Category Archives: Privacy and Information Security

Subscribe to Privacy and Information Security RSS Feed

Claiming Privacy Shield Participation on Your Website? Lessons from the FTC’s First Privacy Shield Enforcement Action

By Dana B. Rosenfeld on Posted in European Union, Privacy and Information Security
The Federal Trade Commission recently announced settlements with Decusoft, LLC, Tru Communication, Inc. (doing business as TCPrinting.net), and Md7, LLC, resolving allegations that the companies misrepresented their participation in the E.U.-US and Swiss-US Privacy Shield. The announcement comes just before the first Privacy Shield annual review (scheduled for September 2017) and marks the FTC’s first … Continue Reading

Read This Before Scanning A Driver’s License In New Jersey

By Jeffrey S. Jacobson and Alysa Zeltzer Hutnik on Posted in Consumer Protection, Legislative Developments, Privacy and Information Security
On October 1, 2017, a new law will take effect in New Jersey, the Personal Information and Privacy Protection Act (“PIPPA”), which will severely restrict retailers’ ability to “scan” any customer’s “identification card”–a term defined to mean “a driver’s license,” “probationary license,” “non-driver photo identification card,” or any similar card “issued…for purposes of identification.” Merely … Continue Reading

Summer Road Trippin’: The FTC and NHTSA Workshop on Connected Cars

By Kristi Wolff on Posted in Federal Trade Commission, Internet of Things, National Highway Traffic Safety Administration, Privacy and Information Security
On June 28, the FTC and National Highway Traffic Safety Administration (NHTSA) brought together a variety of stakeholders including regulators, automakers, software companies, and consumer groups to discuss connected cars, including current innovations and challenges in the field of data privacy. Acting FTC Chairwoman Maureen Ohlhausen opened the day by asserting that regulators will need … Continue Reading

FTC Submits Comments on IoT Device Security to NTIA Working Group

By Katie Townley and Alysa Zeltzer Hutnik on Posted in Federal Trade Commission, Internet of Things, Privacy and Information Security, Regulatory Developments
On Monday, the FTC submitted comments to the draft National Telecommunications and Information Administration (NTIA) guidance intended to improve Internet of Things (IoT) device security and increase consumer transparency. While recognizing the benefits (and proliferation) of IoT devices, the Commission’s comments caution that such benefits can only be realized when device manufacturers both incorporate – … Continue Reading

Fallout from Target’s 2013 Data Breach includes an $18 Million Multistate AG Settlement

By Alysa Zeltzer Hutnik on Posted in Privacy and Information Security
Target Corporation agreed to an $18.5 million settlement with 46 State Attorneys General and the Attorney General of the District of Columbia this week, resolving allegations that the company failed to provide reasonable data security to its customers, as demonstrated by the Target’s 2013 holiday data breach that affected more than 60 million customers. Background. … Continue Reading

One Employee in Europe Could Trigger New EU Data Protection Obligations

By Dana B. Rosenfeld on Posted in European Union, Privacy and Information Security
An Update on the New EU General Data Protection Regulation On 16 April 2016, the EU adopted the General Data Protection Regulation (‘GDPR’) which largely rewrites and harmonizes the European legal framework of data protection. The new regulation will become applicable in May 2018, but given the scope and complexity of the GDPR it is … Continue Reading

“Geofencing” and Health-Related Targeted Advertising: Massachusetts AG Has Something to Say

By Alysa Zeltzer Hutnik on Posted in Advertising, Privacy and Information Security, State Attorneys General
Earlier this month, the Massachusetts Attorney General announced that her office had reached a settlement with a digital advertising company, Copley Advertising, Inc. (Copley), prohibiting the company from using mobile geofencing technology to target women at or near Massachusetts healthcare facilities to infer the health status, medical condition, or medical treatment of an individual. Geofencing … Continue Reading

Privacy Certification Program Settles COPPA Violations with NYAG

By Kelley Drye on Posted in Privacy and Information Security
Last week, True Ultimate Standards Everywhere, Inc. (“TRUSTe”) agreed to pay the New York Attorney General (“NYAG”) a $100,000 penalty, and beef up privacy measures, to settle alleged violations of the Children’s Online Privacy Protection Act of 1998, 15 U.S.C. §§ 6501-6506 (“COPPA”). The Federal Trade Commission (“FTC”) is authorized to issue rules under COPPA, § 6502(b), … Continue Reading

NY AG Enters Mobile Health App Enforcement Arena with Settlements Targeting Health Claims and Privacy Practices

