As physicians, nurses, therapists and health care providers continue to utilize new smart phones, tablets, and laptops in caring for patients, the Department of Health and Human Services (“HHS”) has responded with educational videos, worksheets and guidance to help health care providers create a “culture of compliance and awareness” and to protect patients’ Protected Health… Continue Reading
Tag Archives: privacy
Asking for Your Digits: A Bill to Protect New Yorkers’ Privacy
Posted in MiscellaneousWhen Social Security Numbers were initially issued in 1936 as part of the New Deal Social Security program, few could foresee that this nine digit number would evolve beyond its limited purpose to become a universal identifier replete with privacy and identity theft implications. More and more, government agencies and private entities have required the… Continue Reading
The Right To Be Forgotten
Posted in ArticlesOn 25 January 2012, the European Commission published a proposed new data protection framework for the E.U. The new framework, unlike the current one, is to provide a consistent and harmonised set of rules for all 27 E.U. member states. One of the main objectives of the new framework is to better ensure that individuals know… Continue Reading
Friend Request Rejected: Maryland Bans Employers from Asking Employees for their Social Media Passwords
Posted in Workplace PrivacyMaryland became the first state to pass legislation that prohibits employers from asking employees and job applicants for their social media passwords.
Facebook Accedes to the FTC’s Poke, Settles FTC’s Charges
Posted in FTC EnforcementFacebook recently agreed to settle charges by the Federal Trade Commission (FTC) that Facebook violated the FTC Act. The FTC-Facebook settlement, which is still subject to final FTC approval, prohibits Facebook from making misrepresentations about the privacy or security of its users’ personal information, requires Facebook to obtain users’ affirmative consent before enacting changes that override the users’ privacy preferences, and requires Facebook to prevent anyone from accessing material posted by a user more than 30 days after such user deleted his or her account. Similar to the March 2011 FTC-Google settlement, the Facebook settlement requires that Facebook enact a comprehensive privacy program and not misrepresent its compliance with the US-EU Safe Harbor Principles. As we previously reported, these two requirements are relatively new FTC settlement terms, which were first used in March 2011.
HIPAA Privacy and Security Audit Pilot Program Takes Flight
Posted in Medical PrivacyOn November 8, 2011, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced details of its HIPAA Privacy and Security Audit Program. The OCR pilot program calls for approximately 150 audits of covered entities, which audits are intended to address privacy and security compliance, and assist OCR in assessing and identifying best practices as well as risks and vulnerabilities for health care entities. Although the pilot program is expected to immediately impact a small number of covered entities, it appears that OCR is increasing its efforts to enforce HIPAA and the HITECH Act.
India Issues Clarification of Recent Privacy Rules
Posted in InternationalAs mentioned in a prior post on this blog, earlier this year the Indian Ministry of Communications and Information Technology issued new privacy and data security rules under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (the “Privacy Rules”). The strict consent requirements relating to the collection… Continue Reading
Article Alert: Trivedi Talks Indian Privacy
Posted in InternationalIndia recently adopted a privacy and data security regulatory regime that fills the previous void of any such regulation with requirements that may force companies with operations in India and companies that outsource certain functions to Indian service providers to change the way they operate in order to comply. Visit our blog to see Proskauer attorney Paresh Trivedi’s article on the new Indian privacy rules.
Third Party Discovery of Foreign Bank Records Should First Proceed Under the Hague Convention
Posted in MiscellaneousWhere U.S. litigation discovery obligations were argued to be in conflict with foreign civil and criminal privacy statutes, many recent opinions found that discovery should proceed under the Federal Rules over the protest of the foreign data custodians. However, in SEC v. Stanford International Bank Ltd, the court departed from this pattern in finding that discovery should first proceed under the Hague convention in the interest of comity. While it is unclear the extent to which this approach will be followed by other courts in the future, the Stanford opinion illustrates that it is possible for litigants and third parties to successfully navigate cross border discovery conflicts even where privacy interests are at stake.
Broker and Compliance Officer of Broker-Dealer Firm Personally Fined by SEC for Customer Privacy Violations
Posted in Financial PrivacyOn April 7, 2011, the SEC announced that it had imposed fines of $20,000 each against the former president of a broker-dealer and a former broker for their actions in transferring customer information to a new firm as the defunct firm wound down. The SEC also fined the brokerage firm’s former chief compliance officer $15,000 for compliance failures and security breaches that took place at the defunct firm, some dating back to 2005. Visit our blog to learn more.
International Cellular Network Industry Association Releases Privacy Principles
Posted in Electronic Communications, InternationalHot on the trail of the FTC’s recent report on privacy, the GSMA, the London-based industry association representing over 800 cellular network operators worldwide, released its “high-level” Mobile Privacy Principles (the “Principles”) on January 27, 2011.
