On April 5, 2013, New Mexico joined six other states (including, among others, Utah, Maryland and California) in passing a new law prohibiting employers from requesting or requiring that a prospective employee provide access to his or her social networking accounts. Proskauer’s Labor & Employment group has discussed the new law here.
Following a growing trend among states, on March 26, 2013, the Utah legislature passed the Internet Employment Privacy Act, which prohibits employers from requesting that job applicants or employees disclose passwords protecting their personal internet accounts. Proskauer’s Labor & Employment group has discussed the new law here.
Ever on the forefront of consumer privacy protection, California is again making news in the privacy world with the California Attorney General’s recent publication of “Privacy on the Go: Recommendations for the Mobile Ecosystem,” which includes privacy recommendations for app developers, app platform providers, mobile ad networks, makers of operating systems and mobile carriers. With… Continue Reading
The FTC published on September 5, 2012 guidelines for mobile application developers to assist them observe truth-in-advertising and basic privacy principles when marketing their applications.
The Sixth Circuit Court of Appeals recently held that a computer fraud rider to a “Blanket Crime Policy” covers losses from a hacker’s theft of customer credit card and checking account data.
On the heels of Vermont’s recent amendment to its data breach notification law, Connecticut’s legislature recently amended its own data breach notification law. The amended law will take effect on October 1, 2012.
On May 8th, Vermont became the most recent state to amend its security breach notification law. Among the many changes, companies that are affected by a data breach are now required to notify the Attorney General of Vermont within 45 days after the discovery or notification of the breach.
Maryland became the first state to pass legislation that prohibits employers from asking employees and job applicants for their social media passwords.
On April 11, 2012, Katharine Parker, a partner in Proskauer’s Labor & Employment Law Department, discussed privacy concerns that arise when an employer demands access to its employees’ social media accounts.
The FTC released its final report titled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Business and Policymakers” which sets forth principles that companies are recommended to follow with respect to their privacy practices.
There have been a number of class action lawsuits recently filed in California state courts against businesses for allegedly violating California’s Shine the Light privacy law.
FrostWire LLC (a P2P file-sharing software company) agreed to change the default privacy settings on its mobile and desktop applications and agreed to clearly disclose its applications’ content sharing options pursuant to a settlement agreement with the FTC which resulted from claims by the FTC that FrostWire’s content sharing practices violated the FTC Act.
Playdom, Inc., an online game company owned by Disney, and Playdom’s CEO, Howard Marks, agreed to pay $3 million to settle charges brought by the FTC that they violated COPPA by collecting, using and disclosing the personal information of children under the age of 13 without their parents’ prior, verifiable consent. The $3 million settlement is the largest civil penalty ever for a COPPA violation.
The maker of Rascal Scooters agreed to pay $100,000 as a civil penalty to settle a complaint filed by the FTC alleging that Rascal Scooters violated the FTC Act and the FTC’s Telemarketing Sales Rule.
In a unanimous decision on March 1, 2011, the Supreme Court held in FCC v. AT&T that corporations do not have personal privacy rights under the Freedom of Information Act, reversing a 2009 Third Circuit decision.
On Thursday, October 28, 2010, the PCI SSC promulgated version 2.0 of its Data Security Standard and its Payment Application Data Security Standard (“PA DSS”).
In a handful of cases, including two which were recently decided, companies have been thwarted in various, unexpected ways by the commitments made in their online privacy policies.
The Supreme Court of California held that Vonage did not violate California law by sending commercial e-mail advertisements to individuals from multiple domain names for the purpose of bypassing e-mail filters.
Heartland Payment Systems, Inc. reached a settlement with MasterCard on May 19, 2010 for losses resulting from Heartland’s massive 2008 data security breach.
The eight regulatory agencies that released the final model privacy notice form that satisfies the disclosure requirements under the Gramm-Leach-Bliley Act have released an Online Form Builder to assist financial institutions in meeting their obligations under the act.
On February 16, 2010, the EU Article 29 Working Party published Opinion 1/2010, in which it clarified the definitions of “data controller” and “data processor” as those designations are used within the European Data Protection Directive. The Working Party’s opinion is welcome guidance, as such designations are often difficult to apply in practice, especially given the increasing complexity of globalization, organizational differentiation, and information and communication technologies.
The European Commission has updated its Standard Contractual Clauses which govern the transfer of personal data from data exporters within the European Union to data processors outside of the European Union.