Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: United States

Subscribe to United States RSS Feed

FTC Staff Updates COPPA FAQs on Verifiable Parental Consent Methods

Posted in Children's Privacy, Federal Trade Commission, Uncategorized, United States

The FTC staff has posted revisions to three Frequently Asked Questions (“FAQs”) related to obtaining verifiable parental consent under its COPPA Rule. For a comparison of the old and new FAQs, click here. Although the changes (which include a new FAQ H.16) may appear substantial, they mostly reaffirm the FTC’s longstanding position that the agency’s… Continue Reading

FTC Sues Amazon Over Allegedly Unauthorized In-App Purchases

Posted in Federal Trade Commission, Uncategorized

By: Nora Diamond The Federal Trade Commission (“FTC”) brought suit last week against Amazon.com for allegedly collecting unauthorized in-app charges in connection with children’s apps. The FTC alleges that, by failing to require the account holder to enter a password before allowing a charge, Amazon unfairly billed parents for millions of dollars in unauthorized purchases…. Continue Reading

Court Denies Company’s Request for Identity of Online Commenter

Posted in Litigation, United States

A New York state trial court last week rejected a publicly traded company’s request to obtain the identity of an individual who anonymously wrote negative comments about the company on an online financial bulletin board. In February 2014, an individual with the pseudonym “Pump Terminator” posted an article about Nanoviricides, Inc. on www.seekingalpha.com, a financial… Continue Reading

Florida Enacts Stringent Breach Notice Law

Posted in Data Breaches, Data Security, State Legislatures, United States

Last Friday, Florida’s governor signed into law the Florida Information Protection Act of 2014 (“FIPA”), a bill repealing Florida’s existing data security breach notice law and replacing it with what will be one of the nation’s most stringent breach notice laws.  This post summarizes the key aspects of the new law, which becomes effective July… Continue Reading

Wyndham Data Breach Ruling Cleared for Potential Appeal to Third Circuit

Posted in Federal Trade Commission, Litigation

U.S. District Court Judge Esther Salas ruled on Monday that the U.S. Court of Appeals for the Third Circuit can review her conclusion that Section 5 of the Federal Trade Commission Act provides the FTC with authority to bring actions arising from companies’ data security violations. In April of this year, Judge Salas denied Wyndham… Continue Reading

Eleventh Circuit: Warrant Required to Obtain Cell Site Location Information

Posted in Litigation, United States

The Eleventh Circuit ruled on June 11 that cell site location information—which can reveal the location of a cell phone user, based on his proximity to cell phone towers—is protected by the Fourth Amendment and can only be obtained with a warrant.  That ruling sets the stage for continued battles over Fourth Amendment protections for… Continue Reading

Senate Subcommittee Examines “Stalking Apps” Bill

Posted in Federal Trade Commission, Uncategorized

This week, the Senate Judiciary Subcommittee on Privacy, Technology and the Law held a hearing to discuss the Location Privacy Protection Act of 2014, a bill reintroduced in March by Senator Al Franken (D-MN).  Most concerned with the potential for misuse and abuse of location data for purposes of stalking and perpetrating domestic violence, Senator… Continue Reading

New Connecticut Law Adds Promotional SMS to State “Do Not Call” Registry Rules; Prohibits Promotional SMS to Numbers Not on State Registry Absent “Prior Express Written Consent”

Posted in Federal Communications Commission, State Legislatures

Last week, the governor of Connecticut signed into law a new requirement that extends compliance with the state’s existing Do-Not-Call registry to promotional text messages (SMS).  Specifically, the law amends the definition of a “telephonic sales call” to include a “text or media message sent by or on behalf of a telephone solicitor,” thereby prohibiting… Continue Reading

A Public Advocate for Privacy

Posted in Congress, United States

Since 1979, the United States Government has made at least 35,651 applications to the Foreign Intelligence Surveillance Court (FISC) for authority to conduct electronic surveillance and physical searches of individuals.[1]  Of those requests, only 12 have been denied; 532 requests have been formally modified.  According to one judge on the FISC, a substantially higher number… Continue Reading

FTC Data Broker Report Calls for More Transparency and Consumer Control

Posted in Federal Trade Commission, Uncategorized

The Federal Trade Commission (“FTC”) recently released a report on the data broker industry that summarizes the FTC’s findings from an investigation of nine data brokers.  The report, Data Brokers: A Call for Transparency and Accountability, recommends that Congress consider enacting legislation that promotes transparency and consumer access to information held by data brokers, and… Continue Reading

Court Dismisses CFAA, ECPA, and Other Claims in Privacy Class Action Opperman v. Path

Posted in Litigation, Mobile, United States

On May 14, a judge in the Northern District of California granted in part and dismissed in part four motions to dismiss filed by defendants in the consolidated class action, Opperman v. Path (No. 3:13-CV-00453-JST). The plaintiffs alleged that apps offered by a number of developers (“App Defendants”) accessed and uploaded information from plaintiffs’ mobile… Continue Reading

California AG Releases Online Tracking Disclosure Guidelines

Posted in Privacy Policies, United States

California Attorney General Kamala Harris today released guidelines to help websites comply with a state law that went into effect on January 1, 2014, pertaining to online tracking disclosures. The law, which amended the California Online Privacy Protection Act (“CalOPPA”) and which we previously blogged about here, requires website operators to disclose (1) how they… Continue Reading