Please Ignore the Intrusion, We Just Have a Few Questions to Ask: Supreme Court Validates Background Checks for Government Contractors
Posted in Workplace PrivacyOn January 19, 2011, the U.S. Supreme Court held that the federal government has broad latitude to conduct background checks on contractors who work at government facilities. Assuming, without deciding, that two parts of a standard government employment background investigation implicated a constitutional privacy interest, the Court held that the government is permitted to ask reasonable employment-related questions that further the government’s interests in managing its internal operations, particularly where the results of such investigations are adequately protected from public disclosure.
What Do You Really Need to Know About the FTC’s Recent Report on Privacy?
Posted in Data Privacy LawsYesterday, we blogged about the FTC’s report released last week, “Protecting Consumer Privacy in an Era of Rapid Change.” But if the FTC’s recommendations become requirements, how would they change what the typical company is doing today?
Massachusetts Data Security Regulations: Your Company May Not Be Located There, But If Your Customers Are, You Need to Comply
Posted in Data Privacy LawsAs we’ve discussed in prior posts, newly effective regulations promulgated under Massachusetts’ recent data security law, Mass. Gen. Law ch. 93H, have raised the bar for data security compliance, and they have a long reach. The regulations are national and international in scope, as they apply to all companies – wherever located– using personal data… Continue Reading
Netflix Sued for “Largest Voluntary Privacy Breach To Date”
Posted in Invasion of PrivacyOn December 17, 2009, a class action suit was filed against online movie rental giant, Netflix, Inc., in the United States District Court for the Northern District of California. Plaintiffs in Doe v. Netflix are claiming that Netflix has “perpetrated the largest voluntary privacy breach to date.”
Special Radio Report: Oncidi Talks Privacy in the Workplace
Posted in Workplace PrivacyThere is an inherent tension between an employee’s right to privacy and an employer’s right — and obligation — to maintain a safe, productive, and hostility free environment at the office.
Flash Cookies — Back on the Radar
Posted in Behavioral Marketing, Online PrivacyWhen Flash cookies (also known as a “Local Shared Objects”) were first flagged as a privacy issue back in 2005, a few savvy companies added a disclosure about Flash cookies into their web site privacy policies. Since then, we have not heard the issue raised again. Now this sleeper issue seems to have been awakened by… Continue Reading
European Privacy Law And Social Networking
Posted in Data Privacy LawsWith social networking sites proliferating across international boundaries, privacy and data protection concerns are becoming increasingly relevant. With these concerns in mind, the Article 29 Working Party, an independent European advisory body on data protection and privacy, adopted an opinion on online social networking on June 12, 2009. As noted by the Working Party, the… Continue Reading
More on Cloud Compliance
Posted in Cloud ComputingI recently spoke with Lora Bentley of IT Business Edge regarding privacy, data security, and cloud computing — There’s More Than One Way to Tackle Privacy in the Cloud.
Consumer Advocacy Groups Request Federal Trade Commission Action To Stop Perceived “Threat” From Mobile Marketing
Posted in Behavioral MarketingIn a year when behavioral advertising was already expected to be at the top of the hot button privacy issues list, on January 13, 2008, the Center for Digital Democracy (“CDT”) and U.S. Public Interest Research Group (“US PIRG”) filed a document with the Federal Trade Commission (“FTC”) urging the FTC to investigate online mobile… Continue Reading
Department of Education Issues Final Regulations Amending FERPA
Posted in MiscellaneousThe Family Educational Rights and Privacy Act (20 U.S.C. 1232g; 34 CFR Part 99) (“FERPA”) imposes various requirements on educational institutions regarding the privacy of personally identifiable information contained in education records of students. On December 9, 2008, the U.S. Department of Education (“DOE”) published final rules amending the regulations that implement FERPA. … Continue Reading
Zip Codes not “Personal Identification Information” under California’s Song-Beverly Act
Posted in CaliforniaOn December 19, 2008, in Party City Corp. v. The Superior Court of San Diego County, the California Court of Appeal in the Fourth Appellate District held that zip codes are not "personal identification information" under California’s Song-Beverly Credit Card Act of 1971, California Civil Code Sec. 1747.08 (the "Act."). The Act prohibits a retailer… Continue Reading
Privacy under the 44th President? Will the New Administration Bring a New Playbook?
Posted in Miscellaneous, National SecurityAs we prepare to welcome both the 44th President and a revamped Congress to Washington, it is time to consider what privacy under the new administration will look like. Barack Obama polled strongly on the campaign trail as the candidate most likely to advance individual privacy rights, but are the pollsters a good indicator what… Continue Reading
“Boring” Couple Want to Stay That Way
Posted in Invasion of PrivacyGoogle Inc. (“Google”) has filed a motion to dismiss a complaint by a Pittsburgh couple, Aaron and Christine Boring (“the Borings”), over Google’s alleged invasion of the Borings’ privacy through Google’s Street View service.