Privacy Law Blog : Privacy Lawyers & Attorneys : Proskauer Rose Law Firm : CAN-SPAM, FCRA, FACTA

On June 25, 2010, Judge Richard Berman of the U.S. District Court of the Southern District of New York granted summary judgment to The Bank of New York Mellon Corp. in Hammond v. The Bank of New York Mellon Corp., dismissing in its entirety a putative class action lawsuit arising from the loss of backup tapes containing personal information in the spring of 2008. In coming to his decision, Judge Berman rejected the plaintiffs’ arguments that they had standing to pursue their claims for negligence, negligence per se, breach of implied contract, breach of fiduciary duty as well as for violations of certain state consumer protection laws. He held that “Plaintiffs lack standing because their claims are future-oriented, hypothetical and conjectural.” The court also held that even assuming, arguendo, that plaintiffs could be said to have standing to pursue such claims, each of their claims would fail because the plaintiffs failed to show that they suffered any actual harm as a result of the tape loss incident.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The social networking and micro-blogging service Twitter recently agreed to settle charges with the Federal Trade Commission (FTC) regarding its privacy and data security practices. Similar to settlement terms reached with other online merchants, the settlement bars Twitter from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information. Notably, the agreement also requires Twitter to maintain a comprehensive information security program and submit to audits of the program for 10 years. The settlement agreement does not include a monetary penalty. The FTC alleged that despite Twitter’s promises on its website to protect the personal information of its users, Twitter’s practices failed to provide reasonable and appropriate security.  Unlike many of the other companies that the FTC has pursued regarding online security practices, Twitter does not sell goods online or collect financial information from its users.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

According to a federal court in the Northern District of California, United States border agents may not search a laptop without a warrant several months after the agents seized the laptop.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On June 17, 2010, in a decision authored by Justice Anthony Kennedy, the U.S. Supreme Court unanimously overturned a decision by the U.S. Court of Appeals for the Ninth Circuit in a case involving an employee’s assertion that a government employer had violated the Fourth Amendment by unreasonably obtaining and reviewing personal text messages sent and received on employer-issued pagers.  Click here to read our Client Alert about this important decision.

In case you were wondering, we previously reported on the Ninth Circuit's decision, and denial of rehearing en banc, in Quon v. Arch Wireless here and here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Federal Trade Commission scored a victory over spyware with a recent settlement with a company that will prohibit it from marketing its keylogging software as a “100 percent undetectable” way to “Spy on Anyone, From Anywhere.”

• Email This
• Print
• Comments
• Trackbacks
• Share Link

As we've discussed in prior posts, newly effective regulations promulgated under Massachusetts’ recent data security law, Mass. Gen. Law ch. 93H, have raised the bar for data security compliance, and they have a long reach.  The regulations are national and international in scope, as they apply to all companies – wherever located-- using personal data of Massachusetts residents.

Although the deadline for compliance with the Regulations – March 1, 2010 – has come and gone, many companies – both within Massachusetts, but particularly outside of Massachusetts – are not yet, in fact, compliant. These companies are finding themselves in a position of playing "compliance catch-up." Even companies that were compliant with applicable law prior to the enactment of the Regulations are obligated to review where they stand in light of these new requirements. 

In an article just published by the Washington Legal Foundation, we review the requirements of the Massachusetts law and Regulations, including the required written information security program, constraints on third-party providers and vendors, and enforcement mechanisms, among other topics.  "The Bay State Raises the Bar on Personal Data Security: Are You in Compliance?," by Jeffrey D. Neuburger and Natalie Newman is available here.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On May 28, 2010, in an unpublished decision, the U.S. Court of Appeals for the Ninth Circuit affirmed the California district court’s dismissal of a class action lawsuit against retailer Gap, Inc. because, among other things, the plaintiff failed to show that the loss of his personal information harmed him in a legally cognizable way. We previously wrote about the district court’s dismissal here.

• Email This
• Print
• Comments
• Trackbacks
• Share Link