Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: United States

Subscribe to United States RSS Feed

EU-U.S. Safe Harbor: Judgment in the Schrems Case Scheduled For October 6

Posted in European Union, United States

The Court of Justice of the European Union (“CJEU”) in Luxembourg will render its judgment in the Schrems case (C-362/14 Maximilian Schrems v Data Protection Commissioner) on October 6, at 9:30 am CET (see here). For details on the case and its potential implications for the U.S.-EU Safe Harbor, see our earlier blog post (here)… Continue Reading

Advocate General Considers EU-U.S. Safe Harbor to be Invalid

Posted in European Union, United States

By Jetty Tielemans, Mark Young and Joseph Jones This morning (September 23, 2015), EU Advocate General (“AG”) Bot issued an Opinion in Case C-362/14 Maximilian Schrems v Data Protection Commissioner (see our earlier post on the hearing here).  The AG Opinion has gone further than expected, covering not just the power of national data protection… Continue Reading

Start With Security: Key Takeaways from the FTC’s Data Security Conference

Posted in Data Security, Emerging Technologies, Federal Trade Commission

By Lindsey Tonsager and Megan Rodgers The FTC held its “Start with Security” conference in San Francisco, California, last week, launching an initiative to provide companies with practical resources for implementing effective data security strategies. The event was targeted at tech start-ups and small- and medium-sized businesses, but the panelists included representatives from companies with… Continue Reading

Following TCPA Omnibus Order, Court Reaffirms Prior Ruling in Dismissing TCPA Text Message Lawsuit Against AOL

Posted in Litigation

In one of the first decisions evaluating Telephone Consumer Protection Act (TCPA) claims under the FCC’s recent omnibus TCPA order, the Northern District of California dismissed a putative class action lawsuit alleging that AOL violated the TCPA when users of its Instant Messenger service (AIM) sent text messages to incorrect recipients.  After the court dismissed… Continue Reading

Proposed Rule Would Amend Federal “Common Rule” Requirements

Posted in Data Security, Department of Health and Human Services, Health Privacy

On September 8, 2015, sixteen federal agencies published a long-awaited Notice of Proposed Rulemaking (NPRM) to modernize the Federal Policy for the Protection of Human Subjects, known as the “Common Rule.” The proposal, available here, includes a number of changes related to privacy and data security and other changes relevant to entities seeking to conduct… Continue Reading

EU – US Umbrella Agreement about to be concluded: towards a transatlantic approach to data protection?

Posted in European Union, International, United States

By Jean de Ruyt and Monika Kuschewsky According to the European Commissioner for Justice, Consumers and Gender Equality, Věra Jourová, the EU and the US have finalized the EU-US Umbrella Agreement (for the press release, see here; a reportedly near-final draft of the agreement can be read here). This is a remarkable breakthrough after the first… Continue Reading

Regulators in the U.S. and U.K. Monitoring Mobile Apps and Websites Directed at Children

Posted in Advertising & Marketing, Children's Privacy, Federal Trade Commission, Mobile, United Kingdom, United States

By Megan L. Rodgers What information is being collected by mobile apps and websites directed at kids? With whom is that information shared? What notice is provided to parents? Regulators in the U.S. and abroad continue to focus on these issues. The FTC recently released a follow-up report on privacy notices in mobile apps directed… Continue Reading

DoD Issues Interim Rule Addressing New Requirements for Cyber Incidents and Cloud Computing Services

Posted in Cloud Computing, Cybersecurity, Data Security, United States

By Susan Cassidy, Alex Sarria, Patrick Stanton, and Catlin Meade On August 26, 2015, the Department of Defense (DoD) issued an interim rule that significantly expands the obligations imposed on defense contractors and subcontractors to safeguard “covered defense information” and for reporting cyber incidents on unclassified information systems that contain such information.  The interim rule revises the… Continue Reading

Third Circuit Upholds FTC’s Data Security Authority in FTC v. Wyndham

Posted in Federal Trade Commission

The Third Circuit released its decision in FTC v. Wyndham Worldwide Corp. earlier today, affirming the district court’s decision that the FTC has the authority to regulate companies’ data security practices under the “unfair practices” prong of Section 5 of the FTC Act.  The highly anticipated precedential opinion dismissed Wyndham’s arguments that the FTC lacks… Continue Reading

FTC Releases Agenda for September 9th “Start with Security” Conference

Posted in Cybersecurity, Data Security, Federal Trade Commission, United States

By Megan L. Rodgers The FTC has announced its agenda and panelists for its conference on data security, which will be held on September 9, 2015 at University of California Hastings College of the Law, in San Francisco. This is the first in a series of conferences aimed at helping small- to medium-sized businesses protect… Continue Reading

FTC Seeks Public Comment on New Proposal for Parental Verification Method Under COPPA Rule

Posted in Children's Privacy, Federal Trade Commission, United States

By Ani Gevorkian The FTC has issued a request for public comment regarding Riyo’s application to recognize a new proposed verifiable parental consent method under the FTC’s Children’s Online Privacy Protection Act Rule.  The Rule, which implements the Children’s Online Privacy Protection Act (COPPA), requires certain website operators, mobile applications, and other online services to… Continue Reading

Neiman Marcus Asks Full 7th Circuit to Consider Standing Ruling in Breach Suit

Posted in Data Breaches, Data Security, Litigation, United States

A Seventh Circuit panel that allowed a data breach suit against Neiman Marcus to proceed misapplied the Supreme Court’s precedents on standing and, “if allowed to stand, will impose wasteful litigation burdens on retailers and the federal courts,” the retailer argues in a petition filed yesterday asking the full Seventh Circuit to rehear the case…. Continue Reading

