Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: United States

Subscribe to United States RSS Feed

DoD Issues Interim Rule Addressing New Requirements for Cyber Incidents and Cloud Computing Services

Posted in Cloud Computing, Cybersecurity, Data Security, United States

By Susan Cassidy, Alex Sarria, Patrick Stanton, and Catlin Meade On August 26, 2015, the Department of Defense (DoD) issued an interim rule that significantly expands the obligations imposed on defense contractors and subcontractors to safeguard “covered defense information” and for reporting cyber incidents on unclassified information systems that contain such information.  The interim rule revises the… Continue Reading

Third Circuit Upholds FTC’s Data Security Authority in FTC v. Wyndham

Posted in Federal Trade Commission

The Third Circuit released its decision in FTC v. Wyndham Worldwide Corp. earlier today, affirming the district court’s decision that the FTC has the authority to regulate companies’ data security practices under the “unfair practices” prong of Section 5 of the FTC Act.  The highly anticipated precedential opinion dismissed Wyndham’s arguments that the FTC lacks… Continue Reading

FTC Releases Agenda for September 9th “Start with Security” Conference

Posted in Cybersecurity, Data Security, Federal Trade Commission, United States

By Megan L. Rodgers The FTC has announced its agenda and panelists for its conference on data security, which will be held on September 9, 2015 at University of California Hastings College of the Law, in San Francisco. This is the first in a series of conferences aimed at helping small- to medium-sized businesses protect… Continue Reading

FTC Seeks Public Comment on New Proposal for Parental Verification Method Under COPPA Rule

Posted in Children's Privacy, Federal Trade Commission, United States

By Ani Gevorkian The FTC has issued a request for public comment regarding Riyo’s application to recognize a new proposed verifiable parental consent method under the FTC’s Children’s Online Privacy Protection Act Rule.  The Rule, which implements the Children’s Online Privacy Protection Act (COPPA), requires certain website operators, mobile applications, and other online services to… Continue Reading

Neiman Marcus Asks Full 7th Circuit to Consider Standing Ruling in Breach Suit

Posted in Data Breaches, Data Security, Litigation, United States

A Seventh Circuit panel that allowed a data breach suit against Neiman Marcus to proceed misapplied the Supreme Court’s precedents on standing and, “if allowed to stand, will impose wasteful litigation burdens on retailers and the federal courts,” the retailer argues in a petition filed yesterday asking the full Seventh Circuit to rehear the case…. Continue Reading

Pocket Dials Are Not Private, Sixth Circuit Says

Posted in Litigation

A person who makes an accidental “pocket dialed” call has no reasonable expectation of privacy in the conversations exposed to the person who picks up that call, the Sixth Circuit ruled last week.  The court compared this situation to a homeowner that mistakenly fails to cover his windows, exposing his actions to public view.  In… Continue Reading

Data Breach Plaintiffs Allege Enough Risk of Harm for Suit to Proceed, Appeals Court Rules

Posted in Data Breaches, Data Security, Litigation, United States

Neiman Marcus customers whose credit card information potentially was exposed in a 2013 breach of the retailer’s computer systems may proceed with their proposed class action lawsuit against the retailer, a federal appeals court ruled Monday. Neiman Marcus discovered in December 2013 that some of its customers had found fraudulent charges on their credit cards,… Continue Reading

Ten Key Takeaways From Last Week’s TCPA Order

Posted in Federal Communications Commission

Last week, the Federal Communications Commission (FCC) released the text of its long-awaited order addressing certain aspects of the Telephone Consumer Protection Act (TCPA) and related FCC rules.  The order addressed a total of 21 petitions seeking “clarification or other actions” regarding the TCPA, principally in connection with automated calls and text messages. Although the… Continue Reading

Carriers Agree to $3.5 Million FCC Fine For Alleged Privacy Violations

Posted in Data Security, Federal Communications Commission, United States

In a consent decree adopted yesterday by the Federal Communications Commission, two telecommunications carriers — TerraCom, Inc., and YourTel America, Inc. — agreed to pay a $3.5 million civil penalty and adhere to a three-year compliance program to settle allegations that the carriers violated the federal Communications Act by failing to adequately protect “proprietary information”… Continue Reading

FTC Releases “Start with Security” Guide to “Practical Lessons” From Data Security Enforcement Actions

Posted in Data Security, Federal Trade Commission

As part of its ongoing outreach efforts to educate businesses about the importance of data security practices, the FTC has released a list of “10 practical lessons” drawn from its previous data security enforcement actions.  The list, entitled “Start with Security: A Guide for Business,” acknowledged that the FTC’s 50-plus data security enforcement actions are… Continue Reading

Supreme Court Strikes Down Ordinance Authorizing Warrantless Searches of Hotel Records

Posted in Litigation

On June 22, the Supreme Court issued its decision in Los Angeles v. Patel, striking down a Los Angeles city ordinance that allowed law enforcement to inspect hotel guest registers on demand as facially unconstitutional.  Writing for a 5-4 majority, Justice Sotomayor held that the ordinance violated the Fourth Amendment by failing to provide for… Continue Reading

