The Right To Be Forgotten

Posted on May 15, 2012 by Peta-Anne Barrow

On 25 January 2012, the European Commission published a proposed new data protection framework for the E.U. The new framework, unlike the current one, is to provide a consistent and harmonised set of rules for all 27 E.U. member states. One of the main objectives of the new framework is to better ensure that individuals know what is happening to their personal data. To this end, the European Commission is proposing to introduce the ‘right to be forgotten’.

Continue Reading...
Tags: , , ,

GPS in the Workplace

Posted on April 30, 2012 by David Munkittrick

Earlier this year in United States v. Jones, the United State Supreme Court addressed the privacy implications of Global Positioning Systems (“GPS”), holding that placing a GPS tracking device on a suspect’s car was a “search” under the Fourth Amendment. Though a growing number of employers are using GPS systems to track employee activity on the job, the effect of the Supreme Court’s decision in the private sector remains unclear.

Continue Reading...
Tags: , , , , , , ,

First Data Breach Settlement Under HITECH--$1.5 million

Posted on April 27, 2012 by Robyn Sterling

HHS reached a settlement on March 12, 2012 with Blue Cross Blue Shield of Tennessee (“BCBST”) for $1.5 million stemming from a 2009 data breach. This settlement represents the first under the HITECH Act. 

Continue Reading...
Tags:

HHS Settlement for Lack of HIPAA Safeguards

Posted on April 24, 2012 by Robyn Sterling

One April 17, 2012, the United States Department of Health and Human Services Office for Civil Rights (“OCR”) reached a settlement with Phoenix Cardiac Surgery (“PSC”) for alleged violations of the HIPAA Privacy and Security Rules. 

Continue Reading...
Tags:

Massachusetts AGO Stresses the Importance of Encryption

Posted on April 23, 2012 by Amy Crafts

 The Massachusetts Attorney General’s Office ("AGO") has entered into an Assurance of Discontinuance (the "Settlement") with a Massachusetts company after allegations that the company failed to adequately protect personal information of Massachusetts residents. The AGO alleged that an employee of Maloney Properties, Inc. ("MPI") stored unencrypted personal information on a company laptop, and failed to follow the company’s written information security program ("WISP") that set forth the company’s standards for protecting personal information. MPI agreed to pay a fine of $15,000 in connection with the Settlement.

Continue Reading...
Tags: ,

Friend Request Rejected: Maryland Bans Employers from Asking Employees for their Social Media Passwords

Posted on April 20, 2012 by Kevin Khurana

Maryland became the first state to pass legislation (House Bill 964 and Senate Bill 433) that prohibits employers from asking employees and job applicants for their social media passwords.  The legislation also prohibits an employer from (a) taking, or threatening to take, disciplinary action for an employee’s refusal to disclose his or her password, or (b) failing to hire an applicant due to the applicant’s refusal to disclose his or her password.

Continue Reading...
Tags: , , , , ,

Katharine Parker Discusses Employer Access to Employee Social Media Accounts with the Christian Science Monitor

Posted on April 16, 2012 by Kevin Khurana

On April 11, 2012, Katharine Parker, a partner in Proskauer's Labor & Employment Law Department, discussed privacy concerns that arise when an employer demands access to its employees' social media accounts. Click here for the article.

Tags: , , , , , , ,

Smart Grid Technology Implicates New Privacy Concerns

Posted on March 30, 2012 by David Munkittrick

The smart grid is an advanced metering infrastructure made up of “smart meters” capable of recording detailed and near-real time data on consumer electricity usage.  That data would then be sent to utilities through a wireless communications network.  In recent years, utilities have increased the pace of smart meter deployment—smart meters are expected to be on 65 million homes by 2015.  A smart grid could deliver electricity more efficiently and would enable consumers to track and adjust their energy usage in real time through a home display.  But these new capabilities also implicate new privacy concerns.

Continue Reading...
Tags: , , , , , ,

FTC Releases Recommendations for Business and Policymakers

Posted on March 27, 2012 by Kevin Khurana

On March 26, 2012, the FTC released its final report titled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Business and Policymakers.”  The report reflects feedback from the FTC’s privacy roundtables as well as over 450 public comments received in response to its proposed framework released in December 2010.  The framework applies to all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer or other device, with an exemption for entities that collect only non-sensitive data from fewer than 5,000 consumers per year and do not share the data with third parties.

