The Federal Trade Commission recently announced its settlement with the operator of www.skidekids.com concerning allegations that the operator violated the Children’s Online Privacy Protection Act Rule (“COPPA Rule”) by collecting personal information about children without obtaining parental consent. For Skid-e-kids, the FTC’s settlement means taking remedial measures; an injunction; and a $100,000 civil penalty. For the rest of us, the settlement is a good reminder that the FTC is staunchly committed to protecting children’s privacy. So when it comes to collecting personal information from children online, it’s important to do it right . . . or not at all.

FrostWire LLC (a P2P file-sharing software company) agreed to change the default privacy settings on its mobile and desktop applications and agreed to clearly disclose its applications’ content sharing options pursuant to a settlement agreement with the FTC which resulted from claims by the FTC that FrostWire’s content sharing practices violated the FTC Act.

On September 26, Judge William Walls of the U.S. District Court for the District of New Jersey ruled that a putative class action lawsuit against home goods retailer Williams-Sonoma failed to state a claim under New Jersey law. In Feder v. Williams-Sonoma Stores, Inc., the plaintiff sought damages for purported violations of New Jersey’s Truth-in-Consumer Contract, Warranty and Notice Act (“TCCWNA”) after a Williams-Sonoma employee allegedly required the plaintiff to provide her zip code as part of a credit card transaction. The district court’s decision supports what many people hope will continue to be the case, i.e., that it will be a challenge for plaintiffs’ lawyers to successfully transplant the California Supreme Court’s recent decision in Pineda v. Williams-Sonoma, Inc. (see our blog post here) into other jurisdictions.

On Wednesday, August 31, 2011, California became the third state this year to amend its existing security breach notification law when Governor Jerry Brown signed into law Senate Bill 24 (“SB 24”). SB 24’s specific changes, while far from sweeping, include the addition of content requirements for notice letters to individuals and a requirement to send a sample letter to the state’s attorney general if more than 500 people are affected by a breach. SB 24 won’t add much to most nationwide breach response plans, but will up the ante for those doing business primarily (or exclusively) in California.

On August 22, Illinois Governor Pat Quinn signed House Bill 3025 into law. In doing so, he aligned Illinois with a small group of states responding to increased concern about privacy and information security by retooling their existing information security breach notification frameworks. HB3025, in particular, amends the state’s breach notification law to specify both the types of information that should be provided to notice recipients and the breach notice obligations of service providers that maintain or store, but don’t own or license, personal information about Illinois residents.

On December 17, 2008, Wellpoint Companies terminated the employment of one of its enrollment and billing department managers for a failure to report a suspected violation of the company’s privacy policy for information protected under HIPAA, and on July 19, 2011, the Connecticut Court of Appeals released an opinion that supported the denial of unemployment benefits to that individual for failure to report.

On July 5, 2011, Indiana Attorney General Greg Zoeller announced a settlement with health insurer WellPoint, Inc. The settlement resolves allegations that the company failed to promptly notify the Attorney General’s office of a data breach as is required by the Indiana Disclosure of Security Breach Act. As part of the settlement, WellPoint must pay a fine of $100,000, provide certain identity-theft-prevention assistance to consumers affected by the breach, and admit that it failed to comply with the law by not notifying Zoeller’s office “without unreasonable delay.”

Playdom, Inc., an online game company owned by Disney, and Playdom’s CEO, Howard Marks, agreed to pay $3 million to settle charges brought by the FTC that they violated COPPA by collecting, using and disclosing the personal information of children under the age of 13 without their parents’ prior, verifiable consent. The $3 million settlement is the largest civil penalty ever for a COPPA violation.