Kevin Khurana is an Associate in the Corporate Department, resident in the New York office. While in law school, Kevin was a St. Thomas More scholar and president of the South Asian Law Students Association. He was an extern at the Sikh Coalition and assisted the Asian American Legal Defense and Education Fund (AALDEF) in its election protection efforts and was ultimately recognized for his commitment to pro bono service at graduation. He also spent part of his time during law school studying Chinese law at Peking University.
On September 27, 2013, California Governor Jerry Brown signed into law an amendment to California’s breach notification law (Cal. Civ. Code § 1798.82). Effective January 1, 2014, under the amended law, the definition of “Personal Information” will be expanded to include “a user name or email address, in combination with a password or security question… Continue Reading
On June 27, 2013, the NY Court of Appeals held that the state can use GPS tracking to monitor its employees during working hours without a warrant. Click here to read Proskauer’s Employment Law Counseling & Training Group’s discussion of the recent case.
Colorado on May 12, 2013 and Washington on May 21, 2013 joined the likes of California, Maryland, Utah and New Mexico by prohibiting employers from requesting that prospective and current employees disclose their username and password to their personal social media accounts. Our Labor & Employment group discussed the Colorado law here and the Washington… Continue Reading
On April 5, 2013, New Mexico joined six other states (including, among others, Utah, Maryland and California) in passing a new law prohibiting employers from requesting or requiring that a prospective employee provide access to his or her social networking accounts. Proskauer’s Labor & Employment group has discussed the new law here.
Following a growing trend among states, on March 26, 2013, the Utah legislature passed the Internet Employment Privacy Act, which prohibits employers from requesting that job applicants or employees disclose passwords protecting their personal internet accounts. Proskauer’s Labor & Employment group has discussed the new law here.
Ever on the forefront of consumer privacy protection, California is again making news in the privacy world with the California Attorney General’s recent publication of “Privacy on the Go: Recommendations for the Mobile Ecosystem,” which includes privacy recommendations for app developers, app platform providers, mobile ad networks, makers of operating systems and mobile carriers. With… Continue Reading
The FTC published on September 5, 2012 guidelines for mobile application developers to assist them observe truth-in-advertising and basic privacy principles when marketing their applications.
The Sixth Circuit Court of Appeals recently held that a computer fraud rider to a “Blanket Crime Policy” covers losses from a hacker’s theft of customer credit card and checking account data.
On the heels of Vermont’s recent amendment to its data breach notification law, Connecticut’s legislature recently amended its own data breach notification law. The amended law will take effect on October 1, 2012.
On May 8th, Vermont became the most recent state to amend its security breach notification law. Among the many changes, companies that are affected by a data breach are now required to notify the Attorney General of Vermont within 45 days after the discovery or notification of the breach.
Maryland became the first state to pass legislation that prohibits employers from asking employees and job applicants for their social media passwords.
On April 11, 2012, Katharine Parker, a partner in Proskauer’s Labor & Employment Law Department, discussed privacy concerns that arise when an employer demands access to its employees’ social media accounts.
The FTC released its final report titled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Business and Policymakers” which sets forth principles that companies are recommended to follow with respect to their privacy practices.
There have been a number of class action lawsuits recently filed in California state courts against businesses for allegedly violating California’s Shine the Light privacy law.
FrostWire LLC (a P2P file-sharing software company) agreed to change the default privacy settings on its mobile and desktop applications and agreed to clearly disclose its applications’ content sharing options pursuant to a settlement agreement with the FTC which resulted from claims by the FTC that FrostWire’s content sharing practices violated the FTC Act.
Playdom, Inc., an online game company owned by Disney, and Playdom’s CEO, Howard Marks, agreed to pay $3 million to settle charges brought by the FTC that they violated COPPA by collecting, using and disclosing the personal information of children under the age of 13 without their parents’ prior, verifiable consent. The $3 million settlement is the largest civil penalty ever for a COPPA violation.
The maker of Rascal Scooters agreed to pay $100,000 as a civil penalty to settle a complaint filed by the FTC alleging that Rascal Scooters violated the FTC Act and the FTC’s Telemarketing Sales Rule.
In a unanimous decision on March 1, 2011, the Supreme Court held in FCC v. AT&T that corporations do not have personal privacy rights under the Freedom of Information Act, reversing a 2009 Third Circuit decision.
On Thursday, October 28, 2010, the PCI SSC promulgated version 2.0 of its Data Security Standard and its Payment Application Data Security Standard (“PA DSS”).
In a handful of cases, including two which were recently decided, companies have been thwarted in various, unexpected ways by the commitments made in their online privacy policies.
The Supreme Court of California held that Vonage did not violate California law by sending commercial e-mail advertisements to individuals from multiple domain names for the purpose of bypassing e-mail filters.
Heartland Payment Systems, Inc. reached a settlement with MasterCard on May 19, 2010 for losses resulting from Heartland’s massive 2008 data security breach.