On December 1, 2022, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin to highlight the obligations of HIPAA-covered entities and business associates when using “online tracking technologies,” or what OCR describes as “script or code on a website or mobile
Mobile Privacy
Businesses That Use Consumer Data or Data Products (Everyone?) Take Heed: FTC Moves Ahead with Rulemaking Process on “Commercial Surveillance” Practices
On August 11, 2022, the Federal Trade Commission (FTC) issued an Advance Notice of Proposed Rulemaking (ANPR) and announced it was exploring a rulemaking process to “crack down on harmful commercial surveillance” and lax data security. The agency defines commercial surveillance as “the collection, aggregation, analysis, retention, transfer, or monetization…
With Regulators Increasing Focus on Spam Robocalls, Arkansas Follows Others States in Passing Anti-Spoofing Privacy Law
Unwanted robocalls reportedly totaled 26.3 billion calls in 2018, sparking more and more consumer complaints to the FCC and FTC and increased legislative and regulatory activity to combat the practice. Some automated calls are beneficial, such as school closing announcements, bank fraud warnings, and medical notifications, and some caller ID spoofing is justified, such as certain law enforcement or investigatory purposes and domestic violence shelter use. However, consumers have been inundated with spam calls – often with spoofed local area codes – that display fictitious caller ID information or circumvent caller ID technology in an effort to increase the likelihood consumers will answer or otherwise defraud consumers. To combat the rash of unwanted calls, Congress and federal regulators advanced several measures in 2019 and states have tightened their own telecommunications privacy laws in the past year. For example, within the last week, the Arkansas governor signed into law S.B. 514, which boosts criminal penalties for illegal call spoofing and creates an oversight process for telecommunications providers.
Regulators Offer Guidance on Privacy and Security for Health App Developers
This month, the Federal Trade Commission (FTC) issued guidance on privacy and security best practices for health-related mobile apps, such as fitness apps connected with wearables, diet and weight loss apps, and health insurance portals. At the same time, the FTC unveiled an interactive tool designed to direct health app developers to federal laws and regulations that may apply to their apps. The Mobile Health Apps Interactive Tool, which is the product of collaboration among the FTC, Department of Health and Human Services’ Office of National Coordinator for Health Information Technology (ONC), Office for Civil Rights (OCR), and the Food and Drug Administration (FDA), seeks to unify guidance in a space governed by a complicated web of legal requirements. It also signals the continued focus of regulators on the protection of consumer health information in this rapidly evolving space.
Recent State Enactments Regulating Unsolicited Text Messaging Could Have Broad Implications for Companies that Communicate to Customers’ Mobile Devices
Two states – New Jersey and Connecticut – have recently imposed additional legal conditions on electronic messaging to mobile devices. In a few ways, these laws may raise the bar for companies on compliance when sending text messages and possibly other forms of messaging to mobile devices.
On October 27, 2015, New Jersey Governor Chris Christie signed into law A-617, a bill prohibiting sending text message advertisements to New Jersey residents without the recipient’s prior permission, if the recipient could incur a charge or a usage allocation deduction for receiving the message. Prior permission must be express authorization from the intended recipient specifying the number to which the message may be sent, and may be revoked at any time. Violators may be penalized by a civil penalty imposed by the New Jersey Attorney General of up to $500 for the first offense and $1,000 each time after. The law also requires telecommunications companies to allow customers to block all incoming and outgoing text messages that result in charges or usage allocation deductions. The New Jersey law will become effective November 2016.
California Gives the Fourth Amendment a 21st Century Makeover
The average American today generates more media than they did at any other point in history, and the ease with which our communications, photos, and videos are sent and stored digitally means most of us have more media stored in the cloud or on a single digital device than previous generations would have created in an entire lifetime. However, even as the amount of media we create and store has increased, the laws governing its search and seizure have failed to keep up. Under federal law and the laws of most states, the same information may be subject to different levels of protection from government authorities depending on whether that information is in the form of an e-mail stored in the cloud or a letter stored in a desk drawer.
California is attempting to change that equation. On October 8, 2015, Governor Jerry Brown signed into law the California Electronic Communications Privacy Act (CalECPA, SB 178), a sweeping bill
District Court Rules That Smartphone Passcodes Are Testimonial; Protected by Fifth Amendment
In Securities and Exchange Commission v. Huang, the district court held that the Fifth Amendment protected two former employees against having to disclose their personal passcodes for company-issued smartphones to government officials. The decision, likely subject to appellate review, exemplifies the competing interests at play as individuals increasingly use company-issued smartphones for business and personal use.
Sixth Circuit Rules that “Pocket Dials” May Not Be Entitled to an Expectation of Privacy
In a move that may strike fear into the hearts of mobile phone owners everywhere, the Sixth Circuit recently ruled that a person’s “pocket dials” – those inadvertent calls made from a person’s mobile phone, generally when the phone is in its owner’s pocket, and alternatively referred to as “butt dials” – may not be entitled to an expectation of privacy.