Library of Congress

Note: External links, forms and search boxes may not function within this collection

« Back to Law Archives

minimize

Legal Blawgs Web Archive Collection

This is an archived Web site from the Library of Congress

http://privacylaw.proskauer.com/

Archived: 02/07/2008 at 20:44:53

first First (02/07/2008)    previous Previous  #1 of 26  Next next    Last (12/02/2009) last entry

Posted on February 1, 2008 by Brendon Tavelli

For Companies Whose Data Security Practices Are Lacking, Life is [Not So] Good

The Federal Trade Commission announced on January 17, 2008 that it has agreed in principle to a consent order with Life is good, Inc. and Life is good Retail, Inc. (collectively “Life is good”) resolving allegations that the apparel company collected sensitive information from consumers and failed to secure it in compliance with its own privacy and security policies. The consent order against Life is good, among other things, prohibits future deceptive privacy and security claims and requires the company to implement a comprehensive information security program that includes biennial audits by an independent security professional for the next twenty years.

Continue Reading...
Tags: , , , , , , , , , , ,
Posted on January 30, 2008 by Clifford Davidson

Ninth Circuit Upholds NLRB Test for Unlawful Employer Surveillance of Union Activities

In a unanimous panel opinion issued on January 28, 2008, the Ninth Circuit upheld the National Labor Relations Board’s (NLRB) newly-announced three-factor test for determining whether employer surveillance activity of potential union members is coercive and therefore in violation of the National Labor Relations Act (NLRA). The case, Local Joint Executive Board of Las Vegas et al. v. NLRB, No. 05-75515, -- F.3d --, 2008 WL 216935 (January 8, 2008), involved two incidents of alleged surveillance of union activities at Aladdin Gaming, LLC, in which Aladdin officials conferred with employees in the cafeteria who had been presented with union cards.

Continue Reading...
Tags: , , ,
Posted on January 15, 2008 by Timothy P. Tobin

State Attorneys General Announce Agreement with MySpace to Protect Children Online

Yesterday, attorneys general from 49 states (all but California’s) and the District of Columbia announced a sweeping agreement with MySpace under which the company will adopt new measures to protect children online. This announcement culminates many months of negotiations between a task force of the attorneys generals led by Richard Blumenthal, the Connecticut Attorney General and Roy Cooper, the North Carolina Attorney General and is reflective of the intense pressure on web 2.0 sites to protect children online. We previously posted about that pressure, reporting on state attorneys general investigations of MySpace and Facebook here and the subsequent New York attorney general settlement with Facebook here. The new agreement with MySpace is available as an attachment to the press release on the North Carolina Attorney General’s website. 

Continue Reading...
Tags: , , , , , , , , , , , , , , , ,
Posted on January 4, 2008 by Joseph K. Wright

First FACTA Disposal Rule FTC Settlement Leaves American United Down in the Dumps

On December 18, the FTC announced a settlement in its 15th case (and its first in 13 months) addressing the data security practices of companies handling sensitive consumer information. American United Mortgage Company agreed to pay a $50,000 penalty for failing to implement reasonable safeguards to protect customer information and failing to provide customers with privacy notices.

American United is the first FTC action taken pursuant to the Disposal Rule, promulgated in 2005, of the Fair and Accurate Credit Transactions Act (FACTA) of 2003. The complaint filed in the Northern District of Illinois in mid-December, asserted that the Northbrook, Illinois-based mortgage company disposed of several dozen consumers’ personally identifying information by leaving intact hundreds of documents in a nearby unsecured dumpster, in some cases in open trash bags. Indeed, even after the FTC provided written notice to American United that disposal of documents containing consumers’ personal information in this manner created a risk of unauthorized access, "on at least two occasions, additional intact American United documents containing consumers’ personal information were found in and around the same dumpster adjacent to American United’s office."

Continue Reading...
Tags: , , , , , , , ,
Posted on January 2, 2008 by Scott J. Carpenter

DHS Says Infrastructure More Vulnerable to Cyber Attacks; Private Businesses Told to Be Vigilant

Businesses are on notice to pay more attention to computer security in order to protect business assets and private information, and to thwart infiltrations that threaten interconnected computers.  And help is available from the United States Computer Emergency Readiness Team (“US-CERT”).

