Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: United States

Subscribe to United States RSS Feed

California Attorney General’s Second Annual Data Breach Report Finds Dramatic Increase in Number of Data Breaches

Posted in State Legislatures, United States

By Randall Friedland California Attorney General Kamala D. Harris yesterday released the second annual California Data Breach Report.   The report provided statistics and analysis related to data breaches that were reported to the Attorney General’s office in 2013.  The report also outlined suggested best practices and provided recommendations on ways to improve data security. Statistics… Continue Reading

FTC Says AT&T Fails to Deliver on ‘Unlimited’ Data Promises

Posted in Federal Trade Commission

Yesterday, the Federal Trade Commission (FTC) filed a complaint against AT&T alleging that the company misled consumers by limiting its “unlimited” data plan for mobile customers. The FTC’s two-count complaint, which was filed in the U.S. District Court for the Northern District of California, alleges that AT&T violated Section 5 of the FTC Act, which… Continue Reading

Whisper’s Privacy Problem: Sen. Rockefeller Pushes for Probe While Editorial Team Is Suspended Pending Review

Posted in Congress, United States

Following the Guardian’s recent exposé on Whisper’s consumer-privacy practices, alleging that the social-media app that supposedly allows people “to anonymously share [their] thoughts with the world . . . in a community built around trust and honesty,” in fact tracks the geolocation of users who opted out of such data collection, Chairman of the Senate… Continue Reading

FCC Expands Application of Customer Privacy Provisions with $10 Million Fine Against Carriers

Posted in Federal Communications Commission

By Caleb Skeath Last Friday, the FCC announced that it intends to fine two telecommunications carriers — TerraCom, Inc., and YourTel America, Inc. — a total of $10 million for failing to protect certain customer data.  According to the FCC, the two carriers, which provide discount phone services to low-income individuals, posted customer “proprietary information”… Continue Reading

Senators Request Hearing on Connected Devices

Posted in Congress, United States

On October 20, 2014, a bipartisan group of senators sent a letter to U.S. Senate Committee on Commerce, Science, & Transportation Chairman John D. Rockefeller IV (D-W.Va.) and Ranking Member John Thune (R-S.D.), requesting that the Committee schedule a “general oversight and information-gathering hearing” on digitally connected technologies before the end of 2014. The letter, penned by… Continue Reading

FDA Releases Final Guidance on Cybersecurity in Medical Devices, Public Workshop to Follow on October 21-22, 2014

Posted in Cybersecurity, Data Security, United States

On October 2, 2014, the Food and Drug Administration (FDA) released a final guidance document titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”.  The FDA said that the “need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and… Continue Reading

California Amends Data Breach Legislation

Posted in Data Breaches, Data Security, State Legislatures

Continuing our coverage of the flurry of bills signed into law by California Governor Jerry Brown last week, we turn now to AB 1710, an amendment to California’s data breach legislation. The data breach amendment makes three notable changes to existing laws regarding personal information privacy: 1.  Requires Companies that Maintain Personal Information to Implement… Continue Reading

IAPP Privacy Academy: “Data Brokers Demystified”

Posted in Federal Trade Commission

The International Association of Privacy Professionals hosted its annual Privacy Academy, at which one panel, “Data Brokers Demystified,” specifically focused on regulation of the data-broker industry.  The panelists included Janis Kestenbaum from the Federal Trade Commission, Jennifer Glasgow from Acxiom, and Pam Dixon from the World Privacy Forum.  Emilio Cividanes from Venable also participated. Major… Continue Reading

Calif. Gov. Brown Signs 8 Bills to Strengthen Privacy Protections

Posted in State Legislatures, United States

On Tuesday, September 30th, California Governor Jerry Brown signed into law 8 bills his office says were designed to “strengthen privacy [ ] protections.” Among the bills is AB 2306, which prevents the attempt to capture an image or sound recording in an offensive manner through the use of any technological device. Among other things,… Continue Reading

GAO Report Details CFPB’s Large-Scale Data Collection Practices, Identifies Shortcomings

Posted in Financial Privacy, United States

This week, the Government Accountability Office (“GAO”) released a report recommending eleven actions the Consumer Financial Protection Bureau (“CFPB”) should take to enhance the privacy and security of its ongoing data collections.  The report also provides a detailed look at the increasingly large volume of information that CFPB collects, and how the agency’s data collection… Continue Reading

FTC Public Workshop On Big-Data Discrimination: Assessing the Current Environment

Posted in Federal Trade Commission, United States

On Monday, the FTC hosted a public workshop on the topic of big data and discrimination entitled, “Big Data: A Tool for Inclusion or Exclusion?” The first panel, which explored today’s big-data landscape, featured the following speakers from government, industry, and academia: Kristin Amerling, Chief Investigative Counsel and Director of Oversight at the U.S. Senate… Continue Reading

What the FTC’s Latest COPPA Settlements Mean for Mobile Apps

Posted in Children's Privacy, Federal Trade Commission, Mobile, Social Media, Uncategorized

