Category Archives: Privacy and Information Security

Subscribe to Privacy and Information Security RSS Feed

Data Breach Notification Law Roundup

By Katie Townley, Dana B. Rosenfeld and Alysa Zeltzer Hutnik on April 6, 2018 Posted in Legislative Developments, Privacy and Information Security

Just when you think you have it all under control, the data breach notification law landscape changes – again. Over the past few weeks, several data breach notification statutes were updated, including an effective date for Canada’s mandatory breach notification obligations, as well as the adoption of legislation in the two holdout states (Alabama and … Continue Reading

Support for FTC Jurisdiction Over Broadband: Ninth Circuit En Banc Rules Common Carrier Exemption is “Activity,” and not “Status-based,” Reversing Earlier AT&T Victory

By Steve Augustino, John J. Heitmann and Jameson Dempsey on February 28, 2018 Posted in Federal & State Regulatory, Privacy and Information Security

The Republican-led FCC’s effort to get out of the business of regulating broadband providers’ consumer practices took a step forward on Monday. In an appeal that has been proceeding in parallel with the FCC’s “Restoring Internet Freedom” reclassification proceeding, the U.S. Court of Appeals for the Ninth Circuit issued an opinion giving the Federal Trade … Continue Reading

Kelley Drye Hosts IAPP Sponsored Data Privacy Day Event

By Ilunga Kalala on January 23, 2018 Posted in Privacy and Information Security

This Thursday, January 25, 2018, Kelley Drye & Warren LLP will be hosting Privacy After Hours, an International Association of Privacy Professionals (IAPP) sponsored event celebrating Data Privacy Day here in Washington, D.C. Celebrated in the United States since 2008, Data Privacy Day is an international effort to promote awareness about respecting privacy, safeguarding data … Continue Reading

FTC Announces Settlement Involving Connected Toys

By Dana B. Rosenfeld and Gonzalo E. Mon on January 11, 2018 Posted in Internet of Things, Privacy and Information Security

Earlier this week, the FTC announced its first settlement involving internet-connected toys. The FTC alleged that the Kid Connect app used with some of VTech’s toys collected personal information from hundreds of thousands of children, and that the company failed to provide direct notice of its privacy practices to parents, or to obtain verifiable consent … Continue Reading

2017 Recap

By Kelley Drye on January 5, 2018 Posted in ADA, Advertising, Advertising Litigation, Class Actions, Consumer Product Safety, Consumer Protection, Federal Trade Commission, Kelley Drye, NAD, Native Advertising, Privacy and Information Security, Promotions, Regulatory Developments, Social Media, State Attorneys General

Most Popular Ad Law Access Posts of 2017 As reported in our Ad Law News and Views newsletter, Kelley Drye’s Advertising Law practice posted 106 updates on consumer protection trends, issues, and developments to this blog in 2017. Here are some of the most popular: New Lawsuit Highlights Risks of Using User-Generated Content FTC Announces $1.3 … Continue Reading

Will Your TV Watch You? FCC Green Lights Targeted Advertising in Next Gen TV Broadcasting Standard

By Alysa Zeltzer Hutnik and John J. Heitmann on November 27, 2017 Posted in Advertising, Privacy and Information Security

Last week, the Federal Communications Commission (FCC), in a 3-2 vote, approved an order allowing “television broadcasters to use the ‘Next Generation’ broadcast television (Next Gen TV) transmission standard, also called ‘ATSC 3.0.’” Described in the Order “as the world’s first Internet Protocol (IP)-based broadcast transmission platform,” the Next Gen TV standard is expected to … Continue Reading

House Antitrust Subcommittee Explores the Role of Antitrust Law in Net Neutrality

By John J. Heitmann and Dana B. Rosenfeld on November 6, 2017 Posted in Antitrust, Consumer Protection, Federal Trade Commission, Privacy and Information Security

On November 1, 2017 the House Antitrust Law Subcommittee held a hearing to discuss the role of federal agencies in preserving an open Internet. The core question discussed at the hearing was whether current antitrust law is sufficient to ensure net neutrality absent FCC rules. The panelists—including FTC Acting Chairman Maureen Ohlhausen and Commissioner Terrell … Continue Reading

Hilton Settles NY and VT State AG Investigation into 2015 Data Breach; Pays $700,000 Civil Penalty

By Ilunga Kalala and Alysa Zeltzer Hutnik on November 2, 2017 Posted in Privacy and Information Security, State Attorneys General

New York Attorney General Eric T. Schneiderman and Vermont Attorney General TJ Donovan (“Attorneys General”) announced a settlement with Hilton Domestic Operating Company, Inc. (“Hilton”) resolving allegations that the company did not have reasonable data security practices in place and failed to provide timely notice after two security breaches involving payment card information. The settlement … Continue Reading

