Ilunga Kalala

Subscribe to all posts by Ilunga Kalala

Full Panel of D.C. Circuit Upholds CFPB Structure, Reversing Earlier Decision

Earlier today, an en banc panel of the U.S. Court of Appeals for the D.C. Circuit ruled that the CFPB was constitutionally structured, reversing an earlier decision by a divided three-judge panel and holding that the Dodd-Frank Act permissibly shields the CFPB Director from removal without cause.  The Court’s 7-3 majority opinion only addressed the … Continue Reading

Kelley Drye Hosts IAPP Sponsored Data Privacy Day Event

This Thursday, January 25, 2018, Kelley Drye & Warren LLP will be hosting Privacy After Hours, an International Association of Privacy Professionals (IAPP) sponsored event celebrating Data Privacy Day here in Washington, D.C.  Celebrated in the United States since 2008, Data Privacy Day is an international effort to promote awareness about respecting privacy, safeguarding data … Continue Reading

Hilton Settles NY and VT State AG Investigation into 2015 Data Breach; Pays $700,000 Civil Penalty

New York Attorney General Eric T. Schneiderman and Vermont Attorney General TJ Donovan (“Attorneys General”) announced a settlement with Hilton Domestic Operating Company, Inc. (“Hilton”) resolving allegations that the company did not have reasonable data security practices in place and failed to provide timely notice after two security breaches involving payment card information. The settlement … Continue Reading

Claiming Privacy Shield Participation on Your Website? Lessons from the FTC’s First Privacy Shield Enforcement Action

The Federal Trade Commission recently announced settlements with Decusoft, LLC, Tru Communication, Inc. (doing business as TCPrinting.net), and Md7, LLC, resolving allegations that the companies misrepresented their participation in the E.U.-US and Swiss-US Privacy Shield. The announcement comes just before the first Privacy Shield annual review (scheduled for September 2017) and marks the FTC’s first … Continue Reading

Fallout from Target’s 2013 Data Breach includes an $18 Million Multistate AG Settlement

Target Corporation agreed to an $18.5 million settlement with 46 State Attorneys General and the Attorney General of the District of Columbia this week, resolving allegations that the company failed to provide reasonable data security to its customers, as demonstrated by the Target’s 2013 holiday data breach that affected more than 60 million customers. Background. … Continue Reading

Indiana Amends Telemarketing Law, Bringing New Disclosure Requirements and DNC Vicarious Liability

Last month, the Indiana Governor signed into law House Bill No. 1444, which amends Indiana’s “do not call” statute and extends liability beyond the telephone solicitor, to individuals or entities that “directly or indirectly control” the telephone solicitor. The amendments take effect July 1, 2017 and affect entities that target Indiana consumers via telephone solicitation, … Continue Reading

“Geofencing” and Health-Related Targeted Advertising: Massachusetts AG Has Something to Say

Earlier this month, the Massachusetts Attorney General announced that her office had reached a settlement with a digital advertising company, Copley Advertising, Inc. (Copley), prohibiting the company from using mobile geofencing technology to target women at or near Massachusetts healthcare facilities to infer the health status, medical condition, or medical treatment of an individual. Geofencing … Continue Reading

NY AG Enters Mobile Health App Enforcement Arena with Settlements Targeting Health Claims and Privacy Practices

New York Attorney General Eric Schneiderman recently announced settlements with three mobile health app developers resolving allegations that they made deceptive advertisements and had irresponsible privacy practices. The Attorney General alleged that the developers sold and advertised mobile apps that purported to measure vital signs or other indicators of health using just a smartphone. The … Continue Reading

New Mexico Set to Become 48th State To Enact Data Breach and Safeguards Law

Last week, the New Mexico Legislature passed The Data Breach Notification Act (“Act”). Once the Act is signed by Governor Susana Martinez, New Mexico will join 47 other U.S. states (along with D.C., Guam, Puerto Rico, and the Virgin Islands) who have enacted a data breach notification law, leaving South Dakota and Alabama as the … Continue Reading

EU Data Protection Authority Issues GDPR Action Plan, Swiss Sign Privacy Deal with U.S.

On January 16, 2017, the Article 29 Working Party (“Working Party”)—the EU’s central data protection advisory board—published a press release regarding its Action Plan for 2017, which was adopted as part of its wider implementation strategy for the General Data Protection Regulation (“GDPR”).  The Action Plan follows up on the actions initiated in 2016 and … Continue Reading

May Old Memoranda Be Forgot: White House Issues New Memorandum on Breach Response Plan

The White House Office of Management and Budget (“OMB”) marked the beginning of the 2017 Federal calendar year by issuing a memorandum to all agency and department heads with new guidance on breach preparation and response. While the guidance is not directed to the business sector, it is instructive for corporate counsel as it complements … Continue Reading

One Less (Regulator) Affair for AshleyMadison.com: Site Operators Agree to Settle U.S. Charges Stemming from 2015 Breach

Remember the 2015 AshleyMadison.com data breach, where hackers gained access to the personal information of about 36 million users from over 46 countries, and threatened and carried through on their promise to release the information to the public? This highly publicized incident has resulted in a $1.6 million settlement between operators of the dating website … Continue Reading

FTC Settles with Turn Over Alleged Privacy Policy Misrepresentations

On Wednesday, the FTC announced that Turn, a California-based ad-tech firm, agreed to settle charges that it misrepresented its consumer tracking practices to Verizon Wireless customers. According to the FTC, such customers could not delete or turn off advertising identifiers because Turn synced multiple identifiers without reconciling user preferences or express user requests to delete … Continue Reading

Lessons from Adobe’s State AG Data Breach Settlement

Last month, several state Attorneys General announced a $1M settlement with Adobe Systems, Inc. in connection with a 2013 data incident involving the personal information of roughly 534,000 consumers. The 15 Attorneys General alleged that the software vendor failed to provide reasonable security safeguards, an allegation Adobe denied in the settlement agreement executed by the … Continue Reading

For Better or Worse: Privacy Shield Challenges and (Actions for) Annulments

Over the course of the past two months, three privacy groups in France and one in Ireland filed separate actions for annulment with the European Court of Justice seeking the invalidation of the EU-U.S. Privacy Shield Framework. The Privacy Shield honeymoon phase appears to be over, and the first year of the transatlantic relationship may … Continue Reading

School’s in Session for the Ed Tech Industry: California AG Gives Lessons on Student Data Safeguards

On Wednesday, California’s Attorney General released a report with recommendations for the education technology (“Ed Tech”) industry, a multi-billion dollar industry that is transforming learning as we know it. The Ed Tech industry has the potential to greatly enhance the student learning experience through data management systems and tools that support educators and provide personalized … Continue Reading

What Covered Entities Should Know About the FTC Act and Their Obligations Beyond HIPAA

The Federal Trade Commission and Department of Health and Human Services Office for Civil Rights (OCR) recently announced the release of new guidance for businesses on the Health Insurance Portability and Accountability Act (HIPAA) and the FTC Act. The resource reminds businesses that their obligations to protect consumer health data do not end with HIPAA, … Continue Reading

FTC Releases New Data Response Breach Guide For Businesses

The Federal Trade Commission released a new guide for businesses on data breach response yesterday along with a three-minute video summary. The 14-page guide highlights the immediate steps a business should take when responding to a data breach incident. As a bonus, the guidance also offers a model breach notification letter and encourages businesses to … Continue Reading

California Helps Consumers Crowdsource Privacy Policy Violations

California Attorney General Kamala Harris announced yesterday that her office has rolled out a new online form to help consumers report companies who violate California’s Online Privacy Protection Act (CalOPPA). Under the California law, a website, app or online service must have a CalOPPA compliant privacy policy that is accessible to the consumer. Moreover, these … Continue Reading

D.C. Circuit Rules that CFPB is Unconstitutionally Structured

Earlier today, the U.S. Court of Appeals for the D.C. Circuit issued a landmark decision against the CFPB, finding that the agency was unconstitutionally structured because it concentrates “enormous executive power in a single, unaccountable, unchecked Director.”  However, the court stopped short of ordering a shutdown of the Bureau and instead held that the President … Continue Reading

Kelley Drye & Warren Hosts IAPP Sponsored Data Privacy Day Event

Tomorrow, Thursday January 28, 2016, Kelley Drye & Warren will be hosting Privacy After Hours, an International Association of Privacy Professionals (IAPP) sponsored event celebrating Data Privacy Day here in Washington, D.C.  Celebrated in the United States since 2008, Data Privacy Day is an international effort to promote awareness about respecting privacy, safeguarding data and … Continue Reading

Highlights from the FTC’s Second “Start With Security” Initiative

On November 5, the FTC hosted its second “Start With Security” event in Austin, Texas in an effort to provide companies with practical tips and strategies for implementing effective data security. FTC Commissioner Terrell McSweeny opened the event discussing the FTC’s “Start With Security” business initiative and guidance document, which provides “best practices” (and not … Continue Reading
LexBlog