Privacy & Cybersecurity

Mobile app developers have some unique challenges when it comes to preparation and implementation of privacy policies. But, regulators have made it quite clear that the general privacy laws and regulations apply whether the application is online or mobile. 

Wyndham Hotel & Resorts LLC (“Wyndham”) has filed a Motion to Dismiss the Federal Trade Commission’s (the “FTC”) Complaint against it, which alleges that Wyndham committed unfair and deceptive acts related to three data security breaches that Wyndham has suffered since 2008.

Lorene Schaefer, a mediator, arbitrator and workplace investigator, has reported on the One Mediation blog that by a letter of August 3, 2012 the Buffalo, New York office of the EEOC notified an employer that the employer’s written policy warning employees who participate in an investigation not to discuss the matter and providing that employees who do so may be subject to discipline including termination of employment may be a “flagrant violation” of Title VII and itself an adverse employment action.

The FTC has finally released details of their settlement with Google, including the hefty price tag of $22.5 million, the highest fine ever slapped on a violator of an FTC consent order. The Internet giant was charged with breaking the terms of the consent order they entered into last year by misrepresenting how users could opt out of having certain cookies dropped on their browser.

CNN reports that the Cybersecurity Act of 2012 (SB 3414) has failed to pass the US Senate. A cloture vote failed by a vote of 42-46, mostly along party lines.

A recently-filed class action lawsuit asserts claims against the Winn-Dixie supermarket chain and a third-party vendor, Purchasing Power, LLC, in connection with the alleged theft of employee data provided to Purchasing Power in order to administer a discount purchasing program offered to Winn-Dixie employees. 

In a move signaling increased enforcement of the state’s data privacy and security regulations, California’s Attorney General Kamala D. Harris has announced the creation of the Privacy Enforcement and Protection Unit.  

Small business owners have new hope that they may be on the same footing as individuals when it comes to cybertheft from their bank accounts.

The pre-conference workshops at the Data Protection & Privacy Law Compliance Conference have begun! The first workshop covered managing the risk of third party vendors. An important element of ensuring the security and privacy of your vendors is finding out what vendors your vendors are using. 

North American marketers take note: Canada is set to finalize one of the toughest anti-spam laws in the world. Canada had fallen behind when it came to introducing anti-spam legislation, but it is now making up for lost time.

The Federal Trade Commission (FTC) has announced that it has filed suit in U.S. District Court in Phoenix against Wyndham Worldwide Corporation and three of its subsidiaries. The lawsuit cites "alleged data security failures that led to three data breaches at Wyndham hotels in less than two years."  

We have been following proposed legislation to modify the Connecticut data breach notification law as it worked its way (unsuccessfully) through the 2012 General Session of the legislature.

Nearly as predictable as the sun coming up in the morning, the recent theft of 6.5 million LinkedIn user passwords has resulted in the filing of a class action lawsuit in a California federal court. 

Recently, the National Labor Relations Board Acting General Counsel Lafe E. Solomon issued his third and latest report on social media cases, providing specific guidance on how to construct a lawful social media policy.

Spokeo, Inc. has agreed to pay the FTC $800,000 to settle the FTC’s claims alleging that Spokeo violated the Fair Credit Reporting Act (FCRA) and committed unfair or deceptive acts or practices under the FTC Act. Spokeo is a data broker that collects personal information of millions of consumers and compiles that information into online profiles for each person.

Last week at the OCR/NIST conference, Building Assurance through HIPAA Security, Linda Sanches of The Office for Civil Rights provided an extensive update on the pilot HITECH audit program, including preliminary findings, what regulated entities can expect next and suggestions for covered entities concerned about being audited. 

Here is some weekend reading for those looking at e-discovery issues. Our colleagues, John Koss and Rebecca Diamond, have published an article in Bloomberg BNA - Digital Discovery and e-Evidence delving into deleted text messages in the Deepwater Horizon controversy.

4:44 PM -- LinkedIn has confirmed reports of hacking -

Welcome to June! It's time for an an updated version of our "Mintz Matrix" --- the Mintz Levin matrix of state data security breach notification laws. We update this matrix quarterly, or as developments dictate.

A recent Massachusetts Superior Court decision, Falmouth Firefighters Union v. Town of Falmouth, answers “no.”