Privacy Law Blog : May 2010

Home > May 2010

FTC Extends (Yet Again) Enforcement Deadline for Identity Theft Red Flags Rule

Posted on May 28, 2010 by Andrew Hoffman

The Federal Trade Commission announced today that it is once again extending the deadline for enforcing its “Red Flags” Rule, while Congress considers legislation that would affect the scope of entities covered by the Rule. The FTC is delaying enforcement of the Rule until December 31, 2010 in response to a request from members of Congress who are working to finalize legislation that would limit the scope of business covered by the Rule.

Tags: FTC, Identity Theft, red flag, red flag rule, red flag rules, red flags, red flags rule

Third-Party Bank Remains Caught Between an Order Compelling Production and Malaysian Law - Coercive Sanctions Recommended

Posted on May 27, 2010 by Nolan Goldberg

Our April 1, 2010 blog entry discussed the March 8, 2010 Order in Gucci Amer., Inc. v. Curveal Fashion, No. 09 Civ. 8458 (S.D.N.Y.) (the “Order”), compelling the third-party U.S. parent (the “U.S. Parent”) of a foreign bank, to produce documents located at its subsidiary, despite claims that such production was illegal under Malaysian banking secrecy laws. The entry concluded by noting that:

This opinion illustrates the no-win situation that foreign corporations continue to be placed in by the tension between U.S. courts and foreign law, and underscores the importance of raising foreign-law based discovery objections as early and in as detailed a manner as possible in order to maximize the chances of successfully navigating this conflict.

Id. Subsequent history in this matter further illustrates the seriousness of this predicament.

Tags: Miscellaneous, blocking statutes, discovery, foreign relations, production

FTC to Investigate Digital Copy Machine Privacy Risks

Posted on May 24, 2010 by Charley Lozada

On May 11, 2010, the Federal Trade Commission responded to a letter previously submitted by Congressman Edward Markey which voiced concern over privacy risks relating to digital copiers.

Tags: Miscellaneous

Heartland Payment Systems Enters into its Third Settlement Agreement Arising from 2008 Data Breach

Posted on May 24, 2010 by Kevin Khurana

Nearly two years after Heartland Payment Systems, Inc. (“Heartland”) experienced one of the largest customer data security breaches in history, it entered into its third settlement agreement with a card company. (In addition to its settlements with card companies, on April 30, 2010 Heartland received preliminary approval for a consumer class-action settlement that could cost it up to $2.4 million.) Having already entered into settlement agreements with Visa for up to $60 million and American Express for up to $3.6 million, Heartland announced on May 19, 2010 that it entered into a settlement agreement with MasterCard that could result in as much as $41.1 million being paid to eligible MasterCard card issuers for losses resulting from the breach.

Tags: Data Breaches, credit card, heartland, settlement

Everybody Likes Free Stuff: Draft Privacy Legislation Seeks To Enhance Consumer Protections Without Disrupting Ad-Supported Internet Business Model

Posted on May 18, 2010 by Brendon Tavelli

A draft Congressional bill released Tuesday, May 3 aims enhance consumer privacy protections both online and offline and establish a national framework for the collection, use and security of consumer information, superseding state law requirements regarding the collection, use and disclosure of the information it covers. The draft legislation, sponsored by Congressmen Rick Boucher (D, Va.) and Cliff Stearns (R, Fla.), recognizes the importance of online advertising in supporting free online content and services and attempts to extend privacy protections without disruption of this business model. The bill's sponsors have requested comments on the draft by June 4th, and stakeholder meetings may also be scheduled to discuss the draft and receive comments.

Click here to learn more about the draft legislation, and stay tuned for updates as the comment period proceeds.

Tags: Boucher, Congress, Data Privacy Laws, Stearns, federal, legislation, marketing, online

Application of New Massachusetts Data Security Regulations to Out-of-State Businesses

Posted on May 12, 2010 by Amy Crafts

Massachusetts’s new data security regulations, effective as of March 1, 2010, currently set forth the country’s most stringent requirements for protecting data. Extending beyond what is required by other states, Massachusetts specifies that, for example, covered entities must implement a written information security program and must encrypt personal information that will be transmitted over the Internet, or that is kept on laptops and other portable devices. Massachusetts regulators and enforcement agencies would likely make the following three arguments that out of state entities must also comply with the new regulations.

Tags: Data Privacy Laws

Mexico Passes Sweeping New Law on Data Protection

Posted on May 11, 2010 by Jeremy Mittman

On April 27, 2010, a sweeping new law on data protection was passed by the Mexican Senate, clearing the way for the President to sign the landmark legislation, which provides for penalties up to an astounding $1.5 million for violations under the law. The new Federal Law for the Protection of Personal data (la Ley Federal de Protección de Datos Personales en posesión de los particulares), prescribes, among other things, the manner with which both private and public entities must treat the collection, use, and disclosure of personal data relating to Mexican citizens.

Tags: International

If You Let Them Build It, They Will Come: Regulatory Agencies Release Model Privacy Notice Online Form Builder

Posted on May 6, 2010 by Kevin Khurana

More than five months ago, eight federal regulatory agencies released their final model privacy notice form (“Model Form”) (which we blogged about here) to help financial institutions satisfy the disclosure requirements established by the Gramm-Leach-Bliley Act (“GLBA”) and help consumers understand how these institutions collect and share their information. On April 15, 2010, those same agencies attempted to ease the burden of completing the Model Form by releasing an Online Form Builder.

Tags: Financial Privacy, GLBA, Gramm-Leach-Bliley Act, financial institution, model form, privacy disclosure, privacy notice

Robocalling. Easy. Doing it right? Maybe not so much . . .

Posted on May 4, 2010 by Brendon Tavelli

On April 27, 2010, the Federal Trade Commission announced separate settlements with women’s clothing retailer Talbots and its telemarketer SmartReply, Inc. for violations of the Telemarketing Sales Rule (“TSR”). In two separate complaints filed in the U.S. District Courts for the District of Massachusetts (Talbots) and the Central District of California (SmartReply), the FTC alleged that the companies violated the TSR’s prerecorded message requirements in connection with seven advertising campaigns between February and July 2009. Specifically, the FTC alleged that SmartReply’s robocalls on behalf of Talbots (and J. Jill) did not allow consumers to opt out of future calls until they had listened to almost all of the prerecorded solicitation or failed to provide instructions to consumers about how to be added to the do-not-call list; did not immediately disconnect consumers that chose to opt out and instead connected them to another prerecorded advertisement before allowing them to opt out by pressing an additional prompt; and failed to notify live call recipients of their right to opt out at any time during the call.

Tags: Direct Marketing, FTC, TSR, prerecorded, robocall, settlement, telemarketing