Privacy Law Blog : March 2008

Home > March 2008

Consumer Advocates Target Online Behavioral Advertising: Broad Regulation Threatens to Impede Delivery of Relevant Advertising and Business Models for Free Online Content

Posted on March 27, 2008 by Proskauer Rose LLP

In the wake of the December 2007 FTC statement proposing self-regulatory principles for businesses that are engaged in online behavioral targeting (click here for earlier blog post), that activity has continued to provoke consumer groups who advocate for government regulation. The legislature in New York has taken notice and is considering a first of its kind bill, the Third Party Internet Advertising Consumer's Bill of Rights Act of 2008, to regulate third parties Internet advertisers’ tracking activities. The New York legislature’s activity coincides with significant opposition in the European Union to online behavioral advertising practices.

Online behavioral targeting is the process of tracking online users’ behavior and serving ads tailored to that behavior. While the methods vary, the primary methods used online are cookie-based, conveying to advertisers web pages a user visits. Companies may also use search data. This information is sometimes combined with demographic data such as geographic location, to help further personalize advertisements. Glossed over by consumer groups is the fact that tracking usually is conducted anonymously with data collected linked only to a computer’s Internet Protocol (IP) address, not name or other personally identifiable information. In addition, responsible Internet companies are expected to provide clear notice and opportunities for consumers not to participate in such programs. Still, consumer groups have seized on reports of Internet Service Providers contracting with companies such as Nebu-Ad, Phorm and Adzilla who use so-called “deep packet inspection” to collect data on every page a user visits rather than just those that are part of an online advertising network.

The ongoing debate over online behavioral targeting is significant not only because such targeting enables consumers to receive ads that are more relevant and useful to them, but as the FTC has recognized, restrictions that inhibit companies’ ability to obtain advertising revenue may fundamentally affect the ability of the Internet to continue to offer valuable content for free. Continue Reading...

SEC Seeks to Better Protect Investors' Privacy With Proposed Amendments to Regulation S-P

Posted on March 17, 2008 by Scott J. Carpenter

In light of growing concerns over identity theft, data breaches, and the hacking of online brokerage accounts, the Securities and Exchange Commission (“SEC”) has recently proposed new amendments to Regulation S-P – the SEC’s existing privacy rules mandated under the Gramm-Leach-Bliley Act. The SEC’s unanimous approval of these proposed rules signals the Commission’s desire to more closely align its privacy guidelines with those of the Federal Trade Commission (“FTC”) and the Federal Banking Agencies, which adopted data breach notice rules in 2005. For regulated companies, however, the amendments could mean additional costs and liabilities. Continue Reading...

Tags: Data Privacy Laws, Financial Privacy, Gramm-Leach-Bliley Act, Regulation S-P, SEC, broker-dealers, investment companies

FTC Sets Sights on Goal: Student Lender Taken to School for Data Security Breakdowns

Posted on March 17, 2008 by Proskauer Rose LLP

On March 4 the FTC announced that a consent agreement has been reached in its 17th case challenging data security practices by a company handling sensitive consumer information. Goal Financial, LLC, a San Diego-based student loan company, has agreed to implement a comprehensive information security program, avoid future misrepresentations about its data security practices, and receive independent, third-party audits of its data security program every two years for the next 10 years. The consent order does not provide for a civil fine.

According to the FTC's Complaint, Goal Financial "failed to provide reasonable and appropriate security for consumers' sensitive personal information" starting no later than September 1, 2004. The company's faulty security practices allowed employees to transfer over 7000 consumer files containing personally identifying information and financial histories to third parties. Additionally, in 2006 a Goal Financial employee allegedly sold company hard drives containing sensitive personal information of approximately 34,000 consumers in readable text.

Tags: FTC, FTC Enforcement, Federal Trade Commission, GLBA Privacy Rule, GLBA Safeguards Rule, Gramm-Leach-Blilely Act, Gramm-Leach-Bliley, consent order, personal information, personally identifiable information

Seller Beware: Florida district court rules that FACTA applies to electronic receipts and receipts printed in stores

Posted on March 3, 2008 by Proskauer Rose LLP

The Southern District of Florida has held that the Fair Credit Reporting Act (FACTA), applies to both electronic receipts from online purchases and receipts printed in stores. In Grabein v. 1-800-Flowers.com, Inc., 07-22235-CIV, 2008 WL 343179 (S.D. Fla. Jan. 29, 2008), Plaintiff filed a class action lawsuit after he used a credit card to purchase flowers through Defendant’s website and received a receipt that contained both Plaintiff's truncated credit card number and the card’s expiration date. Plaintiff alleged that printing both pieces of information violated FACTA, which provides:

No person that accepts credit cards or debit cards for the transaction of business shall print more than the last five digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of the sale or transaction. 15 U.S.C. § 1681c(g).

Tags: FACTA, Financial Privacy

Privacy Law Blog
Proskauer Rose LLP

Beijing Room 1569, 15/F China World Tower 3
1 Jianguomenwai Avenue
Chaoyang District
Beijing 100004
China
Phone: 86.10.5737.2622

Boca Raton 2255 Glades Road
Suite 421 Atrium
Boca Raton, FL 33431-7360
Phone: 561.241.7400

Boston One International Place
Boston, MA 02110-2600
Phone: 617.526.9600

Chicago Three First National Plaza
70 West Madison
Suite 3800
Chicago, IL 60602-4342

Hong Kong Suites 1701-1705, 17/F
Two Exchange Square
8 Connaught Place
Central, Hong Kong
Phone: 852.3410.8000

London Ninth Floor
Ten Bishops Square
London E1 6EG
United Kingdom
Phone: 44.20.7539.0600

Los Angeles 2049 Century Park East
32nd Floor
Los Angeles, CA 90067-3206
Phone: 310.557.2900

Newark One Newark Center
Newark, NJ 07102-5211
Phone: 973.274.3200

New Orleans Poydras Center
650 Poydras Street
Suite 1800
New Orleans, LA 70130-6146
Phone: 504.310.4088

New York Eleven Times Square
New York, NY 10036-8299
Phone: 212.969.3000

Paris 374 rue Saint-Honoré
75001 Paris, France
Phone: 33.1.53.05.60.00

São Paulo Rua Funchal, 418
26° andar
04551-060 São Paulo, SP, Brasil
Phone: 55.11.3045.1250

Washington, D.C. 1001 Pennsylvania Avenue, NW
Suite 400 South
Washington, DC 20004-2533
Phone: 202.416.6800

Privacy Law Blog : Privacy Lawyers & Attorneys : Proskauer Rose Law Firm : CAN-SPAM, FCRA, FACTA

Proskauer

Consumer Advocates Target Online Behavioral Advertising: Broad Regulation Threatens to Impede Delivery of Relevant Advertising and Business Models for Free Online Content

SEC Seeks to Better Protect Investors' Privacy With Proposed Amendments to Regulation S-P

FTC Sets Sights on Goal: Student Lender Taken to School for Data Security Breakdowns

Seller Beware: Florida district court rules that FACTA applies to electronic receipts and receipts printed in stores

Kristen J. Mathews

Jeff Neuburger

Chandi Abeygunawardana

Peta-Anne Barrow

Amy Crafts

Margaret A. Dale

Nolan Goldberg

Kevin Khurana

Marianne Le Moullec

Charley Lozada

Cecile Martin

Jeremy Mittman

Natalie Newman

Robyn Sterling

Brendon Tavelli

Paresh Trivedi

Robert D. Forbes

Proskauer on Privacy