Privacy Law Blog
Kristen J. Mathews

Kristen J. Mathews

Partner

Kristen Mathews focuses her practice on data privacy and cybersecurity law and has done so since 1998, about as far back as the area of law has existed. Kristen is head of Proskauer’s Privacy & Cybersecurity Group, a highly specialized group of more than 30 lawyers across the globe whose impressive list of historical representative matters dates back to 1996. In this role, Kristen has undertaken important work, influencing the industry standards for consumer privacy and online behavioral advertising.

Kristen’s experience covers the entire landscape of privacy and cybersecurity matters within virtually all industries, with a special focus on retailers, financial institutions, health care, media and entertainment and technology. She has been accredited by International Association of Privacy Professionals (IAPP) as a certified information privacy professional (CIPP) since 2005 and her practice has evolved and grown with the field over the years, always addressing the most cutting-edge technology and data protection issues that her clients face.

Subscribe to all posts by Kristen J. Mathews

Since when does a legal entity have “privacy” rights?

Since the Third Circuit said so, in its September 22, 2009 decision in AT&T v. Federal Communications Commission (No. 084024). Most privacy practitioners would not consider a legal entity to have privacy rights. Rather, a legal entity may have trade secrets or contractual confidentiality protections. However, in its novel holding, the Third Circuit found that … Continue Reading

HHS and FTC Announce New Breach Notification Rules for Unsecured Protected Health Information

On August 24 and 25, 2009, the Department of Health and Human Services (“HHS”) and the Federal Trade Commission (“FTC”), respectively published rules on when and how covered entities regulated by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and vendors of personal health records (“PHR”) must notify individuals of security breaches concerning … Continue Reading

Update: Maine’s Marketing to Minors Law Found Likely to Be Unconstitutional

The first lawsuit challenging Maine’s Act to Prevent Predatory Marketing Practices Against Minors has concluded.  The District of Maine issued a Stipulated Order of Dismissal on September 9, stating that there is a likelihood that the statute is "overbroad and violates the First Amendment", and putting third parties "on notice" that a private suit "could … Continue Reading

Massachusetts’ Revised Data Security Regulations Extend Deadline (Again) and Soften Some Requirements

Undersecretary Barbara Anthony, of the Massachusetts Office of Consumer Affairs and Business Regulation, announced today revisions to Massachusetts’ data security regulations, as well as an extension of the applicable compliance deadline from January 1, 2010 to March 1, 2010.  (Previous to an earlier extension, the compliance deadline was May 1, 2009.) The revised regulations emphasize … Continue Reading

Maine Makes Marketing Minors “Predatory”

In mid-September, Maine’s “Act to Prevent Predatory Marketing Practices against Minors” is scheduled to take effect.  Due to the lack of a scienter element in several of the requirements of this new law, this Act could have far-reaching consequences for all businesses that engage in direct marketing or that sell or transfer personal information to … Continue Reading

WEP vs WPA – What You Need to Know

In the context of wireless network security, we hear a lot about WEP vs WPA, but these technologies are not widely understood, especially among attorneys. WEP and WPA are two alternative ways to secure a wireless network from unauthorized interception, and WPA is more secure than WEP. In fact, researchers have reported consistently for several … Continue Reading

FTC Tells Sears That Consumer Disclosures Must be More Conspicuous

Over the course of the last decade, many companies have become accustomed to notifying consumers of their data collection practices in their online privacy policy.  However, in a recent proposed settlement, the FTC indicated that, at least under the facts before them, disclosures that were “buried” in a privacy policy were not sufficient. On June … Continue Reading

What elementary school did you go to?

I don’t know, but I could probably find out.  There is an increasing amount of discussion within the information security industry about whether the use of “security questions” to unlock forgotten passwords is a sound practice.  Many web sites ask users to answer personal questions upon registration, so that those questions and answers can be … Continue Reading

Red Flag Rules Blindside Retailers, But Extension of Compliance Deadline Helps

Last month, we blogged about whether the Red Flag Rules apply to medical care providers.  According to the FTC, they may also apply to retailers. The Federal Trade Commission’s recently released “how-to” guide says that the Red Flag Rules apply to “retailers that offer financing or help consumers get financing from others, say, by processing credit applications.” However, most … Continue Reading

Privacy Issues When “Computing in the Cloud”

When a company is considering using cloud computing in its IT infrastructure, there are some privacy issues that need to be addressed. While the value of cloud computing certainly holds much promise, companies wishing to make the leap into the cloud would be well advised to consider the potential privacy issues.  Cloud computing, in its … Continue Reading

One Reputable Retailer Takes a $7M Hit On Text Messages

On September 10, 2008, Timberland Company, an outdoor clothing and shoe merchant, along with co-defendant ad agencies GSI Commerce Inc. (“GSI”) and AirIt2Me Inc. (“AirIt2Me”), settled charges brought under the Telephone Consumer Protection Act (“TCPA”) arising from unsolicited text messages advertising Timberland’s holiday sale.  Pursuant to the settlement, Timberland must employ best practices in future … Continue Reading

MA Issues New Rules for the Protection of Personal Information

The September 2008 issue of “A Moment of Privacy,” a monthly e-newsletter brought to you by the Privacy and Data Security Practice Group of Proskauer Rose, LLP, has been released. This month’s question was “I understand that Massachusetts’ new information security rule reaches beyond what other states require. What do these new rules mean for … Continue Reading

New CAN-SPAM Rule Gives Long-Awaited Answers

On May 12, 2008 the Federal Trade Commission issued its long awaited final set of rules under the CAN-SPAM Act of 2003 (the “Act”). The rule: Modifies the term “sender” with respect to multi-advertiser e-mails; Clarifies the opt-out request process; Defines the term “person”; and Clarifies the meaning of “valid physical postal address” of the … Continue Reading

Emerging Standards For Mobile Marketing

Many B2C companies are beginning to explore marketing to consumers’ wireless devices using text messaging (“SMS,” or “short message service”) and MMS messaging (“Multi-media Messaging Service”). They may even target their promotions based on where the recipient is physically located using the wireless device’s GPS technology. They also may target their promotions to teens and tweens. What legal issues should … Continue Reading
LexBlog