Category Archives: Privacy and Information Security

Subscribe to Privacy and Information Security RSS Feed

Christine Wilson Sworn In as FTC Commissioner Following Maureen Ohlhausen’s Departure

By Katie Townley and Christie Grymes Thompson on Posted in Antitrust, Consumer Protection, Federal Trade Commission, Privacy and Information Security, Regulatory Developments
Yesterday, Christine Wilson was sworn in as FTC Commissioner. Commissioner Wilson – the fifth and final Trump appointee – joins the FTC from Delta Airlines and assumes former Commissioner Maureen Ohlhausen’s seat. Commissioner Ohlhausen announced her departure on Tuesday – the day her term ended, concluding over six years of service as Commissioner, including a … Continue Reading

California Amends California Consumer Privacy Act

By Alysa Zeltzer Hutnik and Lauren Myers on Posted in Consumer Protection, Privacy and Information Security
In June of this year, California passed the California Consumer Privacy Act (CCPA) giving California residents specific rights related to their online privacy, similar to those proscribed by GDPR. The law was passed hastily to avoid a stricter ballot measure on the subject, but Governor Brown recently signed a bill amending the law. Many of … Continue Reading

California Passes Bill Requiring Reasonable Security Features for Connected Devices

By Alysa Zeltzer Hutnik on Posted in Consumer Protection, Federal & State Regulatory, Privacy and Information Security, State Attorneys General
Yesterday, the California legislature passed SB-327, a bill intended to regulate the security of internet-connected devices.  Unlike the California Consumer Privacy Act (CCPA), SB-327 is significantly more narrow.  As enacted, the bill is a “lighter” version of what was first introduced and amended in 2017 (which, at that time, would have included certain disclosure and … Continue Reading

Big Government? FTC Advocates for More Authority in Congressional Hearing

By Dana B. Rosenfeld, Alysa Zeltzer Hutnik and Lauren Myers on Posted in Federal Trade Commission, GDPR, Privacy and Information Security
Last week, the House Committee on Energy and Commerce held a Committee Hearing on the Oversight of the Federal Trade Commission. All five Commissioners attended and their message was largely the same: the FTC needs additional rulemaking and civil penalty authority to better protect consumers, especially as it applies to privacy and data security enforcement. … Continue Reading

GDPR Sidebar: Comparing the California Consumer Privacy Act to the GDPR

By Alysa Zeltzer Hutnik, Dana B. Rosenfeld, Sharon Kim Schiavetti and Lauren Myers on Posted in GDPR, Privacy and Information Security
California recently passed the California Consumer Privacy Act (CCPA), providing new rights for California consumers (broadly defined as California residents) regarding their personal data. The CCPA is modeled after the EU’s General Data Protection Regulation (GDPR), which provides EU citizens with a number of rights related to data processing and imposes specific requirements on companies … Continue Reading

California Enacts Sweeping Privacy Law; Will Other States Follow?

By Dana B. Rosenfeld, Alysa Zeltzer Hutnik and Lauren Myers on Posted in GDPR, Privacy and Information Security
On June 28, 2018, Governor Brown signed into law the “California Consumer Privacy Act of 2018.” The legislation was a compromise to avoid a ballot initiative that was more closely modeled after the European Union’s General Data Protection Regulation (GDPR). This Act is scheduled to go into effect on January 1, 2020. The Act enumerates … Continue Reading

GDPR SIDEBAR: Best Practices for Complying with GDPR Consent Requirements

By Dana B. Rosenfeld, Sharon Kim Schiavetti and Lauren Myers on Posted in GDPR, Privacy and Information Security
Under the GDPR, processors must have a lawful basis for processing any data of an EU data subject. Consent is one of six lawful bases[1] under the GDPR, and in this installment of GDPR SIDEBAR, we’ll cover best practices that can help achieve an acceptable level of compliance with GDPR consent requirements. Valid consent under … Continue Reading

Colorado Reaches New High with Strict Data Breach Notification Law

By Dana B. Rosenfeld, Alysa Zeltzer Hutnik and Sharon Kim Schiavetti on Posted in Privacy and Information Security
On May 29, Colorado Governor John Hickenlooper signed into law HB18-1128 to strengthen data breach notification requirements for companies and government entities collecting and maintaining personal information from Colorado residents. Effective September 1, covered entities will be required to notify individuals within 30 days of discovery of a security breach, unless the entity is notified … Continue Reading

New Watchdog, New Tricks: European Data Protection Board Adopts GDPR Guidelines and Releases Statement on ePrivacy Regulation

