Andrew Hoffman : Privacy Law Blog

Home > Andrew Hoffman

Andrew Hoffman

Andrew L. Hoffman is an Associate in the Litigation & Dispute Resolution Department, resident in the Boca Raton office. Andrew has worked on matters involving a broad range of practice areas, including fiduciary litigation, commercial litigation, and privacy and data security law.Prior to joining Proskauer, Andrew served as an interim law clerk to Judge Mark E. Polen of the Florida Fourth District Court of Appeal. While in law school, Andrew competed and won best brief awards in three appellate advocacy competitions as a member of his school’s Moot Court Board. He served as a research assistant to Professor and Dean Emeritus Jon L. Mills, who wrote on matters of privacy law and policy. After his first year of law school, Andrew served as a judicial intern to U.S. District Judge Steven D. Merryday of the Middle District of Florida. Additionally, he was selected to serve as a teaching assistant for the first-year legal writing and appellate advocacy courses.Andrew is certified as an information privacy professional (CIPP) by the International Association of Privacy Professionals. He blogs on Proskauer’s Privacy Law Blog, and he assisted in writing and editing two of the firm’s treatises, Proskauer on Privacy and A Practical Guide to the Red Flag Rules.

Articles By This Author

Facebook Accedes to the FTC's Poke, Settles FTC's Charges

Posted on December 7, 2011 by Andrew Hoffman

Facebook recently agreed to settle charges by the Federal Trade Commission (FTC) that Facebook violated the FTC Act. The FTC-Facebook settlement, which is still subject to final FTC approval, prohibits Facebook from making misrepresentations about the privacy or security of its users’ personal information, requires Facebook to obtain users’ affirmative consent before enacting changes that override the users’ privacy preferences, and requires Facebook to prevent anyone from accessing material posted by a user more than 30 days after such user deleted his or her account. Similar to the March 2011 FTC-Google settlement, the Facebook settlement requires that Facebook enact a comprehensive privacy program and not misrepresent its compliance with the US-EU Safe Harbor Principles. As we previously reported, these two requirements are relatively new FTC settlement terms, which were first used in March 2011.

Tags: FTC, FTC Enforcement, Facebook, affirmative consent, deceptive, privacy, privacy by design, safe harbor, settlement, unfair

Class Action Lawsuit Against Data Broker for Inaccurate Information Dismissed for Lack of Standing

Posted on September 27, 2011 by Andrew Hoffman

A putative class action lawsuit against data broker Spokeo.com for violations of the Fair Credit Reporting Act (FCRA) and California’s Unfair Competition Law was recently dismissed for lack of standing.

Tags: Miscellaneous, dismiss, frca, spokeo, standing

Emerging Electronic Receipt Option Requires Creative Thinking for Retailers under State Law

Posted on August 19, 2011 by Andrew Hoffman

Recently, several large retail chains have started offering customers the option to receive electronic receipts for in-store purchasers, as the New York Times reports. For instance, a cashier may ask a customer for his or her email address at check-out and then email the receipt to the customer. Paperless receipt programs offer retailers new and exciting marketing opportunities—for instance, adding a retail store purchaser’s email address to the company’s customer relationship management database, even if that customer never shops online. But with these new opportunities come potential liabilities from old laws that were not written with this new technology in mind.

Tags: Direct Marketing, check-out, crm, customer relationship management, email, paperless, receipt, retail privacy, retailer, song-beverly

FTC-Google Settlement Marks Two "Firsts" in FTC Privacy Enforcement

Posted on April 12, 2011 by Andrew Hoffman

Google recently settled charges by the Federal Trade Commission (FTC) that Google’s social networking service, Buzz, violated the FTC Act. The FTC-Google settlement prohibits Google from misrepresenting the extent to which it maintains and protects the confidentiality of users’ information and from misrepresenting its compliance with the US-EU Safe Harbor Framework. In that regard, the settlement represents two important “firsts” in FTC enforcement:

The first time a comprehensive privacy program (as opposed to a comprehensive security program) was required by an FTC consent decree.
The first time the FTC has enforced the US-EU Safe Harbor Principles for substantive non-compliance.

Tags: Enforcement, FTC, FTC Enforcement, Google, Online Privacy, comprehensive privacy program, consent order, safe harbor

International Cellular Network Industry Association Releases Privacy Principles

Posted on February 2, 2011 by Andrew Hoffman

Hot on the trail of the FTC’s recent report on privacy, the GSMA, the London-based industry association representing over 800 cellular network operators worldwide, released its “high-level” Mobile Privacy Principles (the “Principles”) on January 27, 2011. The Principles were released with the goal of creating a “robust and effective framework for the protection of privacy” to promote users’ confidence and trust in mobile applications. These Principles encourage a “privacy by design” approach to mobile privacy and encourage a consistent and harmonized approach to privacy across mobile services and applications. Such Principles are highly relevant after the surge in mobile computing made possible by mobile devices, such as the iPhone, Blackberry, and Droid.

The two boldest aspects of the Principles are found in the definitions—namely, in how “personal information” is defined and in the broad responsibility of privacy espoused by the Principles.

Tags: Electronic Communications, GSMA, International, cell phone, cellular privacy, mobile privacy, privacy, privacy principles

No job? Bad credit? No problem! (In Illinois.)

Posted on August 23, 2010 by Andrew Hoffman

Illinois recently enacted legislation that broadly restricts a private employer from using credit reports regarding job applicants or current employees. Subject to certain exceptions, an employer may not inquire about, order, or obtain a job applicant’s credit report, or fail or refuse to hire or recruit an individual based on the individual’s credit report or history. With respect to current employees, an employer may not discharge or otherwise discriminate against an employee because of the employee’s credit history or credit report. The law also prevents an employer from requiring an applicant or employee to waive any rights under the new law and prohibits retaliatory and discriminatory acts by the employer. Importantly, the law creates a private right of action for an individual to seek injunctive relief and damages and provides for prevailing-party attorneys’ fees.

Tags: Financial Privacy, Illinois, Workplace Privacy, credit check, credit report, employee, employer, hiring

Twitter's Settlement With the FTC Demonstrates that "Reasonable Security" Isn't Only About Online Commerce

Posted on June 28, 2010 by Andrew Hoffman

The social networking and micro-blogging service Twitter recently agreed to settle charges with the Federal Trade Commission (FTC) regarding its privacy and data security practices. Similar to settlement terms reached with other online merchants, the settlement bars Twitter from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information. Notably, the agreement also requires Twitter to maintain a comprehensive information security program and submit to audits of the program for 10 years. The settlement agreement does not include a monetary penalty. The FTC alleged that despite Twitter’s promises on its website to protect the personal information of its users, Twitter’s practices failed to provide reasonable and appropriate security. Unlike many of the other companies that the FTC has pursued regarding online security practices, Twitter does not sell goods online or collect financial information from its users.

Tags: FTC, FTC Enforcement, Identity Theft, Online Privacy, Twitter, hackers, reasonable security, settlement, social networking, tweet

FTC Extends (Yet Again) Enforcement Deadline for Identity Theft Red Flags Rule

Posted on May 28, 2010 by Andrew Hoffman

The Federal Trade Commission announced today that it is once again extending the deadline for enforcing its “Red Flags” Rule, while Congress considers legislation that would affect the scope of entities covered by the Rule. The FTC is delaying enforcement of the Rule until December 31, 2010 in response to a request from members of Congress who are working to finalize legislation that would limit the scope of business covered by the Rule.

Tags: FTC, Identity Theft, red flag, red flag rule, red flag rules, red flags, red flags rule

It's Not Too Late to Come to the Party: Mississippi Joins 45 Other States by Enacting a Security Breach Notification Law

Posted on April 13, 2010 by Andrew Hoffman

On April 7, 2010, Mississippi Governor Haley Barbour signed H.B. 583, making his state the forty-sixth state with a security breach notification law on the books.

Tags: Data Breaches, breach notification, data breach, mississippi, unencrypted

Florida Supreme Court Holds CGL Policy Covers an "Advertising Injury" Based Upon a TCPA Violation

Posted on February 13, 2010 by Andrew Hoffman

The Florida Supreme Court recently held that a commercial general liability (“CGL”) insurance policy that provides coverage for an “advertising injury” covers a violation of the Telephone Consumer Protection Act (“TCPA”). Penzer v. Transp. Ins. Co., No. SC08-2068, 2010 WL 308043 (Fla. Jan. 28, 2010). The definition of “advertising injury” in the CGL policy at issue provided coverage for an “injury arising out of” the “[o]ral or written publication of material that violates a person’s right of privacy.” Id. at *4. The policy at issue had no relevant exclusions. Id. at *5-6.

Tags: CGL, Direct Marketing, Florida, Invasion of Privacy, insurance, right to seclusion, tcpa

Older Entries

January 22, 2010 — District Court Rules TCPA Applies to Text Messages Even Though Recipient Not Charged to Receive the Message

Privacy Law Blog
Proskauer Rose LLP

Beijing Room 1569, 15/F China World Tower 3
1 Jianguomenwai Avenue
Chaoyang District
Beijing 100004
China
Phone: 86.10.5737.2622

Boca Raton 2255 Glades Road
Suite 421 Atrium
Boca Raton, FL 33431-7360
Phone: 561.241.7400

Boston One International Place
Boston, MA 02110-2600
Phone: 617.526.9600

Chicago Three First National Plaza
70 West Madison
Suite 3800
Chicago, IL 60602-4342

Hong Kong Suites 1701-1705, 17/F
Two Exchange Square
8 Connaught Place
Central, Hong Kong
Phone: 852.3410.8000

London Ninth Floor
Ten Bishops Square
London E1 6EG
United Kingdom
Phone: 44.20.7539.0600

Los Angeles 2049 Century Park East
32nd Floor
Los Angeles, CA 90067-3206
Phone: 310.557.2900

Newark One Newark Center
Newark, NJ 07102-5211
Phone: 973.274.3200

New Orleans Poydras Center
650 Poydras Street
Suite 1800
New Orleans, LA 70130-6146
Phone: 504.310.4088

New York Eleven Times Square
New York, NY 10036-8299
Phone: 212.969.3000

Paris 374 rue Saint-Honoré
75001 Paris, France
Phone: 33.1.53.05.60.00

São Paulo Rua Funchal, 418
26° andar
04551-060 São Paulo, SP, Brasil
Phone: 55.11.3045.1250

Washington, D.C. 1001 Pennsylvania Avenue, NW
Suite 400 South
Washington, DC 20004-2533
Phone: 202.416.6800

Privacy Law Blog : Privacy Lawyers & Attorneys : Proskauer Rose Law Firm : CAN-SPAM, FCRA, FACTA

Proskauer

Andrew Hoffman

Facebook Accedes to the FTC's Poke, Settles FTC's Charges

Class Action Lawsuit Against Data Broker for Inaccurate Information Dismissed for Lack of Standing

Emerging Electronic Receipt Option Requires Creative Thinking for Retailers under State Law

FTC-Google Settlement Marks Two "Firsts" in FTC Privacy Enforcement

International Cellular Network Industry Association Releases Privacy Principles

No job? Bad credit? No problem! (In Illinois.)

Twitter's Settlement With the FTC Demonstrates that "Reasonable Security" Isn't Only About Online Commerce

FTC Extends (Yet Again) Enforcement Deadline for Identity Theft Red Flags Rule

It's Not Too Late to Come to the Party: Mississippi Joins 45 Other States by Enacting a Security Breach Notification Law

Florida Supreme Court Holds CGL Policy Covers an "Advertising Injury" Based Upon a TCPA Violation

Older Entries

January 22, 2010 — District Court Rules TCPA Applies to Text Messages Even Though Recipient Not Charged to Receive the Message

Kristen J. Mathews

Jeff Neuburger

Peta-Anne Barrow

Scott J. Carpenter

Amy Crafts

Margaret A. Dale

Nolan Goldberg

Andrew Hoffman

Charley Lozada

Cecile Martin

Jeremy Mittman

Natalie Newman

Robyn Sterling

Brendon Tavelli

Paresh Trivedi

Robert D. Forbes

Proskauer on Privacy