Library of Congress

Note: External links, forms and search boxes may not function within this collection

« Back to Law Archives

minimize

Legal Blawgs Web Archive Collection

This is an archived Web site from the Library of Congress

http://privacylaw.proskauer.com/

Archived: 01/08/2009 at 18:48:19

first First (02/07/2008)    previous Previous  #12 of 26  Next next    Last (12/02/2009) last entry

Posted on January 5, 2009 by Kristen J. Mathews

"Address Book Harvesting" Issues to Contend With

More and more companies have been considering engaging in marketing campaigns that involve “address book scraping,”  in which a user is asked to import his contacts (i.e., the e-mail addresses he has stored in his e-mail account address book) into his social networking Web site or other online service so that a message can be sent to those contacts inviting them to join the social network or to participate in a joint offering of the company and its partner.  In some cases, the user is asked to provide the username and password for his e-mail account so that the import can be done transparently.

There are a number of things to look out for in connection with these campaigns:

Continue Reading...
Tags:
Posted on December 31, 2008 by Natalie Newman

Department of Education Issues Final Regulations Amending FERPA

The Family Educational Rights and Privacy Act (20 U.S.C. 1232g; 34 CFR Part 99) (“FERPA”) imposes various requirements on educational institutions regarding the privacy of personally identifiable information contained in education records of students.  On December 9, 2008, the U.S. Department of Education (“DOE”) published final rules amending the regulations that implement FERPA.   

 

Originally proposed on March 28, 2008, the DOE published a notice which proposed various changes to FERPA and its implementing regulations “to implement various statutory changes made to FERPA to implement two recent US Supreme Court decisions, to respond to changes in information technology, and to address other issues identified through the Department’s experience in administering FERPA.”  (73 FR 74806).  According to the DOE, approximately 121 parties submitted comments in response to the March, 2008 NPRM.  The Final Rules become effective January 8, 2009.

 

Continue Reading...
Tags: , , , , , ,
Posted on December 26, 2008 by Timothy P. Tobin

Zip Codes not "Personal Identification Information" under California's Song-Beverly Act

On December 19, 2008, in Party City Corp. v. The Superior Court of San Diego County, the California Court of Appeal in the Fourth Appellate District held that zip codes are not "personal identification information" under California's Song-Beverly Credit Card Act of 1971, California Civil Code Sec. 1747.08 (the "Act."). The Act prohibits a retailer that accepts credit cards from, among other things, "request[ing], or require[ing] as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the [retailer] writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise." Id. at § 1748.08(a)(2). Under the Act, "personal identification information" is "information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number." Id. at § 1747.08(b). Subdivision (e) of the statute provides that "[a]ny person who violates this section shall be subject to a civil penalty not to exceed two hundred fifty dollars ($250) for the first violation and one thousand dollars ($1,000) for each subsequent violation, to be assessed and collected in a civil action brought by the person paying with a credit card, by the Attorney General, or by the district attorney or city attorney of the county or city in which the violation occurred."

Continue Reading...
Tags: , , , , , , , ,
Posted on December 19, 2008 by Tanya Forsheit

Breach Litigation Developments Webinar

Early this month I discussed recent developments in data breach litigation at a webinar hosted by Debix.  You can listen to the webinar at any time by following the instructions here.

All of us in Proskauer's Privacy and Data Security Practice Group wish you a peaceful and happy holiday.

Tags: , , , , , , , ,
Posted on December 14, 2008 by Jeremy Mittman

EU High Court Strikes Down UK DNA Database on Privacy Grounds

In a landmark ruling, the European Court of Human Rights (ECHR)—Europe’s highest court to take up cases affecting the privacy rights of EU citizens—ruled that some aspects of the UK’s DNA database violated EU law.  Specifically, on December 4, the ECHR issued its decision, S. and Marper v. The United Kingdom (Applications 30562/04, 30566/04), holding that the UK DNA database violated the EU’s Convention for the Human Rights and Fundamental Freedoms (the "Convention") in retaining the DNA samples of individuals who had been acquitted of (or arrested and not charged with) any crime.    

