Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: United States

Subscribe to United States RSS Feed

Congress Passes Five Cybersecurity Bills

Posted in Congress, United States

By Caleb Skeath Congress approved a package of five cybersecurity bills after a series of votes in the House and Senate this week, increasing the likelihood that some cybersecurity-related legislation will be signed into law by the end of this year. None of the bills address some of the larger, more contentious cybersecurity issues, such… Continue Reading

Financial Industry Regulators Increase Data Security Oversight

Posted in United States

On Wednesday, December 10, 2014, financial industry regulatory and enforcement agencies issued statements that their organizations will increase scrutiny of financial industry cybersecurity practices going forward. In New York, the State’s Department of Financial Services Superintendent Benjamin Lawsky issued new guidelines to banks, detailing how their cybersecurity practices would be evaluated. The memorandum—sent to all… Continue Reading

Parties Involved in TCPA Fax Litigation May Qualify for Relief

Posted in Federal Communications Commission, United States

The FCC recently agreed to grant limited waivers for violations of its “opt out notice” rule for solicited faxes (i.e., faxes sent with the recipient’s prior express invitation or permission).  That rule requires that senders of faxes include opt-out notices on fax transmissions that contain advertisements or promotions.  The FCC initially promulgated its opt-out notice… Continue Reading

FTC Denies AgeCheq Parental Consent Application But Trumpets General Support for COPPA Common Consent Mechanisms

Posted in Children's Privacy, Federal Trade Commission, United States

The Federal Trade Commission (“FTC”) recently reiterated its support for the use of “common consent” mechanisms that permit multiple operators to use a single system for providing notices and obtaining verifiable consent under the Children’s Online Privacy Protection Act (“COPPA”). COPPA generally requires operators of websites or online services that are directed to children under… Continue Reading

FTC Alleges TRUSTe’s Certified Privacy Seals Misled Consumers

Posted in Federal Trade Commission, United States

Last week, TRUSTe, Inc. (“TRUSTe”) settled Federal Trade Commission (“FTC”) charges that it misrepresented its certification programs and non-profit status to consumers.  TRUSTe offers clients Certified Privacy Seals, representing to consumers that the website, software, data processing service, or mobile application is compliant with the relevant TRUSTe program.  These programs include specifications related to transparency… Continue Reading

FTC and Wyndham to Mediate Dispute Over FTC Data-Security Authority

Posted in Litigation, United States

Earlier this week, U.S. District Court Judge Esther Salas directed the Federal Trade Commission (“FTC”) and Wyndham Hotels and Resorts to seek mediation to resolve their landmark dispute over whether the FTC has the authority to regulate companies’ data-security practices.  As we’ve previously reported, the FTC alleged that Wyndham violated Section 5 of the FTC… Continue Reading

Bill Restricting the NSA’s Data Collection Practices Blocked in the Senate

Posted in Congress, United States

By Randall Friedland Yesterday, the USA Freedom Act (S. 2685), a bill aimed at curbing the National Security Agency’s (“NSA”) data collection practices, fell two votes short of the 60 votes necessary for cloture in the Senate.  The bill was largely blocked by Senate Republicans who expressed concern that the legislation would harm the government’s… Continue Reading

FTC Closes Investigation After Verizon Fixes Encryption Problems With FiOS and DSL Routers

Posted in Federal Communications Commission, Federal Trade Commission, United States

Earlier this week, the FTC notified Verizon by letter that it has closed its investigation into whether Verizon violated Section 5 of the FTC Act by failing to secure certain routers supplied to the company’s broadband subscribers.  The FTC’s investigation centered on Verizon’s practice of supplying routers that incorporated an outdated default security setting, an… Continue Reading

Recent Ninth Circuit Decisions Address Whether Consumers Must Explicitly Agree to User Terms

Posted in Litigation, Privacy Policies, United States

The Ninth Circuit recently issued two opinions addressing whether companies should require customers to explicitly agree to key provisions of user terms and other policies. On Monday, a unanimous three-judge panel issued an opinion in Knutson v. Sirius XM Radio.  In this case, the plaintiff purchased a Toyota that included a trial subscription to Sirius. … Continue Reading

Ten Ways the 2014 Election May Affect Privacy and Data Security Law

Posted in Congress, Cybersecurity, Data Breaches, Data Security, Federal Communications Commission, Federal Trade Commission, United States

When Republicans take over the Senate in January, new leaders will control key committees that oversee privacy and data security issues, and their priorities will differ significantly from those of their predecessors.  Privacy issues, however, generally tend not to break neatly along party lines and there will remain bipartisan support – and bipartisan opposition –… Continue Reading

Officials Comment on the Future of FTC, FCC, and CFPB Privacy Enforcement Authority

