Yesterday, the FTC staff released its latest round of updated Frequently Asked Questions (“FAQs”) for its Rule implementing the Children’s Online Privacy Protection Act (“COPPA Rule”). These new FAQs address the circumstances in which third parties may obtain “actual knowledge” that they are collecting personal information from a child-directed site or service and whether parental … Continue Reading
In advanced of a July 25 Senate Commerce Committee hearing on “The Partnership Between NIST and the Private Sector: Improving Cybersecurity,” Chairman Jay Rockefeller (D-WV) and Ranking Member John Thune (R-SD) introduced the “Cybersecurity Act of 2013” (S. 1353). The bill avoids controversial topics such as information sharing and regulation of critical infrastructure cybersecurity and … Continue Reading
On July 11, the Department of Health and Human Services (HHS) announced that WellPoint, a managed care company, paid HHS $1.7 million to settle potential violations of the HIPAA Privacy and Security Rules. Like other recent enforcement actions, HHS initiated its investigation into WellPoint after the company provided notification of a breach of unsecured protected … Continue Reading
A group of senators announced on Wednesday that they would renew their push for federal legislation to limit the ability of federal authorities to compel journalists to reveal information about or obtained from confidential sources, after the U.S. Department of Justice announced it would tighten its own standards for when to seek such information. The … Continue Reading
Last week, the Government Accountability Office (GAO) agreed to review the Consumer Financial Protection Bureau’s (CFPB) collection and analysis of consumer credit records in response to a request from Senator Mike Crapo (R-ID). In a letter to the GAO Comptroller General, Sen. Crapo requested that the GAO investigate “CFPB’s data collection to determine its purpose, scope … Continue Reading
Earlier this month, the Consumer Financial Protection Bureau (CFPB) posted its semi-annual update of its rulemaking agenda for the coming 12-month regulatory cycle, including recently-completed rulemakings. The rulemaking agenda is part of a broader initiative led by the Office of Management and Budget (OMB) to publish a Unified Agenda of federal regulatory and deregulatory actions across … Continue Reading
On 10 June 2013, the UK Information Commissioner’s Office authorized GlaxoSmithKline’s ‘Binding Corporate Rules‘ (BCRs) – a set of internal policies and procedures used to protect personal data across GSK’s operations globally. Covington & Burling’s data privacy and security team, led by London partner Dan Cooper and senior associate Mark Young and including Brussels based … Continue Reading
Last week, Amadeus, which provides one of the three major global distribution systems to the travel industry, published a report on big data authored by Thomas Davenport (currently a visiting professor at the Harvard Business School). Davenport identifies data privacy issues as a major challenge to the use of big data and suggests that proceeding … Continue Reading
Yesterday, the FTC announced that it had approved a final order settling charges that HTC America failed to take reasonable steps to secure the software it developed for mobile devices. (We’ve previously blogged about the case here.) The FTC alleged that this failure amounted to an “unfair” practice in violation of Section 5 of the … Continue Reading
On Monday, California Attorney General Kamala Harris for the first time released a data breach report; the report details 131 data breaches reported to the CA AG’s office, which collectively exposed the personal information of 2.5 million Californians. 56% of the breaches involved Social Security numbers, a category of information disclosure which creates a heightened … Continue Reading
The Data Protection Commissioner Billy Hawkes has signed a memorandum of understanding (MOU) with the Chairwoman of the U.S. Federal Trade Commission (FTC), Edith Ramirez. The MOU is a statement of cooperation between the two agencies in their efforts to protect consumer privacy. It includes provisions calling for cooperation in relation to enforcement of relevant … Continue Reading
