Katherine Gasztonyi

Subscribe to all posts by Katherine Gasztonyi

FTC and Wyndham Present Arguments on Whether FTC has Declared Unreasonable Cybersecurity Practices Unfair

On Friday, March 27, 2015, the Federal Trade Commission and Wyndham Worldwide Corp. filed supplemental briefing in the Third Circuit regarding whether the FTC had made an adjudicative decision that the FTC Act prohibits unreasonable cybersecurity practices and, if not, whether a federal court could hear a case charging a violation of the FTC Act … Continue Reading

Wyndham Oral Argument: Third Circuit Expresses Doubt About FTC’s Data Security Authority

Today, the U.S. Court of Appeals for the Third Circuit heard oral arguments in FTC v. Wyndham Worldwide Corp. The court focused on several themes: First, whether Congress has entrusted the FTC to define new unfair practices, whether the FTC has declared that unreasonable cybersecurity practices are unfair, and whether the FTC is asking the … Continue Reading

Wyndham: Third Circuit Requests Briefing on Whether FTC Declared Unreasonable Cybersecurity Practices Are ‘Unfair’

On February 20, the Third Circuit sent a letter to counsel in FTC v. Wyndham Worldwide Corp., identifying at least one topic that will be addressed in the upcoming oral argument regarding the parties’ dispute over whether the FTC has the authority to regulate companies’ data security practices: whether unreasonable cybersecurity practices are “unfair.” The letter … Continue Reading

New State Privacy Laws Go Into Effect on Jan. 1, 2015

State legislators have recently passed a number of bills that impose new data security and privacy requirements on companies nationwide. The laws include new data breach notification requirements, marketing restrictions, and data destruction rules. Below is an overview of the new laws and amendments that will go into effect on January 1, 2015.… Continue Reading

Financial Industry Regulators Increase Data Security Oversight

On Wednesday, December 10, 2014, financial industry regulatory and enforcement agencies issued statements that their organizations will increase scrutiny of financial industry cybersecurity practices going forward. In New York, the State’s Department of Financial Services Superintendent Benjamin Lawsky issued new guidelines to banks, detailing how their cybersecurity practices would be evaluated. The memorandum—sent to all … Continue Reading

Carnegie Mellon Grades Privacy of Android Apps

Researchers at Carnegie Mellon University have designed a website that doles out grades to Android apps based on their privacy practices. The website, privacygrade.org, assigns grades based on a model that measures the gap between people’s expectations of an app’s behavior and how the app actually behaves. The grades range from A+, representing no privacy … Continue Reading

Senators Request Hearing on Connected Devices

On October 20, 2014, a bipartisan group of senators sent a letter to U.S. Senate Committee on Commerce, Science, & Transportation Chairman John D. Rockefeller IV (D-W.Va.) and Ranking Member John Thune (R-S.D.), requesting that the Committee schedule a “general oversight and information-gathering hearing” on digitally connected technologies before the end of 2014. The letter, penned by … Continue Reading

Data Protection Officials Adopt Internet of Things Declaration and Big Data Resolution

At the International Conference of Data Protection and Privacy Commissioners in Mauritius this week, representatives of the private sector and academia joined together to discuss the positive changes and attendant risks that the internet of things and big data may bring to daily life. Attendees memorialized the observations and conclusions of their discussions in a … Continue Reading

California Amends Data Breach Legislation

Continuing our coverage of the flurry of bills signed into law by California Governor Jerry Brown last week, we turn now to AB 1710, an amendment to California’s data breach legislation. The data breach amendment makes three notable changes to existing laws regarding personal information privacy: 1.  Requires Companies that Maintain Personal Information to Implement … Continue Reading

Calif. Gov. Brown Signs 8 Bills to Strengthen Privacy Protections

On Tuesday, September 30th, California Governor Jerry Brown signed into law 8 bills his office says were designed to “strengthen privacy [ ] protections.” Among the bills is AB 2306, which prevents the attempt to capture an image or sound recording in an offensive manner through the use of any technological device. Among other things, … Continue Reading

Court Grants in Part and Denies in Part Yahoo’s Motion to Dismiss ECPA Claims

On Tuesday, August 12, 2014, the Northern District of California’s Judge Lucy Koh issued an order granting in part and denying in part Yahoo’s motion to dismiss claims that it violated federal and California anti-wiretapping laws. The putative class action, In re Yahoo Mail Litig., alleges that Yahoo’s practice of intercepting, scanning, analyzing, collecting, and … Continue Reading

Court Dismisses CFAA, ECPA, and Other Claims in Privacy Class Action Opperman v. Path

On May 14, a judge in the Northern District of California granted in part and dismissed in part four motions to dismiss filed by defendants in the consolidated class action, Opperman v. Path (No. 3:13-CV-00453-JST). The plaintiffs alleged that apps offered by a number of developers (“App Defendants”) accessed and uploaded information from plaintiffs’ mobile … Continue Reading

Ninth Circuit Holds Facebook IDs and URLS Not “Content” under ECPA

Last Thursday, the United States Court of Appeals for the Ninth Circuit affirmed dismissal of claims for violations of the Electronic Communications Privacy Act (“ECPA”), holding that the plaintiffs had failed to allege Facebook and Zynga disclosed the “contents” of a communication, a necessary element under the Act. The court’s ruling applies to the consolidated … Continue Reading

Snapchat Settles FTC Charges

On Thursday, mobile messaging application Snapchat agreed to settle Federal Trade Commission (“FTC”) charges that it made false or misleading representations about the ephemeral nature of its messages, the collection of user information, and the nature of its security practices. The FTC Complaint alleges six counts, many of which demonstrate the Commission’s aggressive enforcement of … Continue Reading

White House Announces Three Workshops to Explore “Big Data”

The White House’s Office of Science and Technology Policy (“OSTP”) is set to co-host a series of at least three public workshops to review “the implications of collecting, analyzing, and using” big data. The series continues the White House’s 2014 focus on privacy and big data, which began on January 17 with President Obama’s discussion … Continue Reading

Federal Court Dismisses Data Breach Suit Alleging Only Speculative Harms

On Monday, February 12, a Southern District of Ohio district court dismissed two proposed class actions relating to an October 2012 Nationwide Mutual Insurance Co. data breach. Galaria v. Nationwide Mutual Ins. Co., No. 2:13-cv-118 (S.D. Ohio Feb. 10, 2014); Hancox v. Nationwide Mutual Ins. Co., No. 2:13-cv-257 (S.D. Ohio Feb. 10, 2014). The court … Continue Reading

Retailers Testify on Data Security at Senate Judiciary Committee Hearing, Express Support for Chip-and-PIN Technology

Last Tuesday, February 4, the Senate Committee on the Judiciary held a hearing on “Privacy in the Digital Age.” Among the panelists were Executive Vice President and Chief Financial Officer of Target, John Mulligan, and Senior Vice President and Chief Information Officer of the Neiman Marcus Group, Michael Kingston. Federal Trade Commission (“FTC”) Chairwoman Edith … Continue Reading

FTC Announces $32.5M Settlement with Apple, Inc., May Be Seen as Expanding its “Unfairness” Authority

The Federal Trade Commission (“FTC”) recently announced a settlement with Apple, Inc. over allegations that the company billed parents and other account holders for children’s in-app activities without obtaining the account holders’ express and informed consent. The FTC’s complaint alleged that Apple’s failure to obtain express and informed consent prior to each in-app purchase constituted … Continue Reading

Congress to Hold Data Breach Hearings in Early February

On January 15, both the Senate Judiciary Committee and the House Commerce, Manufacturing, and Trade Subcommittee announced plans to hold data breach hearings in the first week of February. The Senate Judiciary Committee is set to hold its hearing on “privacy in the digital age” on February 4. The hearing will include topics such as … Continue Reading

Congress Shows Renewed Interest and Action on Data Privacy Legislation

Incited by the recent Target Corp data breach, Sen. Patrick Leahy (D-Vt.) reintroduced his data privacy protection bill to Congress on January 8. This marks the fifth time that Leahy has introduced The Personal Data Privacy and Security Act, which made its first appearance in Congress in 2005. Leahy’s bill would establish one national standard … Continue Reading

House Republicans Signal Push for Data Breach Legislation

In the wake of the recent Target Corp. credit card data breach, Congress is once again turning its attention to data breach legislation. In a memorandum to Republican lawmakers on January 2, House Majority Leader Eric Cantor (R-Va.) stated that he intends to schedule legislation on security and breach notification requirements for federally facilitated healthcare … Continue Reading

Senators Call for Hearing on Data Security in Wake of Target Data Breach

A number of investigations and inquiries, including a call for a hearing in Congress on December 30, 2013, have been sparked by the announcement by Target Corp. that a massive security breach of approximately 40 million of its customers’ credit and debit card accounts used at brick-and-mortar Target stores occurred between November 27 and extending through … Continue Reading
LexBlog