By Dana B. Rosenfeld, Alysa Zeltzer Hutnik and Lauren Myers on Posted in GDPR, Privacy and Information Security
Less than one week after replacing the now defunct Article 29 Working Party (WP29), the European Data Protection Board (EDPB) has adopted new guidelines on the EU General Data Protection Regulation (GDPR) and issued a statement on the ePrivacy Regulation revision. What is the European Data Protection Board? How is It Different from the Article … Continue Reading

SADDLE UP AMERICA: California Aims to Pass its Own GDPR Law

By Dana B. Rosenfeld and Alysa Zeltzer Hutnik on Posted in Consumer Protection, Enforcement, European Union, GDPR, Legislative Developments, Privacy and Information Security, State Attorneys General
Just when you think you’ve tackled the Wild, Wild West of GDPR and privacy compliance, California decides to mix it all up again. This November 6th, California voters will decide on the California Consumer Privacy Act (“Act”), a statewide ballot proposition intended to give California consumers more “rights” with respect to personal information (“PII”) collected … Continue Reading

GDPR SIDEBAR: Should You Be Complying with the New Data Protection Law?

By Dana B. Rosenfeld, Alysa Zeltzer Hutnik, Sharon Kim Schiavetti, Katie Townley and Lauren Myers on Posted in GDPR, Privacy and Information Security
You’ve probably heard of the dreaded four-letter word – GDPR.  Companies around the globe had been preparing for the May 25th implementation date for quite some time.  But U.S.-based companies with no apparent EU presence may not have thought twice about whether the data protection law across the pond even applies to them.  Let’s face … Continue Reading

Why So BLU?: FTC Settles Privacy and Data Security Claims with Mobile Company; Fencing-In Relief Requires Consumer Opt-In to Data Sharing

By Alysa Zeltzer Hutnik, Dana B. Rosenfeld and Lauren Myers on Posted in Advertising, Advertising Litigation, Federal Trade Commission, Privacy and Information Security
Earlier this week, the FTC settled its case with BLU Products, Inc., a cell phone company the FTC claimed misled consumers about its privacy and data security practices. According to the agency, the company represented that it did not collect unnecessary personal information and that it imposed specific data security procedures to protect consumers’ personal … Continue Reading

New Article on Whether A Single FTC Commissioner Constitute A Quorum

By Kelley Drye on Posted in Consumer Protection, Federal & State Regulatory, Federal Trade Commission, Intellectual Property, Privacy and Information Security
FTC Commissioner Terrell McSweeny is scheduled to resign effective April 28 and may leave with acting Chairman Maureen Ohlhausen as the sole commissioner. Law360  published an article by partner John Villafranco and professor Stephen Calkins that discusses whether the FTC can take formal action by a 1-0 vote and when does a commission cease being a commission? To read … Continue Reading

Data Breach Notification Law Roundup

By Katie Townley, Dana B. Rosenfeld and Alysa Zeltzer Hutnik on Posted in Legislative Developments, Privacy and Information Security
Just when you think you have it all under control, the data breach notification law landscape changes – again. Over the past few weeks, several data breach notification statutes were updated, including an effective date for Canada’s mandatory breach notification obligations, as well as the adoption of legislation in the two holdout states (Alabama and … Continue Reading

Support for FTC Jurisdiction Over Broadband: Ninth Circuit En Banc Rules Common Carrier Exemption is “Activity,” and not “Status-based,” Reversing Earlier AT&T Victory

By Steve Augustino and John J. Heitmann on Posted in Federal & State Regulatory, Privacy and Information Security
The Republican-led FCC’s effort to get out of the business of regulating broadband providers’ consumer practices took a step forward on Monday.  In an appeal that has been proceeding in parallel with the FCC’s “Restoring Internet Freedom” reclassification proceeding, the U.S. Court of Appeals for the Ninth Circuit issued an opinion giving the Federal Trade … Continue Reading

Kelley Drye Hosts IAPP Sponsored Data Privacy Day Event

By Kelley Drye on Posted in Privacy and Information Security
This Thursday, January 25, 2018, Kelley Drye & Warren LLP will be hosting Privacy After Hours, an International Association of Privacy Professionals (IAPP) sponsored event celebrating Data Privacy Day here in Washington, D.C.  Celebrated in the United States since 2008, Data Privacy Day is an international effort to promote awareness about respecting privacy, safeguarding data … Continue Reading

FTC Announces Settlement Involving Connected Toys

By Dana B. Rosenfeld and Gonzalo E. Mon on Posted in Internet of Things, Privacy and Information Security
Earlier this week, the FTC announced its first settlement involving internet-connected toys. The FTC alleged that the Kid Connect app used with some of VTech’s toys collected personal information from hundreds of thousands of children, and that the company failed to provide direct notice of its privacy practices to parents, or to obtain verifiable consent … Continue Reading

2017 Recap

By Kelley Drye on Posted in ADA, Advertising, Advertising Litigation, Class Actions, Consumer Product Safety, Consumer Protection, Federal Trade Commission, Kelley Drye, NAD, Native Advertising, Privacy and Information Security, Promotions, Regulatory Developments, Social Media, State Attorneys General
Most Popular Ad Law Access Posts of 2017 As reported in our Ad Law News and Views newsletter, Kelley Drye’s Advertising Law practice posted 106 updates on consumer protection trends, issues, and developments to this blog in 2017. Here are some of the most popular: New Lawsuit Highlights Risks of Using User-Generated Content FTC Announces $1.3 … Continue Reading

Will Your TV Watch You? FCC Green Lights Targeted Advertising in Next Gen TV Broadcasting Standard

By Alysa Zeltzer Hutnik and John J. Heitmann on Posted in Advertising, Privacy and Information Security
Last week, the Federal Communications Commission (FCC), in a 3-2 vote, approved an order allowing “television broadcasters to use the ‘Next Generation’ broadcast television (Next Gen TV) transmission standard, also called ‘ATSC 3.0.’”  Described in the Order “as the world’s first Internet Protocol (IP)-based broadcast transmission platform,” the Next Gen TV standard is expected to … Continue Reading

House Antitrust Subcommittee Explores the Role of Antitrust Law in Net Neutrality

By John J. Heitmann and Dana B. Rosenfeld on Posted in Antitrust, Consumer Protection, Federal Trade Commission, Privacy and Information Security
On November 1, 2017 the House Antitrust Law Subcommittee held a hearing to discuss the role of federal agencies in preserving an open Internet. The core question discussed at the hearing was whether current antitrust law is sufficient to ensure net neutrality absent FCC rules. The panelists—including FTC Acting Chairman Maureen Ohlhausen and Commissioner Terrell … Continue Reading

Hilton Settles NY and VT State AG Investigation into 2015 Data Breach; Pays $700,000 Civil Penalty

By Alysa Zeltzer Hutnik on Posted in Privacy and Information Security, State Attorneys General
New York Attorney General Eric T. Schneiderman and Vermont Attorney General TJ Donovan (“Attorneys General”) announced a settlement with Hilton Domestic Operating Company, Inc. (“Hilton”) resolving allegations that the company did not have reasonable data security practices in place and failed to provide timely notice after two security breaches involving payment card information. The settlement … Continue Reading

Trump To Nominate Competition-Focused Simons for FTC Chair, CP-Focused Chopra for Commissioner; Reports of Phillips for Additional Seat

By William C. MacLeod, Dana B. Rosenfeld, John E. Villafranco, Christie Grymes Thompson, David H. Evans and Donnelly L. McDowell on Posted in Advertising, Antitrust, Consumer Financial Protection, Federal Trade Commission, Privacy and Information Security
After months of speculation among the consumer protection and antitrust bars, Trump announced today his intention to nominate former Director of the Bureau of Competition and current Paul Weiss partner Joseph Simons as Chairman of the Federal Trade Commission.  Trump also announced his plan to nominate Rohit Chopra, currently a senior fellow at the Consumer … Continue Reading

“OK, Google. Send a Letter to the CPSC.”: Privacy Groups Request Recall of Google Home Mini

By Katie Townley and Christie Grymes Thompson on Posted in Consumer Product Safety, Internet of Things, Privacy and Information Security
Last Friday, ten consumer and privacy advocacy groups, including the Electronic Privacy Information Center, Center for Digital Democracy, and Consumer Watchdog, sent a letter to Acting Chairman Ann Marie Buerkle, requesting that the CPSC recall the Google Home Mini smart speaker. The speaker was designed to respond to the voice commands, “OK, Google” and “Hey, … Continue Reading

Claiming Privacy Shield Participation on Your Website? Lessons from the FTC’s First Privacy Shield Enforcement Action

By Dana B. Rosenfeld on Posted in European Union, Privacy and Information Security
The Federal Trade Commission recently announced settlements with Decusoft, LLC, Tru Communication, Inc. (doing business as TCPrinting.net), and Md7, LLC, resolving allegations that the companies misrepresented their participation in the E.U.-US and Swiss-US Privacy Shield. The announcement comes just before the first Privacy Shield annual review (scheduled for September 2017) and marks the FTC’s first … Continue Reading
LexBlog