Privacy & Cybersecurity

Another class action suit has been filed in Massachusetts in the zip code wars. This time, the target is instrument retailer Guitar Center for allegedly requesting customers to provide their zip codes when making purchases with a credit card in contravention of Mass. Gen Laws ch. 93§ 105(a).

Do you ever find yourself worrying that, given the types of things minors deem appropriate to post on social networking Web sites like Facebook and Twitter, our country won’t be able to produce an electable candidate for president in 40 years? 

Weighing in at half the length of Tolstoy's legendary tome War and Peace, it is no surprise that the thought of the impending deadline for compliance with the 538-page  HIPAA Omnibus Rule  has left many small clinical practices feeling overwhelmed.  

Today, the FTC sent more than ninety (90) "educational" letters to domestic and foreign businesses whose Web sites and online services (including mobile apps) appear to collect personal information from children that are 12 years old and under, in an attempt to help the businesses come into compliance with the amendments to the Children’s Online Privacy Protection (COPPA) Rule (the “Amendments”), going into effect on July 1.

(LONDON) We recently wrote that a crucial committee vote on the new EU Data Protection Regulation had been pushed back until May 29-30.   The vote has been delayed again until an unspecified future date, although Jan Phillip Albrecht, the MEP who is one of the leading advocates for the Regulation, still thinks that a committee vote will be possible before the European Parliament’s July recess. 

Mark your calendars:  Upcoming events with Mintz Levin privacy attorneys

You might think that if you lock your backup tapes in a safe they are protected from a data breach, but Kmart’s recent data breach proves that’s not the case.  Last month, a person held a Kmart employee in Little Rock, Arkansas at gun point and ordered him to open the store’s safe.

The Securities Exchange Commission (“SEC”) and the Commodity and Futures Trade Commission (“CFTC”) (together, the “Commissions”) have issued final joint rules and guidelines that require certain entities regulated by the Commissions to establish programs to address risks of identity theft.

Volley #1 - Trade Associations to FTC:  Please Delay!
The long-awaited amendments to the Children's Online Privacy Protection Act (COPPA) have been the subject of much discussion and debate.  

(LONDON) The draft of the new Data Protection Regulation, the first EU privacy law with highly serious teeth in the form of fines based on global turnover, continues to wend its way through various committees of the European Parliament (EP).

Last week in Washington, D.C., this author had the opportunity to sit in on a panel discussion by the SEC’s Division of Corporation Finance (“CorpFin”) discussing, among other things, recent developments in cybersecurity disclosure in public company filings.

Earlier this month, we reported on the privacy case against craft giant Michaels Stores (see our blog post here, as well as our client alert here) in which the plaintiff alleged that Michaels illegally collected zip codes during credit card transactions.

Damages issues continue to bedevil would-be data breach class action plaintiffs. A long and growing line of cases holds that consumers cannot maintain claims arising from theft of their personal or financial data without alleging that the theft resulted in financial injury.

After rounds of comments and public workshops, the FTC has finally released an update to its digital advertising disclosure guidelines. The FTC first released guidance on digital advertising in 2000 and last May the FTC requested comments on how the guidelines could be updated.

Yesterday, the Massachusetts Supreme Judicial Court (“SJC”) ruled that zip codes constitute “personal identification information” under G.L. c. 93. The question of law came to the SJC from the U.S. District Court for Massachusetts stemming from Tyler vs. Michaels Store, Inc, which was dismissed in January.

Security and privacy are the most frequently expressed concerns about cloud computing (defined for this article to include software as a service, platform as a service and storage as a service), but for companies that engage in research, design, development, manufacturing and servicing of items that are subject to U.S. export controls, cloud computing poses another risk that must be properly managed to avoid the substantial penalties that flow from unlicensed exports of technical data.

In a case about exposing user data, Apple suffered a setback due to its concealment of information in litigation. Last week, in the multi-district litigation, In Re iPhone Application Litigation, Judge Lucy Koh of the Northern District of California denied Apple’s motion for summary judgment in a putative class action by iPhone and iPad owners who allege that Apple enabled violations of their privacy rights through “apps.”

Security and privacy are the most frequently expressed concerns about cloud computing (defined for this article to include software as a service, platform as a service and storage as a service), but for companies that engage in research, design, development, manufacturing and servicing of items that are subject to U.S. export controls, cloud computing poses another risk that must be properly managed to avoid the substantial penalties that flow from unlicensed exports of technical data.

It seems that some of the nation’s largest public company banks must be avid readers of this blog and have taken to heart our 2013 prediction that the SEC would require greater disclosure related to data security risks and breaches. 

Perhaps we are being cynical, but if we imagine the current conversation between consumers and the makers of mobile payment applications, it would be something along the lines of: