Steve Satterfield

Subscribe to all posts by Steve Satterfield

American Arbitration Rule Now in Effect

The American Arbitration Association (“AAA”) now will require businesses seeking to use AAA’s services for consumer arbitrations to submit their arbitration clauses for AAA’s review and approval.  Approved clauses will become part of the AAA’s “Consumer Clause Registry,” which “will contain a list of businesses that have submitted their consumer arbitration clauses [to] the AAA … Continue Reading

Florida Enacts Stringent Breach Notice Law

Last Friday, Florida’s governor signed into law the Florida Information Protection Act of 2014 (“FIPA”), a bill repealing Florida’s existing data security breach notice law and replacing it with what will be one of the nation’s most stringent breach notice laws.  This post summarizes the key aspects of the new law, which becomes effective July … Continue Reading

Breaking Down the Court’s Decision in FTC v. Wyndham Worldwide Corp.

Last week, a federal judge in the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss the FTC’s complaint alleging Wyndham violated the FTC Act by failing to provide reasonable security for its customers’ personal information.  This Covington E-Alert provides a detailed look at the parties’ arguments and the court’s holdings in … Continue Reading

Iowa Amends Breach Notice Law to Require Notice to State AG

Iowa’s governor recently signed into law S.F. 2259, which amends Iowa’s data breach notification law.  Under the amendment, entities that suffer breaches of personal information that are required to notify more than 500 state residents will also be required to notify the state’s attorney general.  The notice to the attorney general must be provided within … Continue Reading

Judge Denies Wyndham’s Motion to Dismiss, Allowing FTC’s Case to Proceed

Earlier today, in a long-awaited decision, Judge Salas of the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss a Federal Trade Commission (“FTC”) lawsuit alleging Wyndham violated Section 5 of the FTC Act by failing to provide “reasonable” security for the personal information of its customers.  The case has been closely watched … Continue Reading

FTC Announces Settlements with Two Mobile App Providers

Today, the Federal Trade Commission announced settlements with two mobile app makers that allegedly failed to provide reasonable security for the personal information collected in connection with their apps.  In complaints against Credit Karma, Inc. and Fandango LLC, the FTC alleged that both companies’ apps failed to validate SSL certificates, a security shortcoming that could … Continue Reading

Appeals Court Affirms Dismissal of “Shine the Light” Suits

Last week, the U.S. Court of Appeals for the Ninth Circuit affirmed lower-court dismissals of two lawsuits under California’s “Shine the Light” law.  Shine the Light (or “STL”) requires businesses that disclose customers’ personal information to third parties for those parties’ direct marketing purposes to respond to customer requests for information about such disclosures.  The … Continue Reading

Senate Bill Would Create ‘Stringent’ Penalties to Deter Data Breaches

By Meena Harris Data collection and security was a big topic on the Hill last week, where five congressional committees examined the issue over several days.  On the topic of data breaches specifically, the Senate Judiciary Committee held a hearing on “Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime” and the House … Continue Reading

California AG Sues Company for Slow Breach Response, “Public” Display of Social Security Numbers

California Attorney General Kamala Harris has sued the Kaiser Foundation Health Plan for failing to promptly notify employees about a 2011 data breach.  California’s breach notice law requires breaches of personal information to be disclosed “in the most expedient time possible and without unreasonable delay.” Harris alleges that Kaiser violated this requirement after taking too … Continue Reading

OBA Accountability Program: A Recap of What Happened in November

The Online Internet-Based Advertising Accountability Program issued five decisions in November enforcing the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising.  The Accountability Program’s first two decisions, issued November 18 against BMW of North America and Scottrade, addressed those companies’ failure to provide notice of third-party data collection on their websites.  On November 20, … Continue Reading

FTC Settles Charges Against Flashlight App Maker

Yesterday, the FTC announced a settlement with Goldenshores Technologies, a company that makes the most-downloaded flashlight app on the Android platform.  The FTC alleged that Goldenshores violated Section 5 of the FTC Act by failing to disclose to consumers that it shared location data it collected from users’ device with third parties.  Although a list … Continue Reading

NTIA to Convene Multistakeholder Meetings On Facial Recognition Technology

The National Telecommunications & Information Administration (“NTIA”) announced today that it will convene a series of meetings about the commercial uses of facial recognition technology.  The goal of the meetings will be to develop a voluntary, enforceable code of conduct specifying how the Obama Administration’s “Consumer Privacy Bill of Rights” applies to facial recognition.  The first … Continue Reading

