The Virginia Supreme Court held that license plate images taken by law enforcement agencies constitute “personal information,” reviving a challenge to the police storage of license plate data. Automatic license plate readers (“ALPRs”) are used by police departments across the country to take thousands of photos of license plates per hour. Officers check these numbers … Continue Reading
Last week, the U.S. Department of Justice (“DOJ”) released a voluntary framework for organizations to use in the development of a formal program to receive reports of network, software, and system vulnerabilities, and to disclose vulnerabilities identified in other organizations’ environments. This framework provides private entities a series of steps to establish a formal program … Continue Reading
As our readers know, New York’s Department of Financial Services (“NY DFS”) released a draft of its new Cybersecurity Regulations on September 13, 2016, and the final version of the regulations went into effect on March 1, 2017 (23 NYCRR 500). Among other things, the regulations require regulated entities to conduct cyber risk assessments and … Continue Reading
In an effort to improve international privacy rights, the United Nations Human Rights Council yesterday established a special rapporteur on the right to privacy. Special rapporteurs are expert individuals appointed with specific mandates to investigate, monitor, and report on particular human rights concerns that range from access to water to extrajudicial killings. Yesterday’s Resolution on … Continue Reading
On August 1, Representatives Lee Terry (R- Neb.) and Jan Schakowsky (D-Ill.) announced the creation of a bipartisan Privacy Working Group in the U.S. House of Representatives that will seek to “examine online privacy concerns and issues…with a balanced approach that recognizes the need to protect personal information online in a manner that preserves growth … Continue Reading
The U.S. Supreme Court unanimously ruled on Tuesday that plaintiffs bringing class actions cannot escape federal jurisdiction by stipulating to seek less than $5 million in damages. In a nine-page opinion, the Court held that plaintiff Greg Knowles had no power to speak for the proposed class when he stipulated in a lawsuit against Standard … Continue Reading
On Tuesday, the U.S. cybersecurity firm Mandiant released a 60-page report detailing the activities of a hacking collective it claims has direct ties to China’s military. The firm has linked the collective to cyberattacks on more than 140 organizations across 20 industries worldwide since 2006. Mandiant claims the activity—carried out by a group called the … Continue Reading
On Wednesday, a federal judge in the Central District of California dismissed Humana Pharmacy Inc.’s motion to dismiss a putative class action suit alleging the company illegally recorded telephone calls with customers, finding that the California Invasion of Privacy Act (“CIPA”) does not exempt quality assurance recordings. In its motion to dismiss, Humana argued that CIPA exempts … Continue Reading
The U.S. Supreme Court ruled on Tuesday that the federal government does not always lose its sovereign immunity to damages lawsuits claiming that an agency violated the Fair and Accurate Credit Transactions Act (“FACTA”) by printing the expiration date of a credit card on a receipt issued to a consumer. In a unanimous decision, authored … Continue Reading
By Kurt Wimmer and Josephine Liu The United Nations Office on Drugs and Crime has released a report warning that terrorists are increasingly using the Internet to spread propaganda, recruit and train supporters, finance their activities, and plan terrorist attacks. Besides providing an overview of the existing legal frameworks to address terrorists’ use of the … Continue Reading
According to TechWeek Europe, the United States Department of Commerce is working with the United States Chamber of Commerce to lobby European Union officials in an effort to change certain provisions of the EU’s proposed General Data Protection Regulation. If enacted, the Regulation, which was published in draft form in January 2012, would supersede the … Continue Reading
Last month, the Minnesota Attorney General filed a lawsuit in federal court against Accretive Health, Inc. alleging that the company violated various provisions of HIPAA as well as Minnesota consumer privacy and protection law. Although HIPAA-covered entities have been the subject of enforcement actions by state AGs and the Department of Health and Human Services, … Continue Reading
In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced by the FTC. Weitzner emphasized that … Continue Reading
Today, the Consumer Financial Protection Bureau (“CFPB”) assumed certain powers and authorities set forth in Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act. The CFPB is tasked with implementing and enforcing Federal consumer financial laws to ensure that consumers have access to markets for consumer financial products and services, and that … Continue Reading
Yesterday, the House Subcommittee on Commerce, Manufacturing and Trade held its second hearing on data security in the past month. The hearing featured the testimony of top executives from Sony and Epsilon, companies that recently have been the victims of large-scale cyber attacks. The hearing focused mainly on the specifics of the recent attacks, the … Continue Reading
The House Energy and Commerce Commerce has announced plans for a “comprehensive review” of privacy and data security regulation. The announcement explained that the “first phase” of the Committee’s review would be devoted to an assessment of the need for data security legislation. The committee will then consider what Chairman Fred Upton referred to as “the … Continue Reading
Just a week after the Obama Administration announced its support for comprehensive privacy legislation in testimony before the Senate Commerce Committee, Senator John Kerry (D-Mass.) has released a draft bill that attempts to respond to the Administration’s call for broad baseline privacy protections for consumers. Kerry’s bill, which is co-sponsored by Senator John McCain (R-Ariz.) is still … Continue Reading
Following up on Wednesday’s Senate Commerce Committee hearing, Rep. Mary Bono Mack (R-CA) indicated yesterday that the House Subcommittee on Commerce, Manufacturing and Trade will also hold hearings on online privacy matters later this spring. The Subcommittee, which she chairs, will look at the state of current privacy laws, transparency in privacy policies, and protections … Continue Reading
The deadline to submit comments in response to the Consumer Financial Protection Bureau (CFPB) Implementation Team’s notice to establish the “Consumer Inquiry and Complaint Database” is less than two weeks away. Title X of the Dodd-Frank Act establishes the CFPB to enforce federal consumer financial laws through rulemaking, supervision, and enforcement authority. Dodd-Frank grants the … Continue Reading
The key House committee with jurisdiction over privacy legislation is changing from top to bottom, undergoing as big a change as any committee in Congress, and is experiencing the largest turnover of Members and leadership in more than two decades. These changes will have a profound impact on not just who is driving the privacy … Continue Reading
On the eve of the reported settlement of the Flash cookie litigation by Quantcast and Clearspring, Covington alum Kashmir Hill reports at Forbes about an online practice that could be the next “Flash cookie” among privacy advocates: web history sniffing. According to the Complaint (PDF) filed last week in federal court in California, a Netherlands company called Midstream … Continue Reading
The FTC today released its long-anticipated privacy report, “Protecting Consumer Privacy in an Era of Rapid Change.” The report proposes a new privacy framework that would apply broadly to online and offline commercial entities that collect, maintain, share, or otherwise use consumer data that can be reasonably linked to a specific consumer, computer, or device. … Continue Reading