February 2013

News outlets are reporting that the White House will appoint FTC Commissioner Edith Ramirez to lead the Commission.  She would replace current FTC Chairman Jon Leibowitz, who announced his resignation in January.  Ramirez’s appointment to chair the Commission would leave it evenly split between Democrats and Republicans, with one empty seat until another person is

The Court of Justice of the European Union (“CJEU”) in Luxembourg heard argument yesterday concerning the “right to be forgotten”—specifically, whether search engines such as Google must block search results when asked by European citizens to remove references to themselves. 

This particular case—which is representative of approximately 200 similar cases in Spain—came before the CJEU when Google declined to comply with an order from the Spanish Data Protection Authority.  A Spanish citizen, Costeja, wanted Google to de-list references to a publication in a Spanish newspaper in 1998, which discussed the auction of Costeja’s house in connection with his failure to pay social insurance contributions.

Google has taken the position that search engines should not be obligated to remove links to valid (i.e., non-incorrect, defamatory, or otherwise illegal) material that exists online.  Rather, only the original publisher can make the decision to remove such content, at which point it will disappear from the search engine index once removed from source webpages. Continue Reading Must Google Forget You?

Yesterday the FTC released its annual report of consumer complaints, highlighting identity theft as the leading category of complaints, with 18% of the total.  The 2012 report analyzes complaints received by the FTC, certain other federal agencies, state law enforcement agencies, and non-governmental organizations such as the Better Business Bureau.  After identity theft, consumers filed the

By Fredericka Argent 

On 21 February 2013, the ICO launched a consultation on its proposal for a new code of practice regulating the press in the UK.  The consultation is in response to the publication of the Leveson Report in November 2012, which recommended significant and wide-ranging changes to the structure and regulation of news reporting in the UK.  As we blogged here, the ICO responded to the Leveson Report with comments on the role of the Data Protection Act 1998 (the “DPA”) in regulating the press and promises to issue new press guidance.

The ICO has made clear that the code of practice is not intended to create any new legally binding obligations. Rather, the proposed code will lay down guidance on the application of section 32 of the DPA, which provides an exemption from compliance with certain data protection principles where personal data is processed, among other things, with a view to the publication of journalistic material in the public interest (the so-called “special purposes” exemption).  Although the precise content of the code of practice is a work-in-progress, the ICO has proposed to cover at least the following topics:Continue Reading UK’s Information Commissioner’s Office Issues Consultation on Data Protection and the Press

Mobile device manufacturer HTC America has settled Federal Trade Commission (“FTC”) charges that the company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.  The settlement requires HTC America to develop and release software

On Tuesday, the U.S. cybersecurity firm Mandiant released a 60-page report detailing the activities of a hacking collective it claims has direct ties to China’s military. The firm has linked the collective to cyberattacks on more than 140 organizations across 20 industries worldwide since 2006.

Mandiant claims the activity—carried out by a group called the

This week, the Federal Trade Commission released a study of the U.S. credit reporting industry and credit report accuracy.  The study found that five percent of consumers had errors on one of their three nationwide credit reports that could lead them to pay more for financial products.  The study is required under section 319 of

In his State of the Union message on Tuesday, President Obama announced that he had signed an Executive Order addressing the cybersecurity of  critical infrastructure.  President Obama emphasized that in the face of threats to corporate secrets, the power grid, and financial institutions, among others, “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

The Executive Order follows legislative efforts in the last Congress to pass comprehensive cybersecurity bills.  After the Cybersecurity Act of 2012 (S. 3414) failed to pass in August 2012, Deputy National Security Adviser John Brennan mentioned in an appearance at the Council on Foreign Relations that the President was considering issuing an Executive Order to implement portions of the cybersecurity legislation.  In the subsequent months, the White House sought industry input on the Order.

The Order has two main components: increasing information sharing from the government to the private sector and establishing a Cybersecurity Framework to buttress the security of critical infrastructure. Continue Reading President Obama Issues Cybersecurity Executive Order

On February 7, 2013, the Payment Card Industry (PCI) council released a supplement to the payment card industry data security standards (PCI-DSS) on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments.  The supplement is intended for merchants, service providers, assessors, and other entities in evaluating the use of