Department of Homeland Security (“DHS”) Secretary Michael Chertoff and Assistant Secretary of Cybersecurity Greg Garcia recently warned that an uptick in cyber attacks  reveal a growing threat to critical U.S. infrastructure and private networks. Garcia warned that hackers “are making massive efforts to compromise computer systems on a global scale,” a reference to the fifty percent in crease in cyber-attacks between 2006 and 2007.  Chertoff called upon businesses to help protect networks and infrastructure from infiltration and data theft.  Secretary Chertoff remarked, “There's no question this is the vulnerability of the 21st century.”

Continue Reading...
Tags: , , , , ,
Posted on December 20, 2007 by Timothy P. Tobin

FTC Staff Issues Proposed Self Regulatory Principles for Behavioral Advertising and Seeks Comment

FTC staff issued a statement today proposing four “self-regulatory” principles to guide businesses engaged in online behavioral advertising. FTC staff also seeks public comments on these principles as well as additional information on what other uses businesses are making of online tracking data. Interested parties can submit comments by February 22, 2008. 

The statement, titled “Online Behavioral Advertising: Moving the Discussion Forward to Possible Self-Regulatory Principles” follows from the FTC’s town hall meeting held in early November 2007. There, FTC considered privacy issues raised by behavioral advertising and heard from consumer interest groups and businesses’ alike.  The agenda and links to material related to the town hall meeting can be found here.    

Continue Reading...
Tags: , , , , , , , , , , ,
Posted on December 18, 2007 by Jeremy Mittman

Anonymous in Arizona? Maybe Not.

In a case of first impression, the Arizona Court of Appeals recently considered the ability of a litigant to determine the identity of an anonymous Internet user. Mobilisa, Inc v. Doe, Case No 1-CA-CV 06-0521, 2007 Ariz. App. LEXIS 225 (Ariz. Ct. App., November 27, 2007). While the Court did not require disclosure of an anonymous Internet user’s identity (as the lower court had done), it set forth a balancing test to consider whether or not the user’s identity should remain anonymous. Thus, the Arizona court recognized that there may indeed be circumstances where anonymity must fall and a user’s identity must be disclosed in litigation.

Continue Reading...
Tags:
Posted on December 12, 2007 by Cecile Martin

Focus on the EU and France -- Can US Employers Collect Sensitive Data about Their Employees Resident in the EU?

US employers are sometimes required for diversity purposes to collect data regarding the race and ethnicity of their employees.  However, collection of such “sensitive” data may infringe EU data protection laws under Article 8 of the EU Data Protection Directive.  This blog post is designed to provide some basic information about Article 8 and its exceptions.  It relates only to the collection of sensitive data from EU-based employees and does not address cross-border data transfer issues.

 

Continue Reading...
Tags:
Posted on December 1, 2007 by Clifford Davidson

Updated Breach Notification Laws

Following is an updated list of citations to state data breach notification laws. We also note that as of January 1, 2008, California’s data breach notification law, Civil Code § 1798.82, will include "medical information" and "health insurance information" in the definition of personal information. Also, any business "maintained for the purpose of managing medical information" must comply with the prohibitions of California’s Confidentiality of Medical Information Act, effective January 1. These changes were enacted through A.B. 1298, signed by Governor Schwarzenegger on October 14, 2007.

Continue Reading...
Tags: , ,
Posted on November 1, 2007 by Brendon Tavelli

Forum Selection Clause in Website Terms of Use Binding Upon Telephone Purchaser

According to a recent federal court ruling, a telephone customer is bound by the terms of an online business’s privacy policy and terms of use to which the salesperson referred during the call. In Greer v. 1-800-Flowers.com, Inc., No. H-07-2543 (S.D. Tex. Oct. 3, 2007), the U.S. District Court for the Southern District of Texas enforced a forum selection clause contained in the website’s terms of use against a consumer who ordered flowers for his girlfriend on the telephone. Before placing his order, the plaintiff inquired as to the company’s privacy practices and a 1-800-Flowers.com representative referred him to the company’s online privacy policy. Plaintiff claimed he relied on this policy when he completed his order. The privacy policy clearly stated that it was part of the website’s terms of use, which the plaintiff did not read and which included a forum selection clause.

Continue Reading...
Tags: , , , , ,