Header graphic for print
Privacy Law Blog

Jeremy M. Mittman

Jeremy M. Mittman Jeremy Mittman is an Associate in the Los Angeles office of Proskauer Rose LLP. Prior to joining the Los Angeles office in October 2006, he practiced in the Firm's New York office. Mr. Mittman represents employers in state and federal courts and before administrative bodies, including the National Association of Securities Dealers and the New York Department of Human Rights. He defends employers, at the trial and appellate court levels, in litigations involving wrongful discharge, sexual harassment, wage and hour class actions, breach of contract and employment discrimination. Mr. Mittman is also a member of Proskauer Rose's Privacy and Data Security Practice Group, and a large part of his practice is focused on international employment issues. He works with clients on multi-country HR projects involving issues such as data privacy in Global Human Resources Information Systems, multi-country employment contracts, international background checks, terminations, and other HR actions. Mr. Mittman is the author of several employment-related articles, including several that appeared in the New York Law Journal. Most recently, Mr. Mittman co-authored a chapter on International Data Privacy Law for the Practicing Law Institute’s 2006 treatise Proskauer On Privacy: A Guide to Privacy and Data Security in the Information Age. He received his B.A. in philosophy from the University of Pennsylvania and his J.D. from the University of Southern California School of Law, where he was an Articles Editor for the University of Southern California Law Review.

Posts by Jeremy M. Mittman

Singapore Issues New Regulations In Advance of Data Protection Law Entering Into Force

Posted in International

On July 2, 2014 Singapore’s new Personal Data Protection Act (the “PDPA” or the “Act”)) will go into force, requiring companies that have a physical presence in Singapore to comply with many new data protection obligations under the PDPA.   Fortunately, in advance of the Act’s effective date, the Singapore Personal Data Commission has recently promulgated… Continue Reading

European Union Parliament Makes Progress on Adopting Proposed EU Data Protection Regulation

Posted in European Union

On October 21, a key European parliamentary committee (the Committee on Civil Liberties, Justice and Home Affairs (“Committee”) approved an amended version of the draft EU Data Protection Regulation, paving the way for further negotiations with EU governmental bodies.  The goal, according to a press release by the Committee, is to reach compromise on the… Continue Reading

California Enacts New “Do Not Track” Disclosure Requirement Law for Websites

Posted in Legislation

On September 27, California Governor Jerry Brown signed a new privacy law that has significant repercussions for nearly every business in the United States that operates a commercial website or online service and collects “personally identifiable information” (which means, under the law, “individually identifiable information about an individual consumer collected online by the operator from that… Continue Reading

FTC Revamps COPPA Rule

Posted in Children's Online Privacy Protection Act

Two and a half years after initiating a review of the Children’s Online Privacy Protection Rule (the “Rule”), the Federal Trade Commission (FTC) announced on December 19, 2012 that the Rule will be amended to clarify perceived ambiguities and to strengthen the Rule’s protections for children who engage in online activities in light of significant… Continue Reading

FCC Approves New Rules Curbing “Robocalls”

Posted in Direct Marketing

In a move that will no doubt please many consumers, on February 15, 2012, the Federal Communications Commission approved a new set of rules aimed to substantially curb the practice of telemarketers to engage in "robocalling", or the placing of automatic, pre-recorded calls. The key development in the FCC’s 48 page Report and Order is… Continue Reading

Recent Amendments to Russian Data Protection Law Further Clarify International Data Transfer Rules

Posted in Data Privacy Laws

          On July 25, Russian President Dmitry Medvedev signed into law an amendment to the Russian data protection law, "On Personal Data".  The new amendments are effective as of July 1, 2011.  Of special significance, the amendments provide further clarification regarding the transfer of personal data to individuals or entities located outside of Russia.  Prior… Continue Reading

New Mexican Data Protection Law is Signed by the President

Posted in International

Earlier, we reported on the passage of a sweeping new data protection law in Mexico. Recently, the law went into effect earlier this month. The new law drastically expands the powers of Mexico’s data protection authority, which has now been renamed the "Federal Institute of Access to Information and Data Protection."