Trump To Nominate Competition-Focused Simons for FTC Chair, CP-Focused Chopra for Commissioner; Reports of Phillips for Additional Seat

By William C. MacLeod, Dana B. Rosenfeld, John E. Villafranco, Christie Grymes Thompson, David H. Evans and Donnelly L. McDowell on October 19, 2017 Posted in Advertising, Antitrust, Consumer Financial Protection, Federal Trade Commission, Privacy and Information Security

After months of speculation among the consumer protection and antitrust bars, Trump announced today his intention to nominate former Director of the Bureau of Competition and current Paul Weiss partner Joseph Simons as Chairman of the Federal Trade Commission. Trump also announced his plan to nominate Rohit Chopra, currently a senior fellow at the Consumer … Continue Reading

“OK, Google. Send a Letter to the CPSC.”: Privacy Groups Request Recall of Google Home Mini

By Katie Townley and Christie Grymes Thompson on October 17, 2017 Posted in Consumer Product Safety, Internet of Things, Privacy and Information Security

Last Friday, ten consumer and privacy advocacy groups, including the Electronic Privacy Information Center, Center for Digital Democracy, and Consumer Watchdog, sent a letter to Acting Chairman Ann Marie Buerkle, requesting that the CPSC recall the Google Home Mini smart speaker. The speaker was designed to respond to the voice commands, “OK, Google” and “Hey, … Continue Reading

Claiming Privacy Shield Participation on Your Website? Lessons from the FTC’s First Privacy Shield Enforcement Action

By Ilunga Kalala and Dana B. Rosenfeld on September 14, 2017 Posted in European Union, Privacy and Information Security

The Federal Trade Commission recently announced settlements with Decusoft, LLC, Tru Communication, Inc. (doing business as TCPrinting.net), and Md7, LLC, resolving allegations that the companies misrepresented their participation in the E.U.-US and Swiss-US Privacy Shield. The announcement comes just before the first Privacy Shield annual review (scheduled for September 2017) and marks the FTC’s first … Continue Reading

Read This Before Scanning A Driver’s License In New Jersey

By Jeffrey S. Jacobson and Alysa Zeltzer Hutnik on July 26, 2017 Posted in Consumer Protection, Legislative Developments, Privacy and Information Security

On October 1, 2017, a new law will take effect in New Jersey, the Personal Information and Privacy Protection Act (“PIPPA”), which will severely restrict retailers’ ability to “scan” any customer’s “identification card”–a term defined to mean “a driver’s license,” “probationary license,” “non-driver photo identification card,” or any similar card “issued…for purposes of identification.” Merely … Continue Reading

Summer Road Trippin’: The FTC and NHTSA Workshop on Connected Cars

By Kristi Wolff on July 5, 2017 Posted in Federal Trade Commission, Internet of Things, National Highway Traffic Safety Administration, Privacy and Information Security

On June 28, the FTC and National Highway Traffic Safety Administration (NHTSA) brought together a variety of stakeholders including regulators, automakers, software companies, and consumer groups to discuss connected cars, including current innovations and challenges in the field of data privacy. Acting FTC Chairwoman Maureen Ohlhausen opened the day by asserting that regulators will need … Continue Reading

FTC Submits Comments on IoT Device Security to NTIA Working Group

By Katie Townley and Alysa Zeltzer Hutnik on June 19, 2017 Posted in Federal Trade Commission, Internet of Things, Privacy and Information Security, Regulatory Developments

On Monday, the FTC submitted comments to the draft National Telecommunications and Information Administration (NTIA) guidance intended to improve Internet of Things (IoT) device security and increase consumer transparency. While recognizing the benefits (and proliferation) of IoT devices, the Commission’s comments caution that such benefits can only be realized when device manufacturers both incorporate – … Continue Reading

Fallout from Target’s 2013 Data Breach includes an $18 Million Multistate AG Settlement

By Ilunga Kalala and Alysa Zeltzer Hutnik on May 25, 2017 Posted in Privacy and Information Security

Target Corporation agreed to an $18.5 million settlement with 46 State Attorneys General and the Attorney General of the District of Columbia this week, resolving allegations that the company failed to provide reasonable data security to its customers, as demonstrated by the Target’s 2013 holiday data breach that affected more than 60 million customers. Background. … Continue Reading

“Geofencing” and Health-Related Targeted Advertising: Massachusetts AG Has Something to Say

By Ilunga Kalala and Alysa Zeltzer Hutnik on April 20, 2017 Posted in Advertising, Privacy and Information Security, State Attorneys General