Making good on its warnings that mobile apps will be an enforcement priority under the revised Children’s Online Privacy Protection Act (“COPPA”) Rule, the FTC has announced two settlements with mobile app developers: TinyCo., the developer of several child-directed mobile apps, will pay $300,000 to settle charges that it violated COPPA by collecting children’s email addresses through its mobile app… Continue Reading

Privacy Weekend: Provocative Articles We’re Reading Now

Posted in Federal Trade Commission, Privacy Weekend, United States

It’s shaping up to be a big data weekend, for those of us who try to find some interesting weekend reading away from the crush of the day-to-day schedule.  If you’re thinking about Monday’s FTC workshop on the impact of big-data analytics on vulnerable communities, a bit of weekend reading about the intersection between technology… Continue Reading

Forever 21 Faces Point-of-Sale Data Collection Class Action Lawsuit

Posted in Litigation, Privacy Policies, United States

Fast fashion retailer Forever 21 Retail Inc. faces a putative class action lawsuit alleging that the retailer violated California law by requesting and recording shoppers’ credit card numbers and personal identification information at the point-of-sale. Forever 21 shopper Tamar Estanboulian filed the lawsuit on September 7 in U.S. District Court for the Central District of… Continue Reading

Client Event: “Data Protection & Privacy Law – 2nd Edition,” September 23, 2014

Posted in Cybersecurity, Data Breaches, Data Security, United States

Covington will be hosting a book launch for the 2014 title ‘Data Protection & Privacy Law 2nd Edition’, edited by Monika Kuschewsky, in partnership with The European Lawyer (Thomson Reuters) on September 23, 2014 in Brussels. The event will comprise a half-day workshop followed by a drinks reception. We are pleased to confirm that the… Continue Reading

Federal Judge Denies Motion to Reconsider FACTA Lawsuit Dismissal

Posted in Financial Privacy, Litigation, United States

A New York federal judge last week affirmed his earlier dismissal of a civil action alleging that a restaurant chain willfully violated the Fair and Accurate Credit Transactions Act (“FACTA”). FACTA requires businesses that accept credit cards to redact from customers’ receipts the card’s expiration date and all but the last five digits of the… Continue Reading

Google to Refund Consumers at Least $19 Million to Settle FTC Complaint It Unlawfully Billed Parents for Children’s Unauthorized In-App Charges

Posted in Federal Trade Commission, United States

The Federal Trade Commission (“FTC”) announced on Thursday, September 4 that Google has agreed to settle charges and refund no less than $19 million to consumers whose children were allegedly deceived into making mobile purchases through the Android app store. Google offers thousands of apps for free or a specific dollar amount through its Google… Continue Reading

FCC Adopts Consent Decree Regarding Verizon CPNI Opt-Out Notices

Posted in Federal Communications Commission, United States

A Consent Decree adopted by the FCC’s Enforcement Bureau on September 2 settles the FCC’s inquiry into allegations that Verizon failed to provide some customers with required notices about Verizon’s use of Customer Proprietary Network Information (CPNI) and took too long to notify the FCC after discovering the error. Under the Consent Decree, Verizon will… Continue Reading

Schedule of Panelists for FTC’s Upcoming Big Data & Discrimination Workshop

Posted in Advertising & Marketing, Emerging Technologies, Federal Trade Commission, Health Privacy, Marketing, United States

As we have previously reported, in less than two weeks the FTC will host its anticipated workshop on big data and discrimination.  Today the FTC announced a full agenda and panelists for the September 15th event, “Big Data: A Tool for Inclusion or Exclusion?” which will take place in Washington, D.C., at the Constitution Center. … Continue Reading

‘Video Rental Privacy Act’ Covers Magazines, Court Holds

Posted in Advertising & Marketing, State Legislatures

A federal court opinion released this week is a reminder that Michigan’s Video Rental Privacy Act (VRPA) may apply to far more than just videos. The Michigan VRPA restricts the disclosure of customers’ personal information by companies “engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings,… Continue Reading

FTC Settlement Requires Fandango and Credit Karma to Establish Comprehensive Security Programs to Protect Consumers’ Sensitive Personal Information

Posted in Cybersecurity, Data Breaches, Data Security, Federal Trade Commission, Financial Privacy, Privacy Policies

The Federal Trade Commission (“FTC”) has approved final orders settling charges against Fandango and Credit Karma that the companies misrepresented the security of their mobile apps and failed to protect the transmission of consumers’ sensitive personal information.  The FTC specifically alleged that, although the companies made security promises to consumers that their information was adequately… Continue Reading

Court Grants in Part and Denies in Part Yahoo’s Motion to Dismiss ECPA Claims

Posted in Litigation, Privacy Policies, United States

On Tuesday, August 12, 2014, the Northern District of California’s Judge Lucy Koh issued an order granting in part and denying in part Yahoo’s motion to dismiss claims that it violated federal and California anti-wiretapping laws. The putative class action, In re Yahoo Mail Litig., alleges that Yahoo’s practice of intercepting, scanning, analyzing, collecting, and… Continue Reading