EU Article 29 Working Party Elevates Israel to Rank of Select Few Countries That Are Deemed to Possess “Adequate” Data Protection Laws

Posted in European Union

On January 5, 2010, the EU Article 29 Data Protection Working Party published an opinion finding that Israel provides an "adequate" level of data protection under the EU Data Protection Directive. Should the European Commission ("EC") adopt the Article 29 Working Party’s recommendation (and there is no reason to think that it would not), Israel… Continue Reading

FTC Continues Safe Harbor Enforcement Streak With Six New Proposed Settlements

Posted in European Union

On October 6, 2009, in one fell swoop, the Federal Trade Commission (“FTC”) announced proposed settlements of charges against six companies for violations under the US/EU Safe Harbor Program. Specifically, these companies (World Innovators, Inc.; ExpatEdge Partners LLC; Onyx Graphics, Inc.; Directors Desk LLC; Collectify LLC; and Progressive Gaitways LLC) were alleged to have continued… Continue Reading

French Data Protection Authority Releases New Opinion on Compliance with U.S. Discovery Procedures

Posted in European Union

On August 19, 2009, the French Data Protection Agency (also known as the "CNIL") released a new opinion (the "Opinion") on the transfer of personal data from France to a jurisdiction outside of Europe. The Opinion is noteworthy for describing how personal data can be transferred from France to the United States pursuant to U.S…. Continue Reading

FTC Enforces US/EU Safe Harbor Program For First Time

Posted in European Union

In early August, the Federal Trade Commission (“FTC”) announced the first enforcement action against a U.S. company for violation of the US/EU Safe Harbor Program. This enforcement action should serve as a call-to-action for all Safe Harbor program participants to review their safe harbor programs now, and re-affirm their compliance.  

E-Verify Litigation Resumes as Homeland Security Decides to Implement Mandatory Use Rule

Posted in Workplace Privacy

In January 2009, we reported on the postponement of a controversial federal regulation resulting from a legal challenge filed by Proskauer Rose on behalf of several trade organizations, including the U.S. Chamber of Commerce. The rule, the result of an executive order signed by then-President George W. Bush, requires most federal contractors and subcontractors to verify… Continue Reading

New Report Finds Much Room For Improvement in EU Data Protection Law

Posted in European Union

On May 12, 2009, the UK Information Commissioner’s Office (ICO) released a much anticipated report authored by the RAND Corporation assessing the strengths and weaknesses of the 1995 EU Data Protection Directive (95/46/EC) (the "Directive), the main source of privacy legislation in Europe. While the report highlighted a number of the Directive’s positive attributes, it… Continue Reading

EU High Court Strikes Down UK DNA Database on Privacy Grounds

Posted in European Union

In a landmark ruling, the European Court of Human Rights (ECHR)—Europe’s highest court to take up cases affecting the privacy rights of EU citizens—ruled that some aspects of the UK’s DNA database violated EU law.  Specifically, on December 4, the ECHR issued its decision, S. and Marper v. The United Kingdom (Applications 30562/04, 30566/04), holding… Continue Reading

EU Publishes New Guidance on Binding Corporate Rules

Posted in European Union

Binding corporate rules (“BCRs”) may now be easier to implement due to much needed guidance issued last month by the European Union’s Article 29 Working Party, the group responsible for the oversight of the EU’s data protection regime. The guidance consists of three documents, which clarify the requirements for establishing BCRs. These documents are: (1) a checklist… Continue Reading

EU Data Protection Watchdog Supports Data Breach Notification Law

Posted in European Union

The European Data Protection Supervisor (EDPS) has come out in favor of the EU enacting data security breach notification laws. The EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good data protection practices within the EU, both by monitoring the EU administration’s own data processing, as well as… Continue Reading

Anonymous in Arizona? Maybe Not.

Posted in Online Privacy

In a case of first impression, the Arizona Court of Appeals recently considered the ability of a litigant to determine the identity of an anonymous Internet user. Mobilisa, Inc v. Doe, Case No 1-CA-CV 06-0521, 2007 Ariz. App. LEXIS 225 (Ariz. Ct. App., November 27, 2007). While the Court did not require disclosure of an anonymous Internet… Continue Reading

First Subsidiary of a U.S. Based Multinational Company Fined for Data Protection Violations in France

Posted in European Union

Last month the French subsidiary of the U.S. based company, Tyco Healthcare, became the first local branch of a U.S. company to be fined for data protection violations. France’s data protection agency, La Commission Nationale de L’informatique et des Libertes (CNIL) levied a fine of 30,000 euro (or about $40,350) against the company after it… Continue Reading

EU Working Party Adopts Model Application Form for Binding Corporate Rules

Posted in European Union

On January 10, 2007 the Article 29 Data Protection Working Party announced the adoption of a new Model Application for the submission of a company’s Binding Corporate Rules to any European Union Data Protection Authority (DPA). The EU’s approval of the Model Application is long-awaited and a welcome addition to help make Binding Corporate Rules a… Continue Reading