Proskauer Rose

Subscribe to Proskauer Rose's Posts
Contact:Read more about Proskauer Rose

A draft Congressional bill released Tuesday, May 3 aims enhance consumer privacy protections both online and offline and establish a national framework for the collection, use and security of consumer information, superseding state law requirements regarding the collection, use and disclosure of the information it covers. The draft legislation, sponsored by Congressmen Rick Boucher (D, Va.) and Cliff Stearns (R, Fla.), recognizes the importance of online advertising in supporting free online content and services and attempts to extend privacy protections without disruption of this business model.

On April 27, 2010, the Federal Trade Commission announced separate settlements with women’s clothing retailer Talbots and its telemarketer SmartReply, Inc. for violations of the Telemarketing Sales Rule (“TSR”). The FTC alleged that SmartReply’s robocalls for Talbots did not allow consumers to opt out of future calls until they had listened to almost all of the prerecorded solicitation or failed to provide opt out instructions; did not immediately disconnect consumers that chose to opt out; and failed to notify live call recipients of their right to opt out at any time during the call.

On March 22, 2010, Washington Governor Christine Gregoire signed H.B. 1149 into law, making her state the second behind Minnesota to hold businesses and governmental entities responsible to financial institutions for certain costs arising from payment card information breaches. As of July 1, entities that process more than 6 million credit or debit card transactions annually who fail to reasonably safeguard card information can be required to reimburse financial institutions for the costs related to the re-issuance of cards as well as attorneys fees and costs in the event that a security breach involving payment card information is a proximate result.

In a continuation of the Stengart v. Loving Care Agency case we wrote about in August 2009, the New Jersey Supreme Court ruled on March 30, 2010 that emails sent by an employee from a company laptop via a web-based email account (Yahoo!) to her attorney were protected from disclosure by the attorney-client privilege. In reaching this conclusion, the Court also ruled and provided insight on a far broader and more practical issue for employers — namely, how to draft enforceable computer usage policies and/or make existing policies more effective.

On February 16, 2010, the EU Article 29 Working Party published Opinion 1/2010, in which it clarified the definitions of “data controller” and “data processor” as those designations are used within the European Data Protection Directive. The Working Party’s opinion is welcome guidance, as such designations are often difficult to apply in practice, especially given the increasing complexity of globalization, organizational differentiation, and information and communication technologies.

On March 9, 2010, the Federal Trade Commission and 35 state attorneys general announced a negotiated settlement with LifeLock, Inc. which resolves charges that LifeLock misrepresented the nature and effectiveness of the identity theft protection services it offers, and made false claims about its own data security practices. In the words of FTC Chairman Jon Leibowitz, “While LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it.”