Posted in Federal Communications Commission, Federal Trade Commission, United States

By Caleb Skeath At a recent IAPP privacy event, officials from the FTC and CFPB offered insight into their respective agencies’ future enforcement plans, as well as the shifting landscape of privacy enforcement actions.  Although such enforcement actions have historically been the domain of the FTC, the FCC recently entered the privacy enforcement arena, announcing… Continue Reading

Another Court Finds That an Automated SMS Platform is Not an ATDS

Posted in Litigation, United States

By Ani Gevorkian Last week, the U.S. District Court for the Southern District of California issued an opinion regarding the definition of  an “Automatic Telephone Dialing System” (“ATDS”) under the Telephone Consumer Protection Act (“TCPA”).  The opinion follows a small but growing number of cases holding that courts have their own ability to interpret the… Continue Reading

California Attorney General’s Second Annual Data Breach Report Finds Dramatic Increase in Number of Data Breaches

Posted in State Legislatures, United States

By Randall Friedland California Attorney General Kamala D. Harris yesterday released the second annual California Data Breach Report.   The report provided statistics and analysis related to data breaches that were reported to the Attorney General’s office in 2013.  The report also outlined suggested best practices and provided recommendations on ways to improve data security. Statistics… Continue Reading

FTC Says AT&T Fails to Deliver on ‘Unlimited’ Data Promises

Posted in Federal Trade Commission

Yesterday, the Federal Trade Commission (FTC) filed a complaint against AT&T alleging that the company misled consumers by limiting its “unlimited” data plan for mobile customers. The FTC’s two-count complaint, which was filed in the U.S. District Court for the Northern District of California, alleges that AT&T violated Section 5 of the FTC Act, which… Continue Reading

Whisper’s Privacy Problem: Sen. Rockefeller Pushes for Probe While Editorial Team Is Suspended Pending Review

Posted in Congress, United States

Following the Guardian’s recent exposé on Whisper’s consumer-privacy practices, alleging that the social-media app that supposedly allows people “to anonymously share [their] thoughts with the world . . . in a community built around trust and honesty,” in fact tracks the geolocation of users who opted out of such data collection, Chairman of the Senate… Continue Reading

FCC Expands Application of Customer Privacy Provisions with $10 Million Fine Against Carriers

Posted in Federal Communications Commission

By Caleb Skeath Last Friday, the FCC announced that it intends to fine two telecommunications carriers — TerraCom, Inc., and YourTel America, Inc. — a total of $10 million for failing to protect certain customer data.  According to the FCC, the two carriers, which provide discount phone services to low-income individuals, posted customer “proprietary information”… Continue Reading

Senators Request Hearing on Connected Devices

Posted in Congress, United States

On October 20, 2014, a bipartisan group of senators sent a letter to U.S. Senate Committee on Commerce, Science, & Transportation Chairman John D. Rockefeller IV (D-W.Va.) and Ranking Member John Thune (R-S.D.), requesting that the Committee schedule a “general oversight and information-gathering hearing” on digitally connected technologies before the end of 2014. The letter, penned by… Continue Reading

FDA Releases Final Guidance on Cybersecurity in Medical Devices, Public Workshop to Follow on October 21-22, 2014

Posted in Cybersecurity, Data Security, United States

On October 2, 2014, the Food and Drug Administration (FDA) released a final guidance document titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices”.  The FDA said that the “need for effective cybersecurity to assure medical device functionality and safety has become more important with the increasing use of wireless, Internet- and… Continue Reading

California Amends Data Breach Legislation

Posted in Data Breaches, Data Security, State Legislatures

Continuing our coverage of the flurry of bills signed into law by California Governor Jerry Brown last week, we turn now to AB 1710, an amendment to California’s data breach legislation. The data breach amendment makes three notable changes to existing laws regarding personal information privacy: 1.  Requires Companies that Maintain Personal Information to Implement… Continue Reading

IAPP Privacy Academy: “Data Brokers Demystified”

Posted in Federal Trade Commission

The International Association of Privacy Professionals hosted its annual Privacy Academy, at which one panel, “Data Brokers Demystified,” specifically focused on regulation of the data-broker industry.  The panelists included Janis Kestenbaum from the Federal Trade Commission, Jennifer Glasgow from Acxiom, and Pam Dixon from the World Privacy Forum.  Emilio Cividanes from Venable also participated. Major… Continue Reading

Calif. Gov. Brown Signs 8 Bills to Strengthen Privacy Protections

Posted in State Legislatures, United States

On Tuesday, September 30th, California Governor Jerry Brown signed into law 8 bills his office says were designed to “strengthen privacy [ ] protections.” Among the bills is AB 2306, which prevents the attempt to capture an image or sound recording in an offensive manner through the use of any technological device. Among other things,… Continue Reading