Privacy & Cybersecurity

On this Privacy Monday, we have some upcoming events that you might want to add to your calendar.

Fitbit, the fitness-tracking company with six wearable devices that track and collect data about things like calories burned, steps logged, "quality" of sleep and sleep patterns, heart rate, etc.) as well as web and mobile apps and premium services, has filed with the Securities and Exchange Commission for a $100 million initial public offering.

Senior U.S. District Court Judge Paul Magnuson issued an order  on Thursday, May 7 denying a request by counsel for card issuer banks to enjoin the settlement of data breach related claims negotiated between Target and MasterCard. 

Another federal agency has weighed in with "guidance" on cybersecurity preparation and breach response. The Department of Justice (DOJ) is the latest to issue guidance on how companies should respond to data breaches.

On this Privacy Monday, we can definitely say that the long winter of our discontent (at least for some of our readers) is over. Happy spring!

The National Association of Insurance Commissioners (NAIC), the standard-setting organization in the U.S. insurance industry created and governed by the chief insurance regulators from the 50 states, the District of Columbia, and five U.S. territories, recently published its “Principles for Effective Cybersecurity: Insurance Regulatory Guidance” (the “NAIC Guidance”).

In the wake of Target’s April 15 announcement of a private $19 million settlement of the data breach claims of MasterCard-issuing banks, counsel representing the putative card issuer class in the consolidated Target data breach litigation moved to enjoin the proposed settlement, arguing that it is an improper end-run around the Minnesota federal court’s adjudication of card issuer claims.

On Thursday, April 23, the FTC settled deception charges against start-up Nomi Technologies, Inc. related to Nomi’s in-store, sensor-based, tracking technology.1 This is the first FTC enforcement action against emerging retail store–based tracking technologies.

Some privacy & security bits and bytes to start your week:
FCC to Hold Public Workshop on Broadband Consumer Privacy Tomorrow

As cyber week continues in Washington, Federal Communications Commission Chairman Tom Wheeler traveled to the west coast to speak about cybersecurity at the RSA Conference in San Francisco. 

Security is on the agenda from coast to coast this week.
Cybersecurity information sharing legislation will hit the House floor this week.  

Register now for the fourth installment in our monthly 2015 Privacy Wednesday webinar series, coming up next Wednesday, April 29th at 1:00 pm ET.

Target confirmed a report in the Wednesday edition of The Wall Street Journal of a settlement with MasterCard concerning claims of card-issuers arising from Target’s 2013 data breach. 

According to a report published today in The Wall Street Journal, Target and MasterCard are close to reaching a settlement of the claims of MasterCard-issuing institutions in connection with Target’s 2013 data breach. 

Spring has finally arrived on the East Coast, and not a moment too soon.
Here are 3 privacy & security bits and bytes to start your week.

As we predicted in our post late last month, Google’s YouTube Kids app has attracted more than just the “curious little minds” Google was hoping for.  Yesterday, a group of privacy and children’s rights advocates (including the Center for Digital Democracy and the American Academy of Child and Adolescent Psychiatry) asked the Federal Trade Commission “to investigate whether Google’s YouTube Kids app violates Section 5 of the FTC Act . . . .”

Following up on my recent post on the matter, I had the opportunity to speak with Colin O'Keefe of LXBN on the subject of cross-device tracking. In the brief interview, I discuss the growing prevalence of cross-device tracking and what the FTC is doing in response.

Not only is it Privacy Monday - it is OPENING DAY! After this long, long winter ... welcome back baseball!

President Obama today signed an Executive Order granting authority to the Department of the Treasury's Office of Foreign Assets Control (OFAC) to impose sanctions on individuals and entities determined to be "responsible for or complicit in malicious cyber-enabled activities" that result in harms "reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States."

Our 2015 monthly Privacy Issues Wednesday webinar series continued this month with Jonathan Cain and Paul Pelletier's Responding to Insider Data Theft & Disclosure presentation.