Alysa Zeltzer Hutnik

Subscribe to all posts by Alysa Zeltzer Hutnik

California Passes Bill Requiring Reasonable Security Features for Connected Devices

Yesterday, the California legislature passed SB-327, a bill intended to regulate the security of internet-connected devices.  Unlike the California Consumer Privacy Act (CCPA), SB-327 is significantly more narrow.  As enacted, the bill is a “lighter” version of what was first introduced and amended in 2017 (which, at that time, would have included certain disclosure and … Continue Reading

FTC Hits Road Block in DIRECTV Advertising Case Seeking $3.95 Billion Remedy

The Northern District of California recently ruled on DIRECTV’s motion for judgment on partial findings in a case where the FTC is seeking $3.95 billion in damages. The FTC’s case alleges that DIRECTV engaged in misleading advertising over a span of more than a decade and across a variety of media channels ranging from television … Continue Reading

Big Government? FTC Advocates for More Authority in Congressional Hearing

Last week, the House Committee on Energy and Commerce held a Committee Hearing on the Oversight of the Federal Trade Commission. All five Commissioners attended and their message was largely the same: the FTC needs additional rulemaking and civil penalty authority to better protect consumers, especially as it applies to privacy and data security enforcement. … Continue Reading

GDPR Sidebar: Comparing the California Consumer Privacy Act to the GDPR

California recently passed the California Consumer Privacy Act (CCPA), providing new rights for California consumers (broadly defined as California residents) regarding their personal data. The CCPA is modeled after the EU’s General Data Protection Regulation (GDPR), which provides EU citizens with a number of rights related to data processing and imposes specific requirements on companies … Continue Reading

California Enacts Sweeping Privacy Law; Will Other States Follow?

On June 28, 2018, Governor Brown signed into law the “California Consumer Privacy Act of 2018.” The legislation was a compromise to avoid a ballot initiative that was more closely modeled after the European Union’s General Data Protection Regulation (GDPR). This Act is scheduled to go into effect on January 1, 2020. The Act enumerates … Continue Reading

Podcast – Inside the TCPA : Autodialers

Kelley Drye introduces a new Full Spectrum series, “Inside the TCPA,” which will offer a deeper focus on TCPA issues and petitions pending before the FCC. Each episode will tackle a single TCPA topic or petition that is in the news or affecting cases around the country. In this inaugural episode, partner Steve Augustino and … Continue Reading

FTC Examining How Consumer Protection and Privacy May Be Affecting Innovation and Competition; Seeking Input and Will Hold Policy Hearings to Address

The FTC announced yesterday that it will accept comments and hold a series of public hearings on consumer protection, privacy, and competition policy and enforcement.  The hearings will take place during fall and winter of this year and will evaluate whether recent changes in the economy, technology, or international landscape require adjustments to how the … Continue Reading

Colorado Reaches New High with Strict Data Breach Notification Law

On May 29, Colorado Governor John Hickenlooper signed into law HB18-1128 to strengthen data breach notification requirements for companies and government entities collecting and maintaining personal information from Colorado residents. Effective September 1, covered entities will be required to notify individuals within 30 days of discovery of a security breach, unless the entity is notified … Continue Reading

New Watchdog, New Tricks: European Data Protection Board Adopts GDPR Guidelines and Releases Statement on ePrivacy Regulation

Less than one week after replacing the now defunct Article 29 Working Party (WP29), the European Data Protection Board (EDPB) has adopted new guidelines on the EU General Data Protection Regulation (GDPR) and issued a statement on the ePrivacy Regulation revision. What is the European Data Protection Board? How is It Different from the Article … Continue Reading

SADDLE UP AMERICA: California Aims to Pass its Own GDPR Law

Just when you think you’ve tackled the Wild, Wild West of GDPR and privacy compliance, California decides to mix it all up again. This November 6th, California voters will decide on the California Consumer Privacy Act (“Act”), a statewide ballot proposition intended to give California consumers more “rights” with respect to personal information (“PII”) collected … Continue Reading

GDPR SIDEBAR: Should You Be Complying with the New Data Protection Law?

You’ve probably heard of the dreaded four-letter word – GDPR.  Companies around the globe had been preparing for the May 25th implementation date for quite some time.  But U.S.-based companies with no apparent EU presence may not have thought twice about whether the data protection law across the pond even applies to them.  Let’s face … Continue Reading

Why So BLU?: FTC Settles Privacy and Data Security Claims with Mobile Company; Fencing-In Relief Requires Consumer Opt-In to Data Sharing

Earlier this week, the FTC settled its case with BLU Products, Inc., a cell phone company the FTC claimed misled consumers about its privacy and data security practices. According to the agency, the company represented that it did not collect unnecessary personal information and that it imposed specific data security procedures to protect consumers’ personal … Continue Reading