By Kristi Wolff and Alysa Zeltzer Hutnik on Posted in Advertising, Food and Drug, Privacy and Information Security, State Attorneys General
New York Attorney General Eric Schneiderman recently announced settlements with three mobile health app developers resolving allegations that they made deceptive advertisements and had irresponsible privacy practices. The Attorney General alleged that the developers sold and advertised mobile apps that purported to measure vital signs or other indicators of health using just a smartphone. The … Continue Reading

FTC Highlights Deep-Sixing of FCC Privacy Rules in Bid for 9th Circuit Rehearing

By Alysa Zeltzer Hutnik and Spencer Elg on Posted in Federal Trade Commission, Privacy and Information Security
In support of its request for an en banc rehearing of a Ninth Circuit Court of Appeals panel decision in FTC v. AT&T over the jurisdictional boundaries between the Federal Trade Commission’s (FTC) and Federal Communications Commission’s (FCC) authority over phone companies, broadband providers, and other common carriers, the FTC sent a letter to the Court … Continue Reading

Congress Repeals FCC 2016 Privacy Order via Congressional Review Act

By John J. Heitmann, Steve Augustino, Alysa Zeltzer Hutnik and Kelley Drye on Posted in Privacy and Information Security
On April 3, 2017, President Trump signed into law a Congressional joint resolution eliminating new broadband and voice privacy rules set forth in a November 2016 order (the 2016 Privacy Order) by the Federal Communications Commission (FCC) (the Joint Resolution).  Members of Congress largely voted along partisan lines. The House approved the Joint Resolution by … Continue Reading

New Mexico Set to Become 48th State To Enact Data Breach and Safeguards Law

By Alysa Zeltzer Hutnik on Posted in Privacy and Information Security
Last week, the New Mexico Legislature passed The Data Breach Notification Act (“Act”). Once the Act is signed by Governor Susana Martinez, New Mexico will join 47 other U.S. states (along with D.C., Guam, Puerto Rico, and the Virgin Islands) who have enacted a data breach notification law, leaving South Dakota and Alabama as the … Continue Reading

Ad Law News and Views Newsletter

By Kelley Drye on Posted in Advertising, Antitrust, Class Actions, Consumer Protection, Dietary Supplements, Enforcement, Fashion and Retail, Federal Communications Commission, Federal Trade Commission, Food and Drug, Kelley Drye, Legislative Developments, NAD, Privacy and Information Security, Regulatory Developments, Social Media, State Attorneys General
Did you know Kelley Drye’s Advertising Law practice produces a newsletter, Ad Law News and Views, every two weeks to help you stay current on ad law and privacy matters? Click here to access our Publication Sign Up and select Advertising and Marketing to subscribe. Find contents from the latest issue below: Click here to view with … Continue Reading

Smart TV Manufacturer “Smarting” after $2.2 Million Privacy Enforcement

By Dana B. Rosenfeld and Alysa Zeltzer Hutnik on Posted in Consumer Protection, Enforcement, Federal Trade Commission, Privacy and Information Security
This week, the FTC announced a settlement with VIZIO, Inc., one of the world’s largest manufacturers of “smart” TVs.  The settlement, also with the Office of the New Jersey Attorney General, arises from claims by regulators that VIZIO installed software that collected viewing data for 11 million consumer TVs without consent.  The $2.2 million settlement … Continue Reading

EU Data Protection Authority Issues GDPR Action Plan, Swiss Sign Privacy Deal with U.S.

By Dana B. Rosenfeld and Laura van der Meer on Posted in Enforcement, European Union, Legislative Developments, Privacy and Information Security, Regulatory Developments
On January 16, 2017, the Article 29 Working Party (“Working Party”)—the EU’s central data protection advisory board—published a press release regarding its Action Plan for 2017, which was adopted as part of its wider implementation strategy for the General Data Protection Regulation (“GDPR”).  The Action Plan follows up on the actions initiated in 2016 and … Continue Reading

New FTC Acting Chair Maureen Ohlhausen Offers Insight into Consumer Protection Priorities

By Spencer Elg, Christie Grymes Thompson, William C. MacLeod, Donnelly L. McDowell and Dana B. Rosenfeld on Posted in Antitrust, Consumer Protection, Enforcement, Federal Trade Commission, Privacy and Information Security
Just over one week after being named acting chair of the Federal Trade Commission (FTC), Maureen Ohlhausen delivered the keynote address at the American Bar Association’s biennial Consumer Protection Conference in Atlanta on February 2. During her remarks, acting chair Ohlhausen offered insight into consumer protection priorities during her tenure as acting chair. First, acting … Continue Reading

