Header graphic for print
Privacy Law Blog

Tag Archives: privacy

Keep An Eye On Those Shiny, New Mobile Devices!

Posted in Data Breaches, HIPAA, Medical Privacy, Mobile Privacy, Workplace Privacy

As physicians, nurses, therapists and health care providers continue to utilize new smart phones, tablets, and laptops in caring for patients, the Department of Health and Human Services (“HHS”) has responded with educational videos, worksheets and guidance to help health care providers  create a “culture of compliance and awareness” and to protect patients’ Protected Health… Continue Reading

Asking for Your Digits: A Bill to Protect New Yorkers’ Privacy

Posted in Miscellaneous

When Social Security Numbers were initially issued in 1936 as part of the New Deal Social Security program, few could foresee that this nine digit number would evolve beyond its limited purpose to become a universal identifier replete with privacy and identity theft implications. More and more, government agencies and private entities have required the… Continue Reading

The Right To Be Forgotten

Posted in Articles

On 25 January 2012, the European Commission published a proposed new data protection framework for the E.U. The new framework, unlike the current one, is to provide a consistent and harmonised set of rules for all 27 E.U. member states. One of the main objectives of the new framework is to better ensure that individuals know… Continue Reading

Facebook Accedes to the FTC’s Poke, Settles FTC’s Charges

Posted in FTC Enforcement

Facebook recently agreed to settle charges by the Federal Trade Commission (FTC) that Facebook violated the FTC Act. The FTC-Facebook settlement, which is still subject to final FTC approval, prohibits Facebook from making misrepresentations about the privacy or security of its users’ personal information, requires Facebook to obtain users’ affirmative consent before enacting changes that override the users’ privacy preferences, and requires Facebook to prevent anyone from accessing material posted by a user more than 30 days after such user deleted his or her account. Similar to the March 2011 FTC-Google settlement, the Facebook settlement requires that Facebook enact a comprehensive privacy program and not misrepresent its compliance with the US-EU Safe Harbor Principles. As we previously reported, these two requirements are relatively new FTC settlement terms, which were first used in March 2011.

HIPAA Privacy and Security Audit Pilot Program Takes Flight

Posted in Medical Privacy

On November 8, 2011, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced details of its HIPAA Privacy and Security Audit Program. The OCR pilot program calls for approximately 150 audits of covered entities, which audits are intended to address privacy and security compliance, and assist OCR in assessing and identifying best practices as well as risks and vulnerabilities for health care entities. Although the pilot program is expected to immediately impact a small number of covered entities, it appears that OCR is increasing its efforts to enforce HIPAA and the HITECH Act.

India Issues Clarification of Recent Privacy Rules

Posted in International

As mentioned in a prior post on this blog, earlier this year the Indian Ministry of Communications and Information Technology issued new privacy and data security rules under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (the “Privacy Rules”). The strict consent requirements relating to the collection… Continue Reading

Article Alert: Trivedi Talks Indian Privacy

Posted in International

India recently adopted a privacy and data security regulatory regime that fills the previous void of any such regulation with requirements that may force companies with operations in India and companies that outsource certain functions to Indian service providers to change the way they operate in order to comply. Visit our blog to see Proskauer attorney Paresh Trivedi’s article on the new Indian privacy rules.

Third Party Discovery of Foreign Bank Records Should First Proceed Under the Hague Convention

Posted in Miscellaneous

Where U.S. litigation discovery obligations were argued to be in conflict with foreign civil and criminal privacy statutes, many recent opinions found that discovery should proceed under the Federal Rules over the protest of the foreign data custodians. However, in SEC v. Stanford International Bank Ltd, the court departed from this pattern in finding that discovery should first proceed under the Hague convention in the interest of comity. While it is unclear the extent to which this approach will be followed by other courts in the future, the Stanford opinion illustrates that it is possible for litigants and third parties to successfully navigate cross border discovery conflicts even where privacy interests are at stake.

Broker and Compliance Officer of Broker-Dealer Firm Personally Fined by SEC for Customer Privacy Violations

Posted in Financial Privacy

On April 7, 2011, the SEC announced that it had imposed fines of $20,000 each against the former president of a broker-dealer and a former broker for their actions in transferring customer information to a new firm as the defunct firm wound down. The SEC also fined the brokerage firm’s former chief compliance officer $15,000 for compliance failures and security breaches that took place at the defunct firm, some dating back to 2005. Visit our blog to learn more.

Please Ignore the Intrusion, We Just Have a Few Questions to Ask: Supreme Court Validates Background Checks for Government Contractors

Posted in Workplace Privacy

On January 19, 2011, the U.S. Supreme Court held that the federal government has broad latitude to conduct background checks on contractors who work at government facilities. Assuming, without deciding, that two parts of a standard government employment background investigation implicated a constitutional privacy interest, the Court held that the government is permitted to ask reasonable employment-related questions that further the government’s interests in managing its internal operations, particularly where the results of such investigations are adequately protected from public disclosure.

Massachusetts Data Security Regulations: Your Company May Not Be Located There, But If Your Customers Are, You Need to Comply

Posted in Data Privacy Laws

As we’ve discussed in prior posts, newly effective regulations promulgated under Massachusetts’ recent data security law, Mass. Gen. Law ch. 93H, have raised the bar for data security compliance, and they have a long reach.  The regulations are national and international in scope, as they apply to all companies – wherever located– using personal data… Continue Reading

European Privacy Law And Social Networking

Posted in Data Privacy Laws

  With social networking sites proliferating across international boundaries, privacy and data protection concerns are becoming increasingly relevant. With these concerns in mind, the Article 29 Working Party, an independent European advisory body on data protection and privacy, adopted an opinion on online social networking on June 12, 2009. As noted by the Working Party, the… Continue Reading

Consumer Advocacy Groups Request Federal Trade Commission Action To Stop Perceived “Threat” From Mobile Marketing

Posted in Behavioral Marketing

In a year when behavioral advertising was already expected to be at the top of the hot button privacy issues list, on January 13, 2008, the Center for Digital Democracy (“CDT”) and U.S. Public Interest Research Group (“US PIRG”) filed a document with the Federal Trade Commission (“FTC”) urging the FTC to investigate online mobile… Continue Reading

Department of Education Issues Final Regulations Amending FERPA

Posted in Miscellaneous

The Family Educational Rights and Privacy Act (20 U.S.C. 1232g; 34 CFR Part 99) (“FERPA”) imposes various requirements on educational institutions regarding the privacy of personally identifiable information contained in education records of students.  On December 9, 2008, the U.S. Department of Education (“DOE”) published final rules amending the regulations that implement FERPA.     … Continue Reading

Zip Codes not “Personal Identification Information” under California’s Song-Beverly Act

Posted in California

On December 19, 2008, in Party City Corp. v. The Superior Court of San Diego County, the California Court of Appeal in the Fourth Appellate District held that zip codes are not "personal identification information" under California’s Song-Beverly Credit Card Act of 1971, California Civil Code Sec. 1747.08 (the "Act."). The Act prohibits a retailer… Continue Reading

Privacy under the 44th President? Will the New Administration Bring a New Playbook?

Posted in Miscellaneous, National Security

  As we prepare to welcome both the 44th President and a revamped Congress to Washington, it is time to consider what privacy under the new administration will look like. Barack Obama polled strongly on the campaign trail as the candidate most likely to advance individual privacy rights, but are the pollsters a good indicator what… Continue Reading