Ever on the forefront of consumer privacy protection, California is again making news in the privacy world with the California Attorney General’s recent publication of “Privacy on the Go: Recommendations for the Mobile Ecosystem,” which includes privacy recommendations for app developers, app platform providers, mobile ad networks, makers of operating systems and mobile carriers.  With this publication, California joins the FTC and the GSMA as entities that have published non-binding guidance with respect to mobile privacy (which we blogged about here and here, respectively).

For the second year in a row, Proskauer has conducted a global survey, “Social Media in the Workplace Around the World 2.0”, which addresses the use of social media in the work place. In 2012, Proskauer surveyed multinational businesses in 19 different countries (Argentina, Brazil, Canada, China, The Czech Republic, France, Germany, Hong-Kong, India, Ireland, Italy, Japan, Mexico, Singapore, South Africa, