Privacy Law Blog
Kristen J. Mathews

Kristen J. Mathews

Partner

Kristen J. Mathews is head of the Privacy & Cybersecurity Group and a member of the Technology, Media & Telecommunications Group.

Kristen focuses her practice on technology, e-commerce and media-related transactions and advice, with concentrations in the areas of data privacy, data security, direct marketing and online advertising. She regularly advises clients on a wide range of matters, including privacy and data security compliance, customer authentication, responding to data security breach incidents, preparing privacy and data security policies, data profiling, behavioral marketing, open source software issues, financial privacy, children's privacy, international privacy, health care privacy, identity theft prevention, geolocational privacy, mobile marketing, social networking, payment card data security and telematics.

Subscribe to all posts by Kristen J. Mathews

Maine Makes Marketing Minors “Predatory”

In mid-September, Maine’s “Act to Prevent Predatory Marketing Practices against Minors” is scheduled to take effect.  Due to the lack of a scienter element in several of the requirements of this new law, this Act could have far-reaching consequences for all businesses that engage in direct marketing or that sell or transfer personal information to … Continue Reading

WEP vs WPA – What You Need to Know

In the context of wireless network security, we hear a lot about WEP vs WPA, but these technologies are not widely understood, especially among attorneys. WEP and WPA are two alternative ways to secure a wireless network from unauthorized interception, and WPA is more secure than WEP. In fact, researchers have reported consistently for several … Continue Reading

FTC Tells Sears That Consumer Disclosures Must be More Conspicuous

Over the course of the last decade, many companies have become accustomed to notifying consumers of their data collection practices in their online privacy policy.  However, in a recent proposed settlement, the FTC indicated that, at least under the facts before them, disclosures that were “buried” in a privacy policy were not sufficient. On June … Continue Reading

What elementary school did you go to?

I don’t know, but I could probably find out.  There is an increasing amount of discussion within the information security industry about whether the use of “security questions” to unlock forgotten passwords is a sound practice.  Many web sites ask users to answer personal questions upon registration, so that those questions and answers can be … Continue Reading

Red Flag Rules Blindside Retailers, But Extension of Compliance Deadline Helps

Last month, we blogged about whether the Red Flag Rules apply to medical care providers.  According to the FTC, they may also apply to retailers. The Federal Trade Commission’s recently released “how-to” guide says that the Red Flag Rules apply to “retailers that offer financing or help consumers get financing from others, say, by processing credit applications.” However, most … Continue Reading

Privacy Issues When “Computing in the Cloud”

When a company is considering using cloud computing in its IT infrastructure, there are some privacy issues that need to be addressed. While the value of cloud computing certainly holds much promise, companies wishing to make the leap into the cloud would be well advised to consider the potential privacy issues.  Cloud computing, in its … Continue Reading

One Reputable Retailer Takes a $7M Hit On Text Messages

On September 10, 2008, Timberland Company, an outdoor clothing and shoe merchant, along with co-defendant ad agencies GSI Commerce Inc. (“GSI”) and AirIt2Me Inc. (“AirIt2Me”), settled charges brought under the Telephone Consumer Protection Act (“TCPA”) arising from unsolicited text messages advertising Timberland’s holiday sale.  Pursuant to the settlement, Timberland must employ best practices in future … Continue Reading

MA Issues New Rules for the Protection of Personal Information

The September 2008 issue of “A Moment of Privacy,” a monthly e-newsletter brought to you by the Privacy and Data Security Practice Group of Proskauer Rose, LLP, has been released. This month’s question was “I understand that Massachusetts’ new information security rule reaches beyond what other states require. What do these new rules mean for … Continue Reading

New CAN-SPAM Rule Gives Long-Awaited Answers

On May 12, 2008 the Federal Trade Commission issued its long awaited final set of rules under the CAN-SPAM Act of 2003 (the “Act”). The rule: Modifies the term “sender” with respect to multi-advertiser e-mails; Clarifies the opt-out request process; Defines the term “person”; and Clarifies the meaning of “valid physical postal address” of the … Continue Reading

Emerging Standards For Mobile Marketing

Many B2C companies are beginning to explore marketing to consumers’ wireless devices using text messaging (“SMS,” or “short message service”) and MMS messaging (“Multi-media Messaging Service”). They may even target their promotions based on where the recipient is physically located using the wireless device’s GPS technology. They also may target their promotions to teens and tweens. What legal issues should … Continue Reading
LexBlog