Library of Congress

Note: External links, forms and search boxes may not function within this collection

« Back to Law Archives

minimize

Legal Blawgs Web Archive Collection

This is an archived Web site from the Library of Congress

http://privacylaw.proskauer.com/

Archived: 05/07/2009 at 23:34:53

first First (02/07/2008)    previous Previous  #16 of 26  Next next    Last (12/02/2009) last entry

Posted on May 1, 2009 by Kristen J. Mathews

Red Flag Rules Blindside Retailers, But Extension of Compliance Deadline Helps

Last month, we blogged about whether the Red Flag Rules apply to medical care providers.  According to the FTC, they may also apply to retailers. 

The Federal Trade Commission’s recently released “how-to” guide says that the Red Flag Rules apply to “retailers that offer financing or help consumers get financing from others, say, by processing credit applications.” However, most retailers have been caught off guard by this interpretation, since they are not accustomed to being considered “creditors.” Fortunately for them, in the nick of time for the May 1st compliance deadline, the FTC extended the deadline to August 1, 2009, giving retailers time to put their policies in place in a thoughtful and reasoned manner.

Continue Reading...
Tags: ,
Posted on April 22, 2009 by Brendon Tavelli

Feud of the Forms -- The Battle of The GLBA Notices

The U.S. Securities and Exchange Commission ("SEC”) announced on April 15, 2009 that it is reopening the period for public comment on proposed amendments to Regulation S-P, the SEC’s Gramm-Leach-Bliley Act (“GLBA”) implementing regulations. The SEC’s announcement follows the release of a report detailing the results of the second phase of the Interagency Notice Project (“INP”). The report by Drs. Alan Levy and Manoj Hastak, Consumer Comprehension of Financial Privacy Notices, uses the results of a mall-intercept study to compare the performance of a prototype financial privacy notice developed by the Kleimann Communication Group (“KCG”) during the first phase of the INP against three alternative notices. The Levy-Hastak report, among other things, confirms what proponents of the INP suspected – some GLBA privacy notices are largely ineffective in conveying information to consumers that allows them to make rational decisions about the sharing of their personal financial information.

Continue Reading...
Tags: , , , , , , , , ,
Posted on April 17, 2009 by Clifford Davidson

Oh, behave: EU cracks down on behavioral targeting in the U.K.

The European Commission announced this week that it might sue the United Kingdom if that country fails to limit the tracking and collection of users’ Internet browsing habits and personal information without prior consent. The United Kingdom until now has adopted a self-regulatory approach similar to that followed by the Federal Trade Commission (we reported on the FTC’s revised behavioral marketing principles in this blog post). However, the European Commission has suggested that such an approach is insufficient because user consent is not obtained prior to collection.

According to reports, the Commission appears to be concerned that the U.K.’s failure to require that behavioral marketers obtain user consent before tracking Internet behavior violates the European Union’s strict Data Privacy Directive. The Directive prohibits the "processing" (very broadly defined) of EU residents’ personal information (also very broadly defined) without such residents’ consent.

Tags: , , ,
Posted on April 15, 2009 by Tanya Forsheit

More on Cloud Compliance

I recently spoke with Lora Bentley of IT Business Edge regarding privacy, data security, and cloud computing -- There's More Than One Way to Tackle Privacy in the Cloud.

Tags: , , , , ,
Posted on April 9, 2009 by Tanya Forsheit

California District Court Closes the Gap Left by Ruiz

On Monday, the Northern District of California granted Gap, Inc.'s Motion for Summary Judgment in Ruiz v. Gap, Inc., et al., Case No. 07-5739 SC, holding that Ruiz's allegations of an increased risk of identity theft "do[] not rise to the level of appreciable harm necessary to assert a negligence claim under California law."

Continue Reading...
Tags: , , , , , , , , , ,
Posted on April 6, 2009 by Clifford Davidson

No Privacy Cause of Action for Od(e)ious Myspace.com Posting

According to a new, partially-published California Court of Appeal decision, there is no cause of action for invasion of privacy under the California Constitution where a plaintiff’s myspace.com posting is republished in a newspaper.   In Moreno et al. v. Hanford Sentinel, Inc., et al., F054138, slip op. (Cal. Ct. App. April 2, 2009), plaintiff Cynthia Moreno published on her myspace.com page “An ode to Coalinga,” in which she excoriated her hometown. She removed the Ode six days after she published it.

