraud and Abuse Act does not include violations of Internet terms of service agreements or employment agreements restricting computer access, and a separate manager’s amendment which limited civil liability and penalties.Continue Reading Senate Judiciary Committee Weighs Data Security Legislation
