In a report released on September 28, 2011, Verizon concluded that only 21 percent of organizations subject to the payment card industry’s data security standards (PCI-DSS) were fully compliant with PCI-DSS. Verizon’s prior report found that 22 percent of organizations were fully compliant with PCI-DSS. The PCI-DSS consist of 12 requirements relating to an organization’s information … Continue Reading
As covered in our earlier blog post, the Dodd-Frank Wall Street Reform and Consumer Protection Act establishes the Office of Financial Research (OFR) to collect and analyze U.S. financial data for financial regulators. The OFR is tasked with, among other responsibilities, supporting the Financial Stability Oversight Council’s oversight of systemic risk, developing tools for measuring risk … Continue Reading
Reps. Lee Terry (R-NE) and Ed Towns (D-NY) have introduced the Mobile Informational Call Act of 2011 (H.R. 3035). H.R. 3035 would amend the Telephone Consumer Protection Act — which is administered and enforced by the Federal Communications Commission but also authorizes private rights of action — to clarify the scope of limitations under the … Continue Reading
Earlier this month, the Payment Card Industry Council (“PCI”) unveiled the first set of point-to-point encryption (“P2PE”) standards designed for providers of P2PE hardware-based encryption and decryption solutions. P2PE providers develop for merchants point-of-sale hardware such as payment card readers and electronic cash registers that completely encrypt payment card data from the point the card … Continue Reading
Today, Senator Charles Schumer (D-NY) sent letters to Federal Trade Commission chairman Jon Liebowitz and OnStar executive director Linda Marshall regarding recent controversial changes to OnStar’s privacy policies. OnStar provides in-vehicle GPS navigation, emergency response, and concierge services for millions of U.S.-manufactured vehicles. In providing these services, OnStar collects data regarding customers’ location, speed, driving … Continue Reading
Yesterday, the Senate Judiciary Committee approved legislation introduced by Committee Chairman Patrick Leahy (D-VT) (S. 1151) that would require firms to develop comprehensive data security programs and would impose a federal breach notice obligation on firms. The same day, the Committee also approved amended versions of breach notification measures introduced by Sen. Dianne Feinstein (D-CA) … Continue Reading
On 5 September 2011, Costa Rica adopted a new data protection law, the “Law on the Protection of Individuals Against the Processing of Personal Data”. The Law aims to protect the fundamental right to information self-determination of any person, regardless of nationality, residence or domicile. Costa Rica is now the seventh country in Central and … Continue Reading
The representatives of IAB Europe and EASA, European advertising and marketing industry associations, met with the Article 29 Working Party, a group of European data protection authorities, on 14 September 2011 to discuss the industry’s self-regulatory code on Online Behavioural Advertising. As we blogged here, the Article 29 Working Party had previously voiced concerns over … Continue Reading
Yesterday, Judge Lucy Koh of the U.S. District Court for the Northern District of California granted defendants’ motions to dismiss the consolidated, amended complaint in In re iPhone Application Litigation for lack of Article III standing, with leave to amend. In finding lack of standing, the Court stated that plaintiffs’ allegations were “clearly insufficient” as … Continue Reading
The Federal Trade Commission announced this week that it will host a workshop to explore potential privacy and security implications raised by the increasing use of facial recognition technology. The discussion will take place on December 8, 2011 in Washington, DC. According to the FTC, the workshop, which is free and open to the public, … Continue Reading
Politico and other news sources are reporting that the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade plans to hold a hearing on the FTC’s proposed revisions to the Children’s Online Privacy Protection Act rule. We previously analyzed the FTC’s proposal here. The hearing has not yet been formally announced but is … Continue Reading
Last Thursday, the Senate Judiciary Committee began its consideration of the several pending data security bills by marking up S. 1151, the legislation introduced by Sen. Patrick Leahy (D-VT). S. 1151 would require business entities to develop a data privacy and security plan for protecting sensitive personally identifiable information, require agencies and business entities to … Continue Reading
By David Fagan and Alex Berengaut Enterprises must consider a range of benefits and costs as they evaluate migrating their IT functions and data to cloud-based computing services, including the impact of the cloud services on the security and privacy of their data. In this regard, one of the principal privacy-based concerns raised in connection … Continue Reading
Yesterday, the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade held a hearing titled “Internet Privacy: The Impact and Burden of EU Regulation.” The European Union’s Data Privacy Directive found few unalloyed supporters at Thursday’s hearing, the second in a series of hearings on Internet privacy, but the subcommittee’s leaders reaffirmed their … Continue Reading
By Lindsey Tonsager This morning the FTC released its long anticipated proposed revisions to its rule implementing the Children’s Online Privacy Protection Act (“COPPA”). COPPA governs (1) operators of websites and online services that are directed to children under the age of 13 and (2) operators of general audience websites or online services that have … Continue Reading
Yesterday, the Missouri State Senate voted unanimously to repeal controversial portions of the state’s Amy Hestir Student Protection Act, which restricts how teachers can use the Internet. If passed by the state House and signed by the governor, the repeal bill would eliminate restrictions on teachers’ maintenance of non-public “work-related” websites and social networking contact … Continue Reading
Yesterday, a subcommittee of the House Financial Services Committee held a hearing to discuss cybersecurity and security threats to the financial sector. The panelists included officials from the Secret Service, Federal Bureau of Investigation, and Department of Homeland Security, as well as representatives from Verizon, Symantec, Bank of America, and public interest organizations. The panelists … Continue Reading
Last Friday, New Jersey federal District Judge Freda Wolfson dismissed a misappropriation suit against videogame maker Electronic Arts concerning the characteristics of virtual players in its college football series NCAA Football. Ryan Hart, former quarterback for Rutgers University, claimed that EA misappropriated his likeness by including a player bearing his characteristics in the game, but … Continue Reading
As The Hill and other news outlets are reporting, Sen. Richard Blumenthal (D-CT) — who previously was one of the most active state attorneys general on privacy and data security issues before joining the Senate in 2011 — has introduced data protection legislation. This will be the eighth breach notification bill introduced on Capitol Hill during the 113th … Continue Reading
Last week, the Federal Trade Commission (FTC) engaged in several efforts to build public awareness regarding the risks to children of identity theft. Schools and other institutions that handle data from children may consider reviewing the FTC’s outreach material, as it can offer helpful insight on FTC views. Additionally, the FTC’s suggestion that it has … Continue Reading
By Dan Cooper and Helena Marttila On 11th of July, 2011, Hungary adopted a new data privacy law (Act CXII of 2011 on Informational Self-Determination and Freedom of Information) (the “Act”), which will enter into force on 1 January 2012. The main changes brought about by the Act are briefly discussed below:… Continue Reading
By Dan Cooper and Helena Marttila On 26 August, 2011, the Article 29 Working Party, a group of European data protection authorities, published a letter to the Online Behavioural Advertising Industry regarding the proposed industry self-regulatory framework, known as the Best Practice Recommendation on Online Behavioural Advertising (the “Code”). The letter sets out the main … Continue Reading
Earlier this week, California Governor Jerry Brown signed into law an amendment to California’s breach notice law (S.B. No. 24). Former Governor Arnold Schwarzenegger vetoed similar legislation in 2008, 2009, and 2010. As Inside Privacy noted when the legislation first moved through the California Senate on April 14, the legislation will amend California’s existing security … Continue Reading
