This week the U.S. Supreme Court held in Federal Aviation Administration v. Cooper that an individual harmed by a federal agency’s violation of the Privacy Act cannot recover damages unless he or she is able to prove an economic loss. Under the Privacy Act, federal agencies are prohibited from disclosing “any record which is contained … Continue Reading
The Article 29 Working Party (WP29) yesterday published an opinion on facial recognition in online and mobile services. The WP29 states this technology requires “specific attention” as it presents “a range of data protection concerns”. The opinion focuses on facial technology being used in three main contexts: identifying people in social networks; authenticating and verifying … Continue Reading
Recently, the Federal Trade Commission announced that it has settled charges against RockYou, a game and entertainment website. The FTC alleged that RockYou knowingly collected email addresses and passwords and other information from 179,000 children without their parents’ consent. It also alleged that RockYou failed to employ adequate security features to protect the information of … Continue Reading
Following more than a year of deliberation, the Federal Trade Commission today released its seminal report on consumer privacy, entitled Protecting Consumer Privacy in an Era of Rapid Change. The report contains “best practices” for businesses as well as recommendations to Congress for legislation. The final report issued today builds upon and revises a preliminary … Continue Reading
On March 20, 2012, the Philippines Senate unanimously passed the Data Privacy Act of 2011 (“the Act”) on its third and final reading. According to one of its sponsors, Senator Edgardo Angara, the Act is heavily based on the current EU Data Protection Directive (Directive 95/46/EC) and meets the standards of the Asia Pacific Economic … Continue Reading
Lawmakers in Maryland and Illinois have introduced bills that would prohibit employers from requiring job applicants or employees to grant access to their social networking accounts. The bills arose from reports that employers have impliedly or explicitly required access to social networking accounts as a condition of hiring or employment. A few bills have been … Continue Reading
On March 15, 2012, new provisions governing the online collection, use, and storage of personal information went into effect in China. Promulgated by China’s Ministry of Industry and Information Technology (“MIIT”), the Several Provisions on Regulating the Market Order of Internet Information Services (“Provisions”) govern the competition-related activities of Internet Information Services Providers (“IISP”) in … Continue Reading
Companies often view privacy and data security as legal or compliance issues, but a number of recent surveys show that there is also a business case for building privacy and data security into products and services. For example: According to TRUSTe, 88% of U.S. adults report that they avoid doing business with companies that do … Continue Reading
Over the last few weeks, a number of cosponsors have been added to the Do Not Track Kids Act of 2011 (H.R. 1895), bringing the total number of cosponsors to 29. The bill was introduced by Rep. Markey and Rep. Barton on May 13, 2011. Earlier this month, the two members also hosted a Congressional briefing to discuss how … Continue Reading
As a reminder, unless it is repealed or delayed in the next six months, a far-reaching amendment to the Texas data security breach notice statute, Tex. Bus. & Comm. Code § 521.001 et seq., is scheduled to take effect on September 1, 2012. The amendment would substantially impact the national legal landscape for security breach … Continue Reading
The Seventh Circuit held yesterday, in a decision written by Judge Posner, that damages are not available under the Video Privacy Protection Act (“VPPA”) for violations of the statute’s data deletion requirement, only for unlawful disclosures of video-viewing information. Subsection (b) of the VPPA prohibits knowing disclosure of personally identifiable information that identifies a person … Continue Reading
The Department of Health and Human Services (HHS) recently published an interim final rule with comment period entitled “Administrative Simplification: Adoption of Standards for Health Care Electronic Funds Transfers (EFTs) and Remittance Advice.” The rule establishes streamlined standards for the format and content of transmissions that health plans send to financial institutions when making electronic funds … Continue Reading
The Department of Commerce’s National Telecommunications and Information Administration (NTIA) sought public comment Wednesday on how to begin the process of developing voluntary codes of conduct governing consumer privacy, as called for in the privacy framework released by the White House last month. That report argues that companies should follow seven basic principles — a … Continue Reading
Yesterday Senator John McCain (R-AZ) introduced the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012 (SECURE IT Act). The bill's cosponsors include Senators Kay Bailey Hutchison (R-TX), Chuck Grassley (R-IA), Saxby Chambliss (R-GA), Lisa Murkowski (R-AK), Dan Coats (R-IN), Ron Johnson (R-WI), and Richard Burr (R-NC).… Continue Reading
This week, the U.K.-based GSM Association unveiled voluntary app privacy guidelines, which are being implemented by several major European mobile telephone service operators for their own branded applications. According to the GSM Association, the companies adopting these guidelines includes Deutsche Telekom, France Telecom – Orange, Telecom Italia, Telefónica, and Vodafone. This development follows last week’s announcement of an agreement by Amazon, Apple, Google, Hewlett-Packard, Microsoft, … Continue Reading