Continue Reading...
Tags:
Posted on December 5, 2008 by Scott J. Carpenter

Federal Court Enjoins Sale of Keylogger Program

A U.S. District Court for the Middle District of Florida recently issued a preliminary injunction ordering CyberSpy Software, LLC to stop promoting and selling “RemoteSpy,” a keylogger software program that, once installed on a computer, collects information regarding use of the computer.

Continue Reading...
Tags: , , , , ,
Posted on November 26, 2008 by Clifford Davidson

MA Delays Implementation of Information Protection Standards

Businesses holding personal information of Massachusetts residents have at least one thing to be thankful for this holiday season.  As reported here, Massachusetts earlier this year established strict standards for protection of personal information about Massachusetts residents. Those standards include encryption of electronic data when stored or transmitted and were set to take effect January 1, 2009.

In light of current economic conditions, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) delayed the general compliance deadline until May 1, 2009 – the same date the FTC’s new red flag rules take effect (as reported here, here and here).  The OCABR also extended a number of other related deadlines, which are listed in the OCABR’s announcement available here.

Tags: , ,
Posted on November 26, 2008 by Kristen J. Mathews

Privacy Issues When "Computing in the Cloud"

When a company is considering using cloud computing in its IT infrastructure, there are some privacy issues that need to be addressed.

While the value of cloud computing certainly holds much promise, companies wishing to make the leap into the cloud would be well advised to consider the potential privacy issues.  Cloud computing, in its essence, is the migration or outsourcing of computing, hardware and storage functions to a third-party service provider, which hosts applications on the Internet through linked servers located worldwide.  Cloud computing has captured the attention of IT professionals because it offers the appealing option of reducing a company’s computer infrastructure and placing it in the hands of a vendor who can perform a company’s computing needs more cheaply and efficiently than the company can itself.

Continue Reading...
Tags: , , ,
Posted on November 20, 2008 by Brendon Tavelli

Privacy under the 44th President? Will the New Administration Bring a New Playbook?

 

As we prepare to welcome both the 44th President and a revamped Congress to Washington, it is time to consider what privacy under the new administration will look like. Barack Obama polled strongly on the campaign trail as the candidate most likely to advance individual privacy rights, but are the pollsters a good indicator what privacy will look like under the new administration?    Here are some of our thoughts about what we may see in the next four years.

Continue Reading...
Tags: , , , , , , , , , , , ,
Posted on November 6, 2008 by Joseph K. Wright

CAN of Worms?: New Decision Opens CAN-SPAM Private Right of Action to Non-ISPs

 

A recent decision in the Western District of Washington broadly defines the reach of the private right of action under the federal CAN-SPAM statute. In that case, Haselton v. Quicken Loans Inc., W.D. Wash., C-07-1777, 10/14/08, the court held that a company had standing to sue alleged spammers even though it is not an Internet service provider (ISP) and does not provide e-mail accounts to its customers.

 

Plaintiff Peacefire’s website allows its users to circumvent website filtering and content-control software. Peacefire successfully argued that it is an “Internet access service” (IAS) within the protection of CAN-SPAM. CAN-SPAM uses the COPPA definition of IAS: “a service that enables users to access content, information, electronic mail, or other services offered over the Internet, and may also include access to proprietary content, information, and other services as part of a package of services offered to consumers. Such term does not include telecommunications services.” 47 U.S.C. § 231(e)(4); 15 U.S.C. § 7702(11). Defendants unsuccessfully argued that only ISPs have standing to sue as IASs. The court rejected that argument, holding that Peacefire qualifies as an IAS because it provides “further access” to the Internet, even though it does not provide consumers with an initial connection point as an ISP. The plain language of this definition, according to the court, does not require an IAS to provide Internet connectivity to end users.

Continue Reading...
Tags: , , , , , , , ,