Continue Reading...
Tags: , , , , , , , , , , ,

GSMA Releases Privacy Design Guidelines to Increase Privacy Considerations for Mobile Apps

Posted on March 26, 2012 by Michelle E. Arnold

 A month after the Mobile Marketing Association released its Mobile Application Privacy Policy Framework (which we blogged about here), the GSM Association (GSMA) announced the release of its Privacy Design Guidelines for Mobile Application Development. The guidelines seek to provide developers with specific design points meant to enhance mobile application users’ abilities to guard personal information within mobile apps.

Continue Reading...
Tags: , , , , , , , , , ,

Google's New Privacy Policy Being Scrutinized by the French Data Protection Authority

Posted on March 12, 2012 by Marianne Le Moullec

Google launched a new privacy policy that took effect on March 1st, 2012. According to Google, the purpose of revising its privacy policy was to unify into one single privacy policy more than 60 different privacy policies across its wide array of products and services. 

Continue Reading...
Tags: , , , , , ,

Data Breach Case Research Paper Sheds Light

Posted on February 29, 2012 by Kristen J. Mathews

In a draft research paper titled "Empirical Analysis of Data Breach Litigation", three prominent scholars have collected and analyzed a sample of over 230 federal data breach lawsuits in order to deduce just what makes them tick.

Romanosky, Hoffman and Acquisti examined, for example, what factual and legal characteristics made a company more likely to be sued for a breach of personal data, and what made a data breach lawsuit more likely to settle.

As an interesting example, they found that the odds of a company being sued over a data breach are six times lower when the company offered free credit monitoring following the breach. They also examined the probability of lawsuit and settlement as a function of the causes of the breach and the types of data lost.

The researchers provided some very interesting summary data. For example, by coding data within the federal complaints, they found 87 unique causes of action brought by plaintiffs' attorneys. They also provided information on settlement amounts, attorney's fees awards and cy pres awards.

Any lawyer who handles data breach cases would likely find this article to provide valuable insights.

 

Tags: , , , ,

New York Court Finds Clinic Not Liable for Employee's Disclosure of PHI

Posted on February 28, 2012 by Robyn Sterling

A federal district court dismissed an action against an employer alleging vicarious liability for an employee’s dissemination of a patient’s protected health information (PHI) related to treatment for a sexually transmitted disease (STD). Specifically, the court found that the employer, a private New York medical clinic, was not vicariously liable for the actions of the employee because the employee was acting in a personal capacity which was beyond the scope of her employment.

Continue Reading...
Tags: , , , ,

French employees should check their privacy settings before posting on social media platforms

Posted on February 28, 2012 by Cecile Martin

It may seem obvious to a lay person that employees should refrain from insulting their companies on social media due to the threat of termination for cause; however, there are contradictory legal principles that apply to the use of social media by employees which can be used both for and against employees (i.e. freedom of speech, right to privacy, data protection laws, an employer’s right to take disciplinary action, public insult offense, etc.) As a consequence, there is uncertainty as to whether an employer can use its employees’ postings made on social media websites to sanction them.

Continue Reading...
Tags: , , , , , ,

Finally, A Home for Mobile App Privacy Policies - But One With A Financial "Catch"

Posted on February 27, 2012 by Kristen J. Mathews

On February 22, 2012, California’s Attorney General, Kamala D. Harris, entered into an agreement with several leading providers of mobile devices and app stores to increase consumer privacy protection for mobile applications or “apps.” Under the agreement’s terms, these companies have agreed to redesign their app stores to provide a location for app developers to display their privacy policies.

California has long taken privacy – including technology-related privacy – seriously. Article 1, Section 1 of the California Constitution recognizes privacy as an inalienable right. California’s Online Privacy Protection Act of 2003 (“CalOPPA”) provides substantial consumer privacy protection by requiring any “operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California” to post a conspicuous privacy policy detailing, for example, the categories of personally identifiable information collected from users and the categories of third-parties with whom the information may be shared.

Continue Reading...
Tags: , , , ,