Privacy & Cybersecurity

Two data privacy bills, Assembly Bill 370 and Senate Bill 568 have been sent to California Governor Jerry Brown for signature. As we previously reported, A.B. 370 would require commercial websites or online services that collect personally identifiable information to disclose how that site or service responds to “do not track” signals or similar mechanisms. 

If you use Facebook (and you likely do, if only to play some game that apparently involves crushing large amounts of candy), then you received an email last week informing you that Facebook is proposing changes to its Data Use Policy and Statement of Rights and Responsibilities. 

As we predicted, the California Senate has approved A.B. 370, a bill that would require commercial websites or online services that collect personally identifiable information to disclose how that site or service responds to “do not track” signals or similar mechanisms. 

As the summer winds down, we find that privacy and security issues remain at the top of mind for companies, hackers, and regulators alike.

Yesterday, the FTC published a Federal Register notice requesting public comment on the first new method for obtaining verifiable parental consent submitted for FTC approval by AssertID, Inc under the Voluntary Commission Approval Process provision of the COPPA Rule.

After a brief August hiatus, Privacy Monday is back with privacy goofs, gaffes and tidbits to start your week.

We've sounded warnings about the lowly copy machine before. The proliferation of digital devices in the workplace means that data security must extend beyond computer networks and laptops. Seemingly old fashioned equipment, such as copiers, can hide sensitive legally-protected data.

What did you do over your summer vacation? Yes, the sad truth is that summer is almost over. You can tell because there wasn’t a single superhero movie that opened at the box office last weekend (no, Smurfs2 does not count) and because the California Senate is preparing to reconvene from its summer recess.

Last week an Oregon jury awarded an individual plaintiff over $18 million in compensatory and punitive damages in what some sources have reported to be the first jury verdict in a case brought under the Fair Credit Reporting Act (“FCRA”), 15 U.S.C. § 1681a(c). 

The California ballot measure process permits any California voter to propose a ballot initiative to the state’s Attorney General which, if enough signatures are gathered, will then appear on state-wide ballot for approval at the next election.

It appears that Wyndham Hotel & Resorts LLC (“Wyndham”) has received reinforcements in its defense against the Federal Trade Commission’s (the “FTC”) case. A federal judge has agreed to allow the U.S. Chamber of Commerce and several other organizations to file an amicus curiae brief in support of dismissing the FTC’s case against Wyndham.

Just before the Labor Day holiday, the Federal Trade Commission issued a press release announcing its complaint against LabMD, Inc., a company that performs medical testing for consumers around the country. The complaint alleges that the company did not take reasonable measures to protect the security of consumers’ personal data. 

The "hits" to data bases, in any event. Here is a rundown of some of the most recent data breach reports --
Oregon Health & Science University Data Breach Compromises 3,000 Patients’ Records in the Cloud.

Ever since our 2013 prediction, an ever increasing number of public companies are adding disclosure related to cybersecurity and data breach risks to their public filings. We previously analyzed how the nation’s largest banks have begun disclosing their cybersecurity risks. 

Aiming to “address the real privacy and security risks that consumers face when telecommunications carriers use their control of customers’ mobile devices to collect information about their customers’ use of the network,” the Federal Communications Commission (FCC) has adopted a Declaratory Ruling holding that the existing rules requiring carriers to protect customer proprietary network information (CPNI) apply to CPNI collected by mobile devices when such collection is undertaken at the carrier’s direction and the carrier has access to or control over that information.

Californians are a diverse bunch (as you’ve probably gathered from those commercials with Arnold Schwarzenegger), but apparently there is something that 2.5 million of us all have in common. California Attorney General Kamala Harris has released a first-of-its-kind data breach report  that includes statistics, recommendations and assessments based on breaches that were reported to the Attorney General’s office during the 2012 calendar year.

Welcome to a new feature of Privacy & Security Matters -- Privacy Monday.
We will start your week with a fresh collection of privacy tidbits, goofs and gaffes.

In its recent decision in Harris v. comScore, Inc., the Seventh Circuit declined to review a trial court order certifying a plaintiff class consisting of hundreds of thousands of computer owners who downloaded software that permitted comScore, Inc. to track internet traffic and usage.

California Attorney General Kamala Harris’ attempt to bring an enforcement action against Delta Air Lines won’t be leaving the runway. California Superior Court Judge Marla J. Miller has dismissed a data privacy complaint against Delta brought by Attorney General Harris.

Another class action suit has been filed in Massachusetts in the zip code wars. This time, the target is instrument retailer Guitar Center for allegedly requesting customers to provide their zip codes when making purchases with a credit card in contravention of Mass. Gen Laws ch. 93§ 105(a).