FCC Ruling Tightens TCPA Restrictions; Dissenters Warn of Increased Class-Action Abuse

Posted in Federal Communications Commission, Litigation

In an order adopted at Thursday’s Open Meeting, the Federal Communications Commission acted on 23 petitions or other requests for clarification regarding the application of the Telephone Consumer Protection Act, a federal law that restricts telemarketing  and certain other types of calls.  The FCC has issued a news release describing yesterday’s order as an effort to… Continue Reading

FTC Announces First Consent Order on Misrepresentation in Crowdsourcing

Posted in Federal Trade Commission, Litigation

The Federal Trade Commission (“FTC”) announced today that it has entered into a proposed consent order against the founder of a failed Kickstarter project, marking the first time that the agency has taken a consumer protection action in the rapidly-emerging field of crowdsourcing.  According to the complaint, the defendant, Erik Chevalier misused money raised through… Continue Reading

Court Dismisses Text-Message TCPA Suit Against AOL, Finding Instant Messaging Service Does Not Constitute an ATDS

Posted in Litigation

On June 1, the Northern District of California dismissed a putative TCPA class action against AOL, finding that the plaintiff had failed to allege that AOL utilized an automated telephone dialing system (ATDS), as required to state a cause of action under the TCPA.  In dismissing the plaintiff’s complaint in Derby v. AOL, the court… Continue Reading

U.S. and EU Miss Target for Safe Harbor Renegotiation, But Remain Optimistic

Posted in European Union, United States

The U.S. and EU’s negotiators on the EU-U.S. Safe Harbor data transfer program have missed an end of May target date for reaching an agreement on amendments to the program. They nevertheless publicly reaffirmed their commitment to reaching an agreement on the Safe Harbor program, and on an “Umbrella Agreement” that would protect personal data… Continue Reading

Court Certifies Nationwide Class in Yahoo Email Scanning Litigation

Posted in Litigation

Last Tuesday, District Judge Lucy Koh of the Northern District of California partially granted the plaintiffs’ motion for class certification in In re Yahoo Mail Litig., allowing the plaintiffs to pursue their claims for injunctive relief on behalf of class members under the Stored Communications Act (“SCA”) and California’s Invasion of Privacy Act (“CIPA”).  The plaintiffs,… Continue Reading

FTC Highlights Importance of Post-Breach Cooperation with Law Enforcement

Posted in Cybersecurity, Data Breaches, Data Security, Federal Trade Commission

Yesterday, the FTC published a blog post outlining what companies should expect if they find themselves as the subject of an FTC data security investigation.  In addition to highlighting the different phases of the FTC’s investigative process, the FTC’s discussed the types of information that it seeks as well as the questions it wants answered. … Continue Reading

Draft House Cures Legislation Would Amend Federal Privacy Laws (Second Post in a Series)

Posted in Congress, Health Privacy

As we discussed in a prior post, the April 29, 2015, draft House 21st Century Cures bill would make several changes to federal health privacy law. This post focuses on provisions that would allow remote access to PHI for purposes preparatory to research and that would permit individuals to make a one-time authorization of the… Continue Reading

Ninth Circuit Asks California Supreme Court to Define the Scope of Song-Beverly Act

Posted in Litigation

The U.S. Court of Appeals for the Ninth Circuit on Tuesday asked the California Supreme Court to resolve a longstanding dispute over the interpretation of a retail privacy statute.  If the state court rules on the issue, its decision could affect the ability of California retailers to collect information from consumers who make in-store payments using… Continue Reading

Draft House Cures Legislation Would Amend Federal Privacy Laws (First Post in a Series)

Posted in Congress, Health Privacy

On April 29, 2015, the U.S. House Energy and Commerce Committee released a revised discussion draft of the 21st Century Cures Act (“Cures”). The Cures bill would make several changes to existing federal privacy regulations promulgated under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health… Continue Reading

Groups Weigh In On Drone Privacy

Posted in United States

By Rani Gupta More than 50 commenters have offered their thoughts on privacy and transparency issues regarding non-government use of unmanned aircraft systems, better known as drones or UAS. The comments responded to a request by the National Telecommunications and Information Administration.  As we previously reported, the NTIA is planning a multi-stakeholder process to formulate… Continue Reading

Supreme Court to Consider Whether Actual Harm is Required to Recover Under the Fair Credit Reporting Act

Posted in Litigation

On Monday, the U.S. Supreme Court granted certiorari and agreed to consider Robins v. Spokeo, Inc., in which the U.S. Court of Appeals for the Ninth Circuit held that Thomas Robins had adequately alleged Article III standing to sue website operator Spokeo, Inc. (“Spokeo”) under the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681… Continue Reading

FCC’s Agenda for April 28th Broadband Consumer Privacy Public Workshop

Posted in Federal Communications Commission

The FCC has announced its agenda and panelists for its public workshop on protecting the privacy of consumers who use broadband Internet access services, which will be held on April 28. FCC Chairman Tom Wheeler will give opening remarks and Matt Blaze, Associate Professor of Computer and Information Science at the University of Pennsylvania, will… Continue Reading