Data Breach Notification Law Roundup

Just when you think you have it all under control, the data breach notification law landscape changes – again. Over the past few weeks, several data breach notification statutes were updated, including an effective date for Canada’s mandatory breach notification obligations, as well as the adoption of legislation in the two holdout states (Alabama and … Continue Reading

Chairman Pai Set to Release Draft Net Neutrality Item

On November 21, 2017, FCC Chairman Ajit Pai issued a statement announcing that he had circulated his draft Restoring Internet Freedom Order to his fellow commissioners. The draft Order will largely undo the 2015 Open Internet Order and limit FCC jurisdiction over broadband Internet access services, although it appears that the order will retain a … Continue Reading

Will Your TV Watch You? FCC Green Lights Targeted Advertising in Next Gen TV Broadcasting Standard

Last week, the Federal Communications Commission (FCC), in a 3-2 vote, approved an order allowing “television broadcasters to use the ‘Next Generation’ broadcast television (Next Gen TV) transmission standard, also called ‘ATSC 3.0.’”  Described in the Order “as the world’s first Internet Protocol (IP)-based broadcast transmission platform,” the Next Gen TV standard is expected to … Continue Reading

Hilton Settles NY and VT State AG Investigation into 2015 Data Breach; Pays $700,000 Civil Penalty

New York Attorney General Eric T. Schneiderman and Vermont Attorney General TJ Donovan (“Attorneys General”) announced a settlement with Hilton Domestic Operating Company, Inc. (“Hilton”) resolving allegations that the company did not have reasonable data security practices in place and failed to provide timely notice after two security breaches involving payment card information. The settlement … Continue Reading

Congressional Override Offers Industry Reprieve from CFPB Arbitration Rule but Battles Ahead Still Likely

Last week, the Senate voted 51 to 50 (with Vice President Pence casting the tiebreaking vote) to override the Consumer Financial Protection Bureau’s Arbitration Rule, which was finalized earlier this year in July.  As previously discussed here and here, the Arbitration Rule would have prohibited providers of covered consumer financial products and services from using … Continue Reading

Will the FTC’s Deception Evidence Fall Short? Court to Rule in DirecTV Case

U.S. District Judge Haywood S. Gilliam Jr. said Friday that the court would pause the trial to consider whether the FTC presented sufficient evidence to support its allegations that DirecTV misled consumers by failing to adequately disclose the terms of its two-year subscription and introductory pricing offer.  The judge instructed attorneys for DirecTV to file … Continue Reading

Read This Before Scanning A Driver’s License In New Jersey

On October 1, 2017, a new law will take effect in New Jersey, the Personal Information and Privacy Protection Act (“PIPPA”), which will severely restrict retailers’ ability to “scan” any customer’s “identification card”–a term defined to mean “a driver’s license,” “probationary license,” “non-driver photo identification card,” or any similar card “issued…for purposes of identification.” Merely … Continue Reading

FTC Submits Comments on IoT Device Security to NTIA Working Group

On Monday, the FTC submitted comments to the draft National Telecommunications and Information Administration (NTIA) guidance intended to improve Internet of Things (IoT) device security and increase consumer transparency. While recognizing the benefits (and proliferation) of IoT devices, the Commission’s comments caution that such benefits can only be realized when device manufacturers both incorporate – … Continue Reading

Fallout from Target’s 2013 Data Breach includes an $18 Million Multistate AG Settlement

Target Corporation agreed to an $18.5 million settlement with 46 State Attorneys General and the Attorney General of the District of Columbia this week, resolving allegations that the company failed to provide reasonable data security to its customers, as demonstrated by the Target’s 2013 holiday data breach that affected more than 60 million customers. Background. … Continue Reading

Indiana Amends Telemarketing Law, Bringing New Disclosure Requirements and DNC Vicarious Liability

Last month, the Indiana Governor signed into law House Bill No. 1444, which amends Indiana’s “do not call” statute and extends liability beyond the telephone solicitor, to individuals or entities that “directly or indirectly control” the telephone solicitor. The amendments take effect July 1, 2017 and affect entities that target Indiana consumers via telephone solicitation, … Continue Reading

Judge Upholds FTC Staff Opinion that Avatar Calls are Prerecorded Messages under TSR

Yesterday, a D.C. district court upheld a recent opinion letter issued by FTC staff that extended robocalling restrictions to telemarketing calls that use so-called soundboard technology or “avatars.”  This technology generally allows a live agent to communicate with a call recipient by playing recorded audio snippets instead of using his or her own live voice. … Continue Reading

“Geofencing” and Health-Related Targeted Advertising: Massachusetts AG Has Something to Say

Earlier this month, the Massachusetts Attorney General announced that her office had reached a settlement with a digital advertising company, Copley Advertising, Inc. (Copley), prohibiting the company from using mobile geofencing technology to target women at or near Massachusetts healthcare facilities to infer the health status, medical condition, or medical treatment of an individual. Geofencing … Continue Reading
LexBlog