Before Ms. Moreno removed the Ode, the principal of Coalinga High passed the Ode on to the Editor of the Coalinga Record, which published the Ode, with Ms. Moreno’s first and last names, as a letter to the editor. The community reacted strongly (sometimes violently) and the Moreno family was forced to move from Coalinga. The Moreno family alleged that it suffered significant damages as a result.

The court held that Ms. Moreno’s publication of the Ode on myspace.com meant that the Ode was not private, and that Ms. Moreno’s expectation of a more limited myspace.com audience was of no consequence.  Further, the fact that she removed the Ode prior to publication in the Coalinga Record did not render the Ode private; “[t]he publication was not so obscure or transient that it was not accessed by others.”  Slip op. at 6.  Finally, the Court held that the Moreno family did not have standing to sue based on alleged invasion of Ms. Moreno’s privacy; “the right of privacy is purely personal.” Id.

It is not clear from the Court's opinion whether Ms. Moreno had protected her myspace.com page with some kind of privacy settings.  The outcome might have been different had Ms. Moreno explicitly alleged that she did so.  Because the court ruled at the demurrer stage, there was no evidence regarding that issue.

Tags: , , ,
Posted on April 1, 2009 by Kristen J. Mathews

Red Flag Rules Leave Health Care Industry Wondering

The health care industry has been waiting for resolution of the question: Do the Federal Trade Commission’s Identity Theft Red Flag Rules apply to health care providers? With the May 1st compliance deadline looming, health care providers need to know. 

The answer seems to depend on whom you ask. The Federal Trade Commission (“FTC”) and the American Medical Association (“AMA”) have been in discussions regarding this point for the last several months.* Most recently, in a February 4th letter to the AMA, the FTC reiterated its earlier position stating that the Red Flag Rules apply to health care providers who regularly defer payment for medical services. In a February 23rd letter responding to the FTC, the AMA “strongly objected” to the FTC’s interpretation and alleged that the FTC failed to comply with the Administrative Procedures Act (“APA”) since it did not explain in advance its rules’ application to health care providers nor provide the public with notice and opportunity to comment. In summary, the AMA asked the FTC to either withdraw its interpretation or conduct a new rulemaking procedure that complies with the APA. 
 

Continue Reading...
Tags: , , ,
Posted on March 30, 2009 by Scott J. Carpenter

EPIC Petitions for a Closer Look at the Cloud - Privacy Group Asks the FTC to Investigate Google Cloud Computing for Inadequate Safeguards and Unfair and Deceptive Trade Practices

The Electronic Privacy Information Center (“EPIC”) recently filed a complaint with the Federal Trade Commission (“FTC”) accusing Google of failing to implement adequate privacy and data security safeguards and engaging in unfair and deceptive trade practices related to its “cloud computing” services.

Continue Reading...
Tags: , , , , ,
Posted on March 13, 2009 by Clifford Davidson

U.K. Internet Publication Rule Upheld; Internet Viewings Constitute Republication

On March 10, 2009, the European Court of Human Rights held that the British Internet publication rule does not violate the right to free expression guaranteed by Article 10 of the European Convention. The case has profound implications for those bringing privacy- or disclosure-related tort claims based on materials available on the Internet – where U.K. law applies.

Continue Reading...
Tags: , , ,
Posted on March 2, 2009 by Jeff Neuburger

Will Congress Enact Data Security Breach Provisions This Year - ? Guess What, It Already Has

By Jeffrey D. Neuburger and Sara Krauss

Congress has been dithering over the adoption of a federal data security breach notice law for the last several years without coming to an agreement on a national standard for reporting breaches in the security of personal and financial data, but on February 17, data breach notice provisions applicable to health information were signed into law as part of the HITECH Act provisions of the massive economic stimulus legislation, H.R. 1 (111th Cong., 1st Sess. Feb. 17, 2009).

Beginning no later than September 16 of this year, "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA) will be required to give notice of breaches in the security of protected health information, and "business associates" of HIPAA-covered entities will be required to report such breaches to the covered entities. §13402(a) & (b). Currently, California and Arkansas are the only states that require that notification be given in the case of a breach in the security of medical or health insurance information.

Continue Reading...
Tags: , , , , ,