Tag Archives: United States

Department of Justice Releases Guidance for Vulnerability Disclosure Programs

Last week, the U.S. Department of Justice (“DOJ”) released a voluntary framework for organizations to use in the development of a formal program to receive reports of network, software, and system vulnerabilities, and to disclose vulnerabilities identified in other organizations’ environments.  This framework provides private entities a series of steps to establish a formal program … Continue Reading

New York DFS Publishes FAQs on New Cybersecurity Regulations

As our readers know, New York’s Department of Financial Services (“NY DFS”) released a draft of its new Cybersecurity Regulations on September 13, 2016, and the final version of the regulations went into effect on March 1, 2017 (23 NYCRR 500).  Among other things, the regulations require regulated entities to conduct cyber risk assessments and … Continue Reading

U.N. Appoints Special Expert to Monitor Privacy Issues

In an effort to improve international privacy rights, the United Nations Human Rights Council yesterday established a special rapporteur on the right to privacy.  Special rapporteurs are expert individuals appointed with specific mandates to investigate, monitor, and report on particular human rights concerns that range from access to water to extrajudicial killings.  Yesterday’s Resolution on … Continue Reading

Privacy Working Group Created in U.S. House of Representatives

On August 1, Representatives Lee Terry (R- Neb.) and Jan Schakowsky (D-Ill.) announced the creation of a bipartisan Privacy Working Group in the U.S. House of Representatives that will seek to “examine online privacy concerns and issues…with a balanced approach that recognizes the need to protect personal information online in a manner that preserves growth … Continue Reading

Supreme Court Rejects Plaintiffs’ Efforts to Stipulate Out of Federal Court

The U.S. Supreme Court unanimously ruled on Tuesday that plaintiffs bringing class actions cannot escape federal jurisdiction by stipulating to seek less than $5 million in damages.  In a nine-page opinion, the Court held that plaintiff Greg Knowles had no power to speak for the proposed class when he stipulated in a lawsuit against Standard … Continue Reading

Report Links Cyberattacks on U.S. Companies to Chinese Military

On Tuesday, the U.S. cybersecurity firm Mandiant released a 60-page report detailing the activities of a hacking collective it claims has direct ties to China’s military. The firm has linked the collective to cyberattacks on more than 140 organizations across 20 industries worldwide since 2006. Mandiant claims the activity—carried out by a group called the … Continue Reading

Humana’s Quality Assurance Calls Not Exempted From CIPA

On Wednesday, a federal judge in the Central District of California dismissed Humana Pharmacy Inc.’s motion to dismiss a putative class action suit alleging the company illegally recorded telephone calls with customers, finding that the California Invasion of Privacy Act (“CIPA”) does not exempt quality assurance recordings. In its motion to dismiss, Humana argued that CIPA exempts … Continue Reading

Fourth Circuit Limits Marital Communications Privilege for Email

The Fourth Circuit recently ruled that the marital communications privilege does not always apply to email that is sent from a work account. A federal jury convicted former Virginia state legislator Phillip A. Hamilton of federal program bribery and extortion under color of right.  During trial, the court admitted email messages that Hamilton sent to … Continue Reading

Government May be Immune to Suits Alleging Violations of FACTA

The U.S. Supreme Court ruled on Tuesday that the federal government does not always lose its sovereign immunity to damages lawsuits claiming that an agency violated the Fair and Accurate Credit Transactions Act (“FACTA”) by printing the expiration date of a credit card on a receipt issued to a consumer. In a unanimous decision, authored … Continue Reading

UN Report Calls for Mandatory Data Retention

By Kurt Wimmer and Josephine Liu The United Nations Office on Drugs and Crime has released a report warning that terrorists are increasingly using the Internet to spread propaganda, recruit and train supporters, finance their activities, and plan terrorist attacks.  Besides providing an overview of the existing legal frameworks to address terrorists’ use of the … Continue Reading

Web Marketing Company Settles FTC Charges Over Information Gathering

A Web analytics company recently settled FTC charges that it deceptively collected consumers’ personal information. According to the FTC, Compete, Inc. provided a free toolbar that consumers installed on their web browsers.  Compete informed consumers that “the web pages you visit will be anonymously pooled with the Compete community to provide site trust rankings and … Continue Reading

