Natalie Newman

Natalie Newman has no picture

Natalie Newman is an associate in Proskauer Rose LLP’s Corporate Department and is a member of the Intellectual Property and Privacy and Data Security practice groups. Natalie is resident in the Firm’s New York office.

Prior to joining the Proskauer, Natalie was an associate at Thelen Reid Brown Raysman & Steiner. She received her J.D. from Benjamin N. Cardozo School of Law and her B.A. from the University of Pennsylvania.

Articles By This Author

Massachusetts Data Security Regulations: Your Company May Not Be Located There, But If Your Customers Are, You Need to Comply

As we've discussed in prior posts, newly effective regulations promulgated under Massachusetts’ recent data security law, Mass. Gen. Law ch. 93H, have raised the bar for data security compliance, and they have a long reach.  The regulations are national and international in scope, as they apply to all companies – wherever located-- using personal data of Massachusetts residents.

Although the deadline for compliance with the Regulations – March 1, 2010 – has come and gone, many companies – both within Massachusetts, but particularly outside of Massachusetts – are not yet, in fact, compliant. These companies are finding themselves in a position of playing "compliance catch-up." Even companies that were compliant with applicable law prior to the enactment of the Regulations are obligated to review where they stand in light of these new requirements. 

In an article just published by the Washington Legal Foundation, we review the requirements of the Massachusetts law and Regulations, including the required written information security program, constraints on third-party providers and vendors, and enforcement mechanisms, among other topics.  "The Bay State Raises the Bar on Personal Data Security: Are You in Compliance?," by Jeffrey D. Neuburger and Natalie Newman is available here.

The FTC Brings 27th Case for "Faulty Data Security Practices"

On March 25, 2010, the Federal Trade Commission (“FTC”) announced that it had entered into a settlement with entertainment operator, Dave & Buster’s, Inc., for alleged violations of Section 5(a) of the FTC Act, and for “engag[ing] in a number of practices that, taken together, failed to provide reasonable and appropriate security for personal information on its networks.”

The settlement marks the 27th case brought by the FTC against a company for insufficient data security practices.

Continue Reading...

2009 Ponemon Institute "Cost of a Data Breach" Study Released

This past week, the Ponemon Institute announced their publication of the results of their fifth annual study on the costs of data breaches for U.S.-based companies. The study was sponsored by the PGP Corporation. A similar report for U.K.-based companies was also released. This year's report, entitled 2009 Annual Study: Cost of a Data Breach, displays the results of the Ponemon Institute's research of data breach incidents occurring in 2009.  

Overall, as with previous years, the study found that U.S. organizations continue to experience increased costs associated with the data breaches they experience.

Continue Reading...

Netflix Sued for "Largest Voluntary Privacy Breach To Date"

On December 17, 2009, a class action suit was filed against online movie rental giant, Netflix, Inc., in the United States District Court for the Northern District of California. Plaintiffs in the suit are claiming that Netflix has “perpetrated the largest voluntary privacy breach to date.”

Continue Reading...

Department of Education Issues Final Regulations Amending FERPA

The Family Educational Rights and Privacy Act (20 U.S.C. 1232g; 34 CFR Part 99) (“FERPA”) imposes various requirements on educational institutions regarding the privacy of personally identifiable information contained in education records of students.  On December 9, 2008, the U.S. Department of Education (“DOE”) published final rules amending the regulations that implement FERPA.   


Originally proposed on March 28, 2008, the DOE published a notice which proposed various changes to FERPA and its implementing regulations “to implement various statutory changes made to FERPA to implement two recent US Supreme Court decisions, to respond to changes in information technology, and to address other issues identified through the Department’s experience in administering FERPA.”  (73 FR 74806).  According to the DOE, approximately 121 parties submitted comments in response to the March, 2008 NPRM.  The Final Rules become effective January 8, 2009.


Continue Reading...

Affiliate Marketing Rule Alert: Compliance Deadline is October 1, 2008

Section 214 of Fair and Accurate Credit Transactions Act (“FACTA") was enacted to amend the Fair Credit Reporting Act (the “Act”) to give consumers the right to restrict certain entities from using certain information received from their affiliates to make solicitations to that consumer unless the consumer has been provided (1) “clear and conspicuous” notice that the consumer’s information will be shared for such purposes, and (2) an opportunity to opt out of having such information shared for such purposes.   

On November 7, 2007, the Federal Deposit Insurance Corporation, the Federal Reserve Board, the Office of the Comptroller of the Currency, the Office of Thrift Supervision and the National Credit Union Administration issued a joint final rule (along with the Federal Trade Commission (FTC) and the Securities and Exchange Commission(SEC), which separately adopted and proposed, respectively, similar regulations) under the amended Act (the “Affiliate Marketing Rule” or “Final Rule,” codified at 12 C.F.R. Parts 41, 222, 334, 571 and 717) governing the use of specific consumer information obtained by covered entities from their affiliates for certain marketing purposes. 

The Affiliate Marketing Rule became effective on January 1, 2008, and compliance by covered entities is required by October 1, 2008.

Continue Reading...

Another Court Affirms Narrowed Interpretation of Song-Beverly Credit Card Act

On June 26, 2008, in Absher v. Autozone, Inc. et al. (2008), the California Court of Appeal in the Second Appellate District, confirmed that California’s Song-Beverly Credit Card Act of 1971, California Civil Code § 1747.08 (hereinafter, the “Act”) does not apply to a refund for the return of merchandise purchased by credit card.

Continue Reading...

Older Entries