Privacy Law Blog
Scott Carpenter

Scott Carpenter

Subscribe to all posts by Scott Carpenter

Ninth Circuit: ECPA Protects Stored Communications of Foreign Citizens

In a recent decision, the Ninth Circuit held that "the ECPA unambiguously applies to foreign citizens." In Suzlon Energy Ltd. v. Microsoft, Suzlon Energy demanded Microsoft to produce emails from the Hotmail email account of an Indian citizen imprisoned abroad. The district court held that the Electronic Communications Privacy Act ("ECPA") prohibited Microsoft from producing the documents even though the individual was not a U.S. citizen. The Ninth Circuit affirmed. … Continue Reading

Judge Finds Injury-in-Fact Adequately Alleged in RockYou Data Breach Action

Where others have failed, Alan Claridge did not. Recently, a Federal judge in the Northern District of California declined to dismiss Plaintiff Claridge’s claims arising from a data breach involving the social entertainment site RockYou. Arguing that the data breach harmed the value of his personal information, Plaintiff convinced the court not to dismiss his action for … Continue Reading

Credit Report Resellers Settle FTC Charges Over Poor Security

The Federal Trade Commission recently announced that it reached a settlement with three consumer credit report resellers whose information security practices and procedures were not sufficient to prevent hackers to obtain more than 1,800 consumer credit reports without authorization. The settlement resolves allegations that the resellers violated the Fair Credit Reporting Act, the FTC Act and … Continue Reading

Data Breach Class Action Fails – Court Dismisses Securities Fraud Case Against Heartland

On December 7, 2009, a federal district court sitting in New Jersey dismissed a securities fraud class action lawsuit against Heartland Payment Systems arising from a massive breach of credit and debit card information and, in doing so, reinforced the difficulties private plaintiffs face in bringing data breach lawsuits under the federal securities laws.… Continue Reading

Third Time’s A Charm: FTC Delays Enforcement Of The Red Flags Rule Again

The Federal Trade Commission (“FTC”) announced today that, for the third time, it will delay enforcement of the Red Flags Rule until November 1, 2009 – a year after the original November 1, 2008 compliance deadline. In delaying enforcement yet again, the Commission stated that it intends to engage in an “expanded business education campaign” in … Continue Reading

EPIC Petitions for a Closer Look at the Cloud – Privacy Group Asks the FTC to Investigate Google Cloud Computing for Inadequate Safeguards and Unfair and Deceptive Trade Practices

The Electronic Privacy Information Center (“EPIC”) recently filed a complaint with the Federal Trade Commission (“FTC”) accusing Google of failing to implement adequate privacy and data security safeguards and engaging in unfair and deceptive trade practices related to its “cloud computing” services.… Continue Reading

Federal Court Enjoins Sale of Keylogger Program

A U.S. District Court for the Middle District of Florida recently issued a preliminary injunction ordering CyberSpy Software, LLC to stop promoting and selling “RemoteSpy,” a keylogger software program that, once installed on a computer, collects information regarding use of the computer.… Continue Reading

FTC Suspends Enforcement of Red Flag Rules For Six Months

The Federal Trade Commission (“FTC”) recently announced that it will not enforce the new Red Flag Rules until May 1, 2009, giving financial institutions and creditors an additional six months to comply by developing and implementing a written identity theft prevention program.  In an Enforcement Policy Statement released on October 22, 2008, the FTC acknowledged … Continue Reading

California’s Financial Information Privacy Act Affiliate Sharing Provisions Narrowly Survive Complete Preemption

On September 4, 2008, in American Bankers Association v. Lockyer, No. 05-17163, 2008 WL 4070308 (9th Cir. Sept. 4, 2008), the Ninth Circuit Court of Appeals revived part of the California Financial Information Privacy Act (“S.B. 1”), allowing consumers to opt-out of certain information-sharing activities between financial institutions and their affiliates. Previously, in the 2005 case … Continue Reading

CDA Protects MySpace from Underage User’s Negligence Claim

On May 16, 2008 the U.S. Court of Appeals for the Fifth Circuit agreed with a number of other courts, holding that the Communications Decency Act (“CDA”) (47 U.S.C. Sec. 230) protects social networking websites from liability with respect to negligence claims based on third-party content published on the website and the consequences stemming from … Continue Reading

Immunity Under the CDA Has Its Limits According to Two Recent Federal Court Decisions

Website Operator Can Be Held Liable for State Intellectual Property Violations A federal district court in New Hampshire recently ruled that Section 230 of the Communications Decency Act of 1996 (“CDA”) does not prevent a state law right of publicity claim against a Website operator. In Doe v. Friendfinder Network, Inc., No. 07-286, 2008 WL 803947 … Continue Reading

SEC Seeks to Better Protect Investors’ Privacy With Proposed Amendments to Regulation S-P

In light of growing concerns over identity theft, data breaches, and the hacking of online brokerage accounts, the Securities and Exchange Commission (“SEC”) has recently proposed new amendments to Regulation S-P – the SEC’s existing privacy rules mandated under the Gramm-Leach-Bliley Act. The SEC’s unanimous approval of these proposed rules signals the Commission’s desire to more … Continue Reading

DHS Says Infrastructure More Vulnerable to Cyber Attacks; Private Businesses Told to Be Vigilant

Businesses are on notice to pay more attention to computer security in order to protect business assets and private information, and to thwart infiltrations that threaten interconnected computers.  And help is available from the United States Computer Emergency Readiness Team (“US-CERT”). Department of Homeland Security (“DHS”) Secretary Michael Chertoff and Assistant Secretary of Cybersecurity Greg Garcia recently warned … Continue Reading
LexBlog