FTC Staff Report Details Best Practices for Cross-Device Tracking

By Dana B. Rosenfeld on Posted in Advertising, Federal Trade Commission, Privacy and Information Security
The ubiquitous use of multiple devices by consumers has created new opportunities for mobile apps, platforms, providers, and publishers alike to capture more, and more accurate, consumer data.  This practice – known as cross-device tracking – serves many purposes but is particularly valuable to advertisers. On January 23, 2017, FTC staff released a report entitled … Continue Reading

Announcing the Advertising and Privacy Law Webinar Series

By Kelley Drye on Posted in Advertising, Advertising and Privacy Law Summit, Advertising Litigation, Agreements, Antitrust, Class Actions, Consumer Financial Protection, Consumer Product Safety, Consumer Protection, Enforcement, Fashion and Retail, Federal & State Regulatory, Federal Communications Commission, Federal Trade Commission, Food and Drug, Internet of Things, Legislative Developments, Marketing & Media Transactions, Mobile Marketing, NAD, Native Advertising, Privacy and Information Security, Real Time Marketing, Regulatory Developments, Social Media, State Attorneys General
Please join Kelley Drye in 2017 for the Advertising and Privacy Law Webinar Series. Like our annual in-person event, this series will provide engaging speakers with extensive experience and knowledge in the fields of advertising, privacy, and consumer protection. These webinars will give key updates and provide practical tips to address issues faced by counsel. … Continue Reading

FTC Chairwoman Ramirez Announces Resignation Effective February 10

By William C. MacLeod, John E. Villafranco, Dana B. Rosenfeld and Donnelly L. McDowell on Posted in Consumer Protection, Federal Trade Commission, Privacy and Information Security
Federal Trade Commission Chairwoman Edith Ramirez announced today that she will resign her position effective February 10, leaving the Commission with three vacancies and just two remaining commissioners.  Chairwoman Ramirez has been a commissioner since April 5, 2010 and became Chairwoman on March 4, 2013. In announcing her resignation, she remarked: “It has been the … Continue Reading

May Old Memoranda Be Forgot: White House Issues New Memorandum on Breach Response Plan

By Kelley Drye on Posted in Privacy and Information Security
The White House Office of Management and Budget (“OMB”) marked the beginning of the 2017 Federal calendar year by issuing a memorandum to all agency and department heads with new guidance on breach preparation and response. While the guidance is not directed to the business sector, it is instructive for corporate counsel as it complements … Continue Reading

FTC Files Lawsuit Against Taiwanese Manufacturer for Alleged Lax Security in Wireless Routers and Cameras and Related Marketing Claims

By Dana B. Rosenfeld and Alysa Zeltzer Hutnik on Posted in Federal Trade Commission, Privacy and Information Security
The Federal Trade Commission has filed a lawsuit in federal court claiming that a networking equipment manufacturer engaged in unfair and deceptive acts, exposing thousands of consumers to the risk of cyberattack from vulnerable wireless routers and internet cameras. The complaint against Taiwan-based networking equipment manufacturer D-Link Corporation and its U.S. subsidiary D-Link Systems alleges … Continue Reading

One Less (Regulator) Affair for AshleyMadison.com: Site Operators Agree to Settle U.S. Charges Stemming from 2015 Breach

By Dana B. Rosenfeld and Alysa Zeltzer Hutnik on Posted in Advertising, Federal Trade Commission, Privacy and Information Security
Remember the 2015 AshleyMadison.com data breach, where hackers gained access to the personal information of about 36 million users from over 46 countries, and threatened and carried through on their promise to release the information to the public? This highly publicized incident has resulted in a $1.6 million settlement between operators of the dating website … Continue Reading

FTC Settles with Turn Over Alleged Privacy Policy Misrepresentations

By Katie Townley and Alysa Zeltzer Hutnik on Posted in Federal Trade Commission, Privacy and Information Security
On Wednesday, the FTC announced that Turn, a California-based ad-tech firm, agreed to settle charges that it misrepresented its consumer tracking practices to Verizon Wireless customers. According to the FTC, such customers could not delete or turn off advertising identifiers because Turn synced multiple identifiers without reconciling user preferences or express user requests to delete … Continue Reading

Homeland Security Issues IoT Guidance for Businesses

By Sharon Kim Schiavetti and Alysa Zeltzer Hutnik on Posted in Privacy and Information Security
The Department of Homeland Security (DHS) has published non-binding principles and best practices to help businesses work through key Internet-of-Things (IoT) security issues.   Entitled “Strategic Principles for Securing the Internet of Things (IoT), Version 1.0,” the principles seek to provide stakeholders with tools to account for security as they develop, manufacture, implement, or use network-connected … Continue Reading
LexBlog