Earlier this month, the Massachusetts Attorney General announced that her office had reached a settlement with a digital advertising company, Copley Advertising, Inc. (Copley), prohibiting the company from using mobile geofencing technology to target women at or near Massachusetts healthcare facilities to infer the health status, medical condition, or medical treatment of an individual. Geofencing … Continue Reading

Privacy Certification Program Settles COPPA Violations with NYAG

By Kelley Drye on April 13, 2017 Posted in Privacy and Information Security

Last week, True Ultimate Standards Everywhere, Inc. (“TRUSTe”) agreed to pay the New York Attorney General (“NYAG”) a $100,000 penalty, and beef up privacy measures, to settle alleged violations of the Children’s Online Privacy Protection Act of 1998, 15 U.S.C. §§ 6501-6506 (“COPPA”). The Federal Trade Commission (“FTC”) is authorized to issue rules under COPPA, § 6502(b), … Continue Reading

NY AG Enters Mobile Health App Enforcement Arena with Settlements Targeting Health Claims and Privacy Practices

By Ilunga Kalala, Kristi Wolff and Alysa Zeltzer Hutnik on April 11, 2017 Posted in Advertising, Food and Drug, Privacy and Information Security, State Attorneys General

New York Attorney General Eric Schneiderman recently announced settlements with three mobile health app developers resolving allegations that they made deceptive advertisements and had irresponsible privacy practices. The Attorney General alleged that the developers sold and advertised mobile apps that purported to measure vital signs or other indicators of health using just a smartphone. The … Continue Reading

FTC Highlights Deep-Sixing of FCC Privacy Rules in Bid for 9th Circuit Rehearing

By Alysa Zeltzer Hutnik and Spencer Elg on April 6, 2017 Posted in Federal Trade Commission, Privacy and Information Security

In support of its request for an en banc rehearing of a Ninth Circuit Court of Appeals panel decision in FTC v. AT&T over the jurisdictional boundaries between the Federal Trade Commission’s (FTC) and Federal Communications Commission’s (FCC) authority over phone companies, broadband providers, and other common carriers, the FTC sent a letter to the Court … Continue Reading

Congress Repeals FCC 2016 Privacy Order via Congressional Review Act

By John J. Heitmann, Steve Augustino, Alysa Zeltzer Hutnik, Jameson Dempsey and Ross Slutsky on April 4, 2017 Posted in Privacy and Information Security

On April 3, 2017, President Trump signed into law a Congressional joint resolution eliminating new broadband and voice privacy rules set forth in a November 2016 order (the 2016 Privacy Order) by the Federal Communications Commission (FCC) (the Joint Resolution). Members of Congress largely voted along partisan lines. The House approved the Joint Resolution by … Continue Reading

New Mexico Set to Become 48th State To Enact Data Breach and Safeguards Law

By Ilunga Kalala and Alysa Zeltzer Hutnik on March 22, 2017 Posted in Privacy and Information Security

Last week, the New Mexico Legislature passed The Data Breach Notification Act (“Act”). Once the Act is signed by Governor Susana Martinez, New Mexico will join 47 other U.S. states (along with D.C., Guam, Puerto Rico, and the Virgin Islands) who have enacted a data breach notification law, leaving South Dakota and Alabama as the … Continue Reading

Ad Law News and Views Newsletter

By Kelley Drye on February 17, 2017 Posted in Advertising, Antitrust, Class Actions, Consumer Protection, Dietary Supplements, Enforcement, Fashion and Retail, Federal Communications Commission, Federal Trade Commission, Food and Drug, Kelley Drye, Legislative Developments, NAD, Privacy and Information Security, Regulatory Developments, Social Media, State Attorneys General

Did you know Kelley Drye’s Advertising Law practice produces a newsletter, Ad Law News and Views, every two weeks to help you stay current on ad law and privacy matters? Click here to access our Publication Sign Up and select Advertising and Marketing to subscribe. Find contents from the latest issue below: Click here to view with … Continue Reading

Smart TV Manufacturer “Smarting” after $2.2 Million Privacy Enforcement

By Dana B. Rosenfeld and Alysa Zeltzer Hutnik on February 9, 2017 Posted in Consumer Protection, Enforcement, Federal Trade Commission, Privacy and Information Security

This week, the FTC announced a settlement with VIZIO, Inc., one of the world’s largest manufacturers of “smart” TVs. The settlement, also with the Office of the New Jersey Attorney General, arises from claims by regulators that VIZIO installed software that collected viewing data for 11 million consumer TVs without consent. The $2.2 million settlement … Continue Reading