Privacy Law Blog

Tag Archives: privacy

Delaware Enacts Comprehensive Online Privacy Protection Law

On January 1, 2016, the Delaware Online Privacy and Protection Act (“DOPPA”) will go into force, a law that provides strong online privacy protection for its residents.  The new law targets three areas of compliance: (1) advertising to children; (2) conspicuous posting of a compliant privacy policy; and (3) enhancing the privacy protections of users … Continue Reading

The European Commission Issues Guidance on Alternative Cross-Border Data Transfer Tools

Today, one month after the European Court of Justice decision that invalidated the Safe Harbor framework, the European Commission (the “Commission”) issued a Communication setting forth its position on alternative tools for the lawful transfer of personal data from the EU to the United States.  The Commission also stated its objective to conclude negotiations with … Continue Reading

German DPAs Announce Policy Severely Limiting Mechanisms for Lawful Germany-to-U.S. Data Transfers

Over the course of the coming weeks, we will examine the various options available to companies in light of the European Court of Justice’s (CJEU) decision invalidating the US-EU Safe Harbor framework, including model contracts, binding corporate rules (BCRs), consent and reliance on derogations. News out of Germany, however, indicates that a one-size-fits all approach … Continue Reading

School’s Out: COPPA’s Limiting Reach in the Classroom

On January 23, 2015, Senior Attorney Lesley Fair at the Federal Trade Commission (“FTC”) posted on the Agency’s business blog clarifying how the Children’s Online Privacy Protection Act (“COPPA”) applies to schools.  COPPA seeks to protect the privacy of children by allowing parents to control what personal information about their children under the age of … Continue Reading

Keep An Eye On Those Shiny, New Mobile Devices!

As physicians, nurses, therapists and health care providers continue to utilize new smart phones, tablets, and laptops in caring for patients, the Department of Health and Human Services (“HHS”) has responded with educational videos, worksheets and guidance to help health care providers  create a “culture of compliance and awareness” and to protect patients’ Protected Health … Continue Reading

Asking for Your Digits: A Bill to Protect New Yorkers’ Privacy

When Social Security Numbers were initially issued in 1936 as part of the New Deal Social Security program, few could foresee that this nine digit number would evolve beyond its limited purpose to become a universal identifier replete with privacy and identity theft implications. More and more, government agencies and private entities have required the … Continue Reading

The Right To Be Forgotten

On 25 January 2012, the European Commission published a proposed new data protection framework for the E.U. The new framework, unlike the current one, is to provide a consistent and harmonised set of rules for all 27 E.U. member states. One of the main objectives of the new framework is to better ensure that individuals know … Continue Reading

Facebook Accedes to the FTC’s Poke, Settles FTC’s Charges

Facebook recently agreed to settle charges by the Federal Trade Commission (FTC) that Facebook violated the FTC Act. The FTC-Facebook settlement, which is still subject to final FTC approval, prohibits Facebook from making misrepresentations about the privacy or security of its users' personal information, requires Facebook to obtain users' affirmative consent before enacting changes that override the users' privacy preferences, and requires Facebook to prevent anyone from accessing material posted by a user more than 30 days after such user deleted his or her account. Similar to the March 2011 FTC-Google settlement, the Facebook settlement requires that Facebook enact a comprehensive privacy program and not misrepresent its compliance with the US-EU Safe Harbor Principles. As we previously reported, these two requirements are relatively new FTC settlement terms, which were first used in March 2011. … Continue Reading

HIPAA Privacy and Security Audit Pilot Program Takes Flight

On November 8, 2011, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced details of its HIPAA Privacy and Security Audit Program. The OCR pilot program calls for approximately 150 audits of covered entities, which audits are intended to address privacy and security compliance, and assist OCR in assessing and identifying best practices as well as risks and vulnerabilities for health care entities. Although the pilot program is expected to immediately impact a small number of covered entities, it appears that OCR is increasing its efforts to enforce HIPAA and the HITECH Act. … Continue Reading

India Issues Clarification of Recent Privacy Rules

As mentioned in a prior post on this blog, earlier this year the Indian Ministry of Communications and Information Technology issued new privacy and data security rules under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 (the “Privacy Rules”). The strict consent requirements relating to the collection … Continue Reading

Article Alert: Trivedi Talks Indian Privacy

India recently adopted a privacy and data security regulatory regime that fills the previous void of any such regulation with requirements that may force companies with operations in India and companies that outsource certain functions to Indian service providers to change the way they operate in order to comply. Visit our blog to see Proskauer attorney Paresh Trivedi's article on the new Indian privacy rules. … Continue Reading

Third Party Discovery of Foreign Bank Records Should First Proceed Under the Hague Convention

Where U.S. litigation discovery obligations were argued to be in conflict with foreign civil and criminal privacy statutes, many recent opinions found that discovery should proceed under the Federal Rules over the protest of the foreign data custodians. However, in SEC v. Stanford International Bank Ltd, the court departed from this pattern in finding that discovery should first proceed under the Hague convention in the interest of comity. While it is unclear the extent to which this approach will be followed by other courts in the future, the Stanford opinion illustrates that it is possible for litigants and third parties to successfully navigate cross border discovery conflicts even where privacy interests are at stake. … Continue Reading

Broker and Compliance Officer of Broker-Dealer Firm Personally Fined by SEC for Customer Privacy Violations

On April 7, 2011, the SEC announced that it had imposed fines of $20,000 each against the former president of a broker-dealer and a former broker for their actions in transferring customer information to a new firm as the defunct firm wound down. The SEC also fined the brokerage firm's former chief compliance officer $15,000 for compliance failures and security breaches that took place at the defunct firm, some dating back to 2005. Visit our blog to learn more. … Continue Reading

Please Ignore the Intrusion, We Just Have a Few Questions to Ask: Supreme Court Validates Background Checks for Government Contractors

On January 19, 2011, the U.S. Supreme Court held that the federal government has broad latitude to conduct background checks on contractors who work at government facilities. Assuming, without deciding, that two parts of a standard government employment background investigation implicated a constitutional privacy interest, the Court held that the government is permitted to ask reasonable employment-related questions that further the government's interests in managing its internal operations, particularly where the results of such investigations are adequately protected from public disclosure. … Continue Reading

Massachusetts Data Security Regulations: Your Company May Not Be Located There, But If Your Customers Are, You Need to Comply

As we’ve discussed in prior posts, newly effective regulations promulgated under Massachusetts’ recent data security law, Mass. Gen. Law ch. 93H, have raised the bar for data security compliance, and they have a long reach.  The regulations are national and international in scope, as they apply to all companies – wherever located– using personal data … Continue Reading

Flash Cookies — Back on the Radar

  When Flash cookies (also known as a “Local Shared Objects”) were first flagged as a privacy issue back in 2005, a few savvy companies added a disclosure about Flash cookies into their web site privacy policies. Since then, we have not heard the issue raised again. Now this sleeper issue seems to have been awakened by … Continue Reading

European Privacy Law And Social Networking

  With social networking sites proliferating across international boundaries, privacy and data protection concerns are becoming increasingly relevant. With these concerns in mind, the Article 29 Working Party, an independent European advisory body on data protection and privacy, adopted an opinion on online social networking on June 12, 2009. As noted by the Working Party, the … Continue Reading