TechWeek Europe: US Department of Commerce Involved in Lobbying to Change EU Data Protection Regulation

According to TechWeek Europe, the United States Department of Commerce is working with the United States Chamber of Commerce to lobby European Union officials in an effort to change certain provisions of the EU’s proposed General Data Protection Regulation.  If enacted, the Regulation, which was published in draft form in January 2012, would supersede the … Continue Reading

Minnesota AG Files First HIPAA Enforcement Action Against Business Associate

Last month, the Minnesota Attorney General filed a lawsuit in federal court against Accretive Health, Inc. alleging that the company violated various provisions of HIPAA as well as Minnesota consumer privacy and protection law.  Although HIPAA-covered entities have been the subject of enforcement actions by state AGs and the Department of Health and Human Services, … Continue Reading

White House To Roll Out “Privacy Bill of Rights”

In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced by the FTC.  Weitzner emphasized that … Continue Reading

CFPB Opens for Business

Today, the Consumer Financial Protection Bureau (“CFPB”) assumed certain powers and authorities set forth in Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act.  The CFPB is tasked with implementing and enforcing Federal consumer financial laws to ensure that consumers have access to markets for consumer financial products and services, and that … Continue Reading

House Subcommittee Holds Data Security Hearing

Yesterday, the House Subcommittee on Commerce, Manufacturing and Trade held its second hearing on data security in the past month.  The hearing featured the testimony of top executives from Sony and Epsilon, companies that recently have been the victims of large-scale cyber attacks.  The hearing focused mainly on the specifics of the recent attacks, the … Continue Reading

House Energy & Commerce Committee Outlines Privacy Agenda

The House Energy and Commerce Commerce has announced plans for a “comprehensive review” of privacy and data security regulation.  The announcement explained that the “first phase” of the Committee’s review would be devoted to an assessment of the need for data security legislation.  The committee will then consider what Chairman Fred Upton referred to as “the … Continue Reading

Kerry, McCain Circulate “Commercial Privacy Bill of Rights”

Just a week after the Obama Administration announced its support for comprehensive privacy legislation in testimony before the Senate Commerce Committee, Senator John Kerry (D-Mass.) has released a draft bill that attempts to respond to the Administration’s call for broad baseline privacy protections for consumers.   Kerry’s bill, which is co-sponsored by Senator John McCain (R-Ariz.) is still … Continue Reading

Congressional Scrutiny of Privacy Issues Likely to Continue

Following up on Wednesday’s Senate Commerce Committee hearing, Rep. Mary Bono Mack (R-CA) indicated yesterday that the House Subcommittee on Commerce, Manufacturing and Trade will also hold hearings on online privacy matters later this spring.  The Subcommittee, which she chairs, will look at the state of current privacy laws, transparency in privacy policies, and protections … Continue Reading

Consumer Financial Protection Bureau Publishes Notice of “Consumer Inquiry and Complaint Database”

The deadline to submit comments in response to the Consumer Financial Protection Bureau (CFPB) Implementation Team’s notice to establish the “Consumer Inquiry and Complaint Database” is less than two weeks away.  Title X of the Dodd-Frank Act establishes the CFPB to enforce federal consumer financial laws through rulemaking, supervision, and enforcement authority.  Dodd-Frank grants the … Continue Reading

The New Flash Cookie: History Sniffing

On the eve of the reported settlement of the Flash cookie litigation by Quantcast and Clearspring, Covington alum Kashmir Hill reports at Forbes about an online practice that could be the next “Flash cookie” among privacy advocates:  web history sniffing. According to the Complaint (PDF) filed last week in federal court in California, a Netherlands company called Midstream … Continue Reading

FTC Announces Proposed Framework for Regulating Consumer Privacy

The FTC today released its long-anticipated privacy report, “Protecting Consumer Privacy in an Era of Rapid Change.”  The report proposes a new privacy framework that would apply broadly to online and offline commercial entities that collect, maintain, share, or otherwise use consumer data that can be reasonably linked to a specific consumer, computer, or device. … Continue Reading
LexBlog