The FTC’s “Internet of Things” Workshop in Perspective; 5 Key Takeaways for How it Could Affect Consumer Privacy Going Forward

By Katie Gasztonyi & Steve Satterfield Last month, the FTC held a public workshop on the “Internet of Things” (or “IoT”), during which it examined the privacy and security implications of everyday objects being connected to the Internet and to each other.  The workshop—which considered “things” ranging from connected cars to remote-controlled defibrillators—brought together academics, … Continue Reading

Roundup of Recently Enacted Privacy Legislation in California; Some Measures Will Become Effective on January 1, 2014

The California legislature has enacted a flurry of privacy-related laws over the past few months.   Still more bills are pending.  This post provides a brief overview of new privacy laws enacted in California in 2013, including measures that will become effective on January 1, 2014.  For a more detailed look at some of these key … Continue Reading

Google Settles Safari Tracking Charges Brought by State AGs for $17 Million

Google has entered into a $17 million settlement agreement with attorneys general from 37 states and the District of Columbia over allegations that the company engaged in unauthorized tracking of users of Apple’s Safari browser in 2011 and 2012.  The allegations stemmed from 2012 reports that Google had bypassed Safari’s default privacy settings and placed cookies … Continue Reading

DAA to Website Operators: Provide “Enhanced Notice” of OBA by January 1

Earlier this week, the organization that enforces the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising issued a “Compliance Warning” to website operators, advising them to provide “enhanced notice” on every web page where data is being collected or used for online behavioral advertising (“OBA”) by January 1, 2014.  The DAA defines OBA as … Continue Reading

Court Denies Google’s Motion to Dismiss Gmail Wiretap Claims

In a decision issued last week that is being described by some as a “landmark,” Judge Koh of the Northern District of California denied a motion to dismiss a complaint filed against Google alleging that its Gmail service unlawfully intercepts the contents of emails sent by and to Gmail users.  The case involves Google’s longstanding … Continue Reading

Action Against Magazine Publishers for Sale of Customer Lists Allowed to Proceed

The United States District Court for the Eastern District of Michigan has allowed a putative class action under Michigan law to proceed against several magazine publishers that allegedly sold lists of their customers’ names, addresses, and subscription choices to third parties.  Earlier this week, in a case styled Halaburda v. Bauer Publishing Co., Judge Steeh … Continue Reading

The DAA Principles Applied to Mobile: Key Takeaways

The Digital Advertising Alliance (“DAA”) recently released a guidance document titled Application of Self-Regulatory Principles to the Mobile Environment (“Mobile Guidance”).  The Mobile Guidance does not purport to establish new principles, but rather to explain how the DAA’s existing principles — the Self-Regulatory Principles for Online Behavioral Advertising and for Multi-Site Data — apply to the … Continue Reading

HTC America’s Settlement with FTC Becomes Final

Yesterday, the FTC announced that it had approved a final order settling charges that HTC America failed to take reasonable steps to secure the software it developed for mobile devices.  (We’ve previously blogged about the case here.)  The FTC alleged that this failure amounted to an “unfair” practice in violation of Section 5 of the … Continue Reading

Key Decision in Nike Song-Beverly Litigation

Businesses should take note of this week’s decision in Gormley v. Nike, Inc., a lawsuit under California’s Song-Beverly Credit Card Act, in which plaintiffs allege that Nike violated the Act by requesting ZIP codes from them during credit card transactions in Nike’s retail stores.  Judge Susan Illston of the Northern District of California denied Nike’s … Continue Reading

Mexico’s DPA Begins Enforcing Data Protection Law

BNA is reporting that Mexico’s data protection authority, the Federal Institute for Access to Information and Data Protection (IFAI), will issue a fine of $1 million against one of Mexico’s largest banks for violating the country’s Federal Law on the Protection of Personal Data in Possession of Private Parties.  The action against the bank — … Continue Reading

Massachusetts Supreme Judicial Court Issues Broad Ruling on Point-of-Sale Data Collection

In a recent decision, the Supreme Judicial Court of Massachusetts (“SJC”) broadly interpreted a statute that governs the personal information that may be collected by a merchant during a credit card transaction.  The decision, Tyler v. Michaels Stores, Inc., SJC-1145 (Mass. March 11, 2013), was issued in response to three questions that had been certified … Continue Reading
LexBlog