FCC Obtains Record $7.5 Million Settlement With Sprint for Alleged Do-Not-Call Violations

Posted in Federal Communications Commission, Federal Trade Commission

Earlier this week, the FCC announced that mobile wireless company Sprint will pay $7.5 million to resolve allegations that the company failed to honor consumer requests to be placed on Sprint’s entity-specific Do-Not-Call list.  The settlement represents the largest of its kind between the FCC and a carrier. Through this settlement agreement, which follows a… Continue Reading

FCC Fines Company $2.9 Million for Political Robocalls to Cell Phones

Posted in Federal Communications Commission, United States

Last week, the Federal Communications Commission announced plans to fine Dialing Services, LLC, nearly $3 million for making illegal “robocalls” to cell phones. The FCC has specific rules for automatic telephone dialing systems, also known as “autodialers,” that have the capacity to produce, store, and dial telephone numbers using a random or sequential number generator…. Continue Reading

Senate Subcommittee Examines Online Advertising and Security

Posted in Congress, Cybersecurity, Data Security, United States

Yesterday, the U.S. Senate Permanent Subcommittee on Investigations held a hearing on “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy.”  The hearing was based on a year-long investigation into a broader set of issues related to consumer privacy and security on the Internet, which narrowed over time to focus specifically on the… Continue Reading

When are Public Companies Required to Disclose that They Have Experienced a Material Data Security Breach?

Posted in Cybersecurity, Data Breaches, Data Security, United States

Recent discoveries of data security breaches have raised a perennial question for public companies:  are public companies required by law or practice to provide material updates to their investors when bad things happen?  The answer can be quite surprising.  Disclosure at the Time of the Event As a threshold matter, federal securities law does not… Continue Reading

Ninth Circuit Holds Facebook IDs and URLS Not “Content” under ECPA

Posted in Advertising & Marketing, Litigation, Mobile, Online, Social Media, United States

Last Thursday, the United States Court of Appeals for the Ninth Circuit affirmed dismissal of claims for violations of the Electronic Communications Privacy Act (“ECPA”), holding that the plaintiffs had failed to allege Facebook and Zynga disclosed the “contents” of a communication, a necessary element under the Act. The court’s ruling applies to the consolidated… Continue Reading

Snapchat Settles FTC Charges

Posted in Advertising & Marketing, Data Security, Federal Trade Commission, Mobile, Social Media

On Thursday, mobile messaging application Snapchat agreed to settle Federal Trade Commission (“FTC”) charges that it made false or misleading representations about the ephemeral nature of its messages, the collection of user information, and the nature of its security practices. The FTC Complaint alleges six counts, many of which demonstrate the Commission’s aggressive enforcement of… Continue Reading

Ten Key Take-Aways From the White House Big Data Report

Posted in Health Privacy, Privacy Policies, United States

On Thursday, the White House Big Data Working Group, led by senior presidential advisor John Podesta, released a 79-page report that outlines a number of key observations and recommendations for privacy in both the private sector and government.  Although the report does not create binding law, it provides insight into the administration’s  priorities on a… Continue Reading

Data Breaches on the Rise in 2014

Posted in Cybersecurity, Data Breaches, Data Security, International, United States

More than 200 million records were lost in digital breaches during the first three months of 2014, according to a new report that parses publicly available information on data breaches.   The records were lost in connection with at least 254 publicized breaches, according to SafeNet, a data security company that published the report. Those numbers… Continue Reading

DHS Announces Reconsideration Process for “Critical Infrastructure at Greatest Risk”

Posted in Cybersecurity, United States

Executive Order 13,636 on Improving Critical Infrastructure Cybersecurity directed the Secretary of Homeland Security to identify “critical infrastructure at greatest risk” within 150 days after issuance of the Order on February 12, 2013.  Section 9 of the Order specified that the Secretary, in consultation with sector-specific agencies, should “use a risk-based approach to identify critical… Continue Reading

Kentucky Enacts Data Breach Notification Law

Posted in Data Breaches, Data Security, United States

Last week, Kentucky governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  The law requires companies that suffer a data breach to provide notice of the breach to Kentucky residents “whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”… Continue Reading

Breaking Down the Court’s Decision in FTC v. Wyndham Worldwide Corp.

Posted in Cybersecurity, Data Security, Federal Trade Commission, Litigation, United States

Last week, a federal judge in the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss the FTC’s complaint alleging Wyndham violated the FTC Act by failing to provide reasonable security for its customers’ personal information.  This Covington E-Alert provides a detailed look at the parties’ arguments and the court’s holdings in… Continue Reading

DOJ and FTC Issue Antitrust Policy Statement on Sharing of Cybersecurity Information

Posted in Cybersecurity, United States

On April 10, 2014, the U.S. Department of Justice (“DOJ”) and the Federal Trade Commission (“FTC”) issued a joint “Antitrust Policy Statement on Sharing of Cybersecurity Information.” Information sharing between the government and the private sector and among private sector entities has been a major consideration in ongoing legislative and executive branch efforts to address… Continue Reading