Pocket Dials Are Not Private, Sixth Circuit Says

Posted in Litigation

A person who makes an accidental “pocket dialed” call has no reasonable expectation of privacy in the conversations exposed to the person who picks up that call, the Sixth Circuit ruled last week.  The court compared this situation to a homeowner that mistakenly fails to cover his windows, exposing his actions to public view.  In… Continue Reading

Data Breach Plaintiffs Allege Enough Risk of Harm for Suit to Proceed, Appeals Court Rules

Posted in Data Breaches, Data Security, Litigation, United States

Neiman Marcus customers whose credit card information potentially was exposed in a 2013 breach of the retailer’s computer systems may proceed with their proposed class action lawsuit against the retailer, a federal appeals court ruled Monday. Neiman Marcus discovered in December 2013 that some of its customers had found fraudulent charges on their credit cards,… Continue Reading

Ten Key Takeaways From Last Week’s TCPA Order

Posted in Federal Communications Commission

Last week, the Federal Communications Commission (FCC) released the text of its long-awaited order addressing certain aspects of the Telephone Consumer Protection Act (TCPA) and related FCC rules.  The order addressed a total of 21 petitions seeking “clarification or other actions” regarding the TCPA, principally in connection with automated calls and text messages. Although the… Continue Reading

Carriers Agree to $3.5 Million FCC Fine For Alleged Privacy Violations

Posted in Data Security, Federal Communications Commission, United States

In a consent decree adopted yesterday by the Federal Communications Commission, two telecommunications carriers — TerraCom, Inc., and YourTel America, Inc. — agreed to pay a $3.5 million civil penalty and adhere to a three-year compliance program to settle allegations that the carriers violated the federal Communications Act by failing to adequately protect “proprietary information”… Continue Reading

FTC Releases “Start with Security” Guide to “Practical Lessons” From Data Security Enforcement Actions

Posted in Data Security, Federal Trade Commission

As part of its ongoing outreach efforts to educate businesses about the importance of data security practices, the FTC has released a list of “10 practical lessons” drawn from its previous data security enforcement actions.  The list, entitled “Start with Security: A Guide for Business,” acknowledged that the FTC’s 50-plus data security enforcement actions are… Continue Reading

Supreme Court Strikes Down Ordinance Authorizing Warrantless Searches of Hotel Records

Posted in Litigation

On June 22, the Supreme Court issued its decision in Los Angeles v. Patel, striking down a Los Angeles city ordinance that allowed law enforcement to inspect hotel guest registers on demand as facially unconstitutional.  Writing for a 5-4 majority, Justice Sotomayor held that the ordinance violated the Fourth Amendment by failing to provide for… Continue Reading

FCC Ruling Tightens TCPA Restrictions; Dissenters Warn of Increased Class-Action Abuse

Posted in Federal Communications Commission, Litigation

In an order adopted at Thursday’s Open Meeting, the Federal Communications Commission acted on 23 petitions or other requests for clarification regarding the application of the Telephone Consumer Protection Act, a federal law that restricts telemarketing  and certain other types of calls.  The FCC has issued a news release describing yesterday’s order as an effort to… Continue Reading

FTC Announces First Consent Order on Misrepresentation in Crowdsourcing

Posted in Federal Trade Commission, Litigation

The Federal Trade Commission (“FTC”) announced today that it has entered into a proposed consent order against the founder of a failed Kickstarter project, marking the first time that the agency has taken a consumer protection action in the rapidly-emerging field of crowdsourcing.  According to the complaint, the defendant, Erik Chevalier misused money raised through… Continue Reading

Court Dismisses Text-Message TCPA Suit Against AOL, Finding Instant Messaging Service Does Not Constitute an ATDS

Posted in Litigation

On June 1, the Northern District of California dismissed a putative TCPA class action against AOL, finding that the plaintiff had failed to allege that AOL utilized an automated telephone dialing system (ATDS), as required to state a cause of action under the TCPA.  In dismissing the plaintiff’s complaint in Derby v. AOL, the court… Continue Reading

U.S. and EU Miss Target for Safe Harbor Renegotiation, But Remain Optimistic

Posted in European Union, United States

The U.S. and EU’s negotiators on the EU-U.S. Safe Harbor data transfer program have missed an end of May target date for reaching an agreement on amendments to the program. They nevertheless publicly reaffirmed their commitment to reaching an agreement on the Safe Harbor program, and on an “Umbrella Agreement” that would protect personal data… Continue Reading

Court Certifies Nationwide Class in Yahoo Email Scanning Litigation

Posted in Litigation

Last Tuesday, District Judge Lucy Koh of the Northern District of California partially granted the plaintiffs’ motion for class certification in In re Yahoo Mail Litig., allowing the plaintiffs to pursue their claims for injunctive relief on behalf of class members under the Stored Communications Act (“SCA”) and California’s Invasion of Privacy Act (“CIPA”).  The plaintiffs,… Continue Reading

FTC Highlights Importance of Post-Breach Cooperation with Law Enforcement

Posted in Cybersecurity, Data Breaches, Data Security, Federal Trade Commission

Yesterday, the FTC published a blog post outlining what companies should expect if they find themselves as the subject of an FTC data security investigation.  In addition to highlighting the different phases of the FTC’s investigative process, the FTC’s discussed the types of information that it seeks as well as the questions it wants answered. … Continue Reading