Privacy Law Blog : Privacy Lawyers & Attorneys : Proskauer Rose Law Firm : CAN-SPAM, FCRA, FACTA

In December 2007, Texas became the first state to file COPPA enforcement actions, by separately suing the entities behind Gamesradar.com and TheDollPalace.com in the United States District Court for the Western District of Texas. The complaints are available as an attachment to the press release on the Texas Attorney General’s website. The defendants in those cases are California and New York – and not Texas – entities.

With little fanfare, Texas apparently settled its suit involving TheDollPalace.com ("where cartoon dolls live") in March 2008, and in doing so has imposed restrictions on content with no precedent in the COPPA consent decrees entered into by the Federal Trade Commission.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A new Act of Parliament gives the United Kingdom’s Information Commissioner’s Office (ICO) the authority to impose monetary penalties for misuse of personal data in violation of section 55 of the Data Protection Act of 1998 (DPA).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On May 22, 2008, the California Court of Appeal narrowed the scope of claims available under California’s Song-Beverly Credit Card Act of 1971, California Civil Code § 1747.08, ruling that the statute is subject to the one-year statute of limitations of Code of Civil Procedure section 340 and does not apply to merchandise returns.

• Email This
• Print
• Comments
• Trackbacks (1)
• Share Link

The European Data Protection Supervisor (EDPS) has come out in favor of the EU enacting data security breach notification laws.

The EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good data protection practices within the EU, both by monitoring the EU administration’s own data processing, as well as by commenting on pending legislation.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On May 9, 2008, Iowa Governor Chester Culver signed legislation (SF 2308) requiring any person who owns or licenses computerized data that includes a consumer's personal information to give notice of a breach of security. The law does not require notification if, after an appropriate investigation or after consultation with the relevant federal, state, or local agencies responsible for law enforcement, the person determined that no reasonable likelihood of financial harm to the consumers whose personal information has been acquired has resulted or will result from the breach.  Following is an updated list of the 43 state security breach notification laws (plus District of Columbia and Puerto Rico).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

My very first blog post addressed a precedent-setting decision of the Central District of California holding that federal agents could not conduct a border search of the private and personal information stored on a traveler’s computer hard drive or electronic storage devices without reasonable suspicion. Eighteen months later, the Ninth Circuit has squarely reversed that decision. In a short opinion filed April 21, 2008, Judge O’Scannlain wrote in U.S. v. Arnold, No. 06-50581, that "reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border." As far as the Ninth Circuit is concerned, for purposes of border searches under the Fourth Amendment, laptops and other electronic storage devices are not so much like a home or the human mind – they are more akin to luggage or a car.

• Email This
• Print
• Comments
• Trackbacks
• Share Link