Privacy Law Blog
Andrew Hoffman

Andrew Hoffman

Subscribe to all posts by Andrew Hoffman

Facebook Accedes to the FTC’s Poke, Settles FTC’s Charges

Facebook recently agreed to settle charges by the Federal Trade Commission (FTC) that Facebook violated the FTC Act. The FTC-Facebook settlement, which is still subject to final FTC approval, prohibits Facebook from making misrepresentations about the privacy or security of its users' personal information, requires Facebook to obtain users' affirmative consent before enacting changes that override the users' privacy preferences, and requires Facebook to prevent anyone from accessing material posted by a user more than 30 days after such user deleted his or her account. Similar to the March 2011 FTC-Google settlement, the Facebook settlement requires that Facebook enact a comprehensive privacy program and not misrepresent its compliance with the US-EU Safe Harbor Principles. As we previously reported, these two requirements are relatively new FTC settlement terms, which were first used in March 2011. … Continue Reading

Emerging Electronic Receipt Option Requires Creative Thinking for Retailers under State Law

Recently, several large retail chains have started offering customers the option to receive electronic receipts for in-store purchasers, as the New York Times reports. For instance, a cashier may ask a customer for his or her email address at check-out and then email the receipt to the customer. Paperless receipt programs offer retailers new and exciting marketing opportunities--for instance, adding a retail store purchaser's email address to the company's customer relationship management database, even if that customer never shops online. But with these new opportunities come potential liabilities from old laws that were not written with this new technology in mind. … Continue Reading

FTC-Google Settlement Marks Two “Firsts” in FTC Privacy Enforcement

Google recently settled charges by the Federal Trade Commission (FTC) that Google's social networking service, Buzz, violated the FTC Act. The FTC-Google settlement prohibits Google from misrepresenting the extent to which it maintains and protects the confidentiality of users' information and from misrepresenting its compliance with the US-EU Safe Harbor Framework. In that regard, the settlement represents two important "firsts" in FTC enforcement. … Continue Reading

Twitter’s Settlement With the FTC Demonstrates that “Reasonable Security” Isn’t Only About Online Commerce

The social networking and micro-blogging service Twitter recently agreed to settle charges with the Federal Trade Commission (FTC) regarding its privacy and data security practices. Similar to settlement terms reached with other online merchants, the settlement bars Twitter for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information. Notably, the agreement also requires Twitter to maintain a comprehensive information security program and submit to audits of the program for 10 years. The settlement agreement does not include a monetary penalty. The FTC alleged that despite Twitter's promises on its website to protect the personal information of its users, Twitter's practices failed to provide reasonable and appropriate security. Unlike many of the other companies that the FTC has pursued regarding online security practices, Twitter does not sell goods online or collect financial information from its users. … Continue Reading

FTC Extends (Yet Again) Enforcement Deadline for Identity Theft Red Flags Rule

The Federal Trade Commission announced today that it is once again extending the deadline for enforcing its "Red Flags" Rule, while Congress considers legislation that would affect the scope of entities covered by the Rule. The FTC is delaying enforcement of the Rule until December 31, 2010 in response to a request from members of Congress who are working to finalize legislation that would limit the scope of business covered by the Rule. … Continue Reading

Florida Supreme Court Holds CGL Policy Covers an “Advertising Injury” Based Upon a TCPA Violation

The Florida Supreme Court recently held that a commercial general liability ("CGL") insurance policy that provides coverage for an "advertising injury" covers a violation of the Telephone Consumer Protection Act ("TCPA"). The definition of "advertising injury" in the CGL policy at issue provided coverage for an "injury arising out of" the "[o]ral or written publication of material that violates a person's right of privacy." In finding that coverage existed, the court noted that the TCPA protects the privacy right to seclusion. … Continue Reading

District Court Rules TCPA Applies to Text Messages Even Though Recipient Not Charged to Receive the Message

The U.S. District Court for the Northern District of Illinois recently ruled that a plaintiff may maintain a suit for receiving an unsolicited text message under the Telephone Consumer Protection Act (TCPA) of 1991, even though the plaintiff was not actually charged for receiving the message. In the ruling, the court noted that in enacting the TCPA, Congress was concerned with consumers' privacy rights and the nuisances of telemarketing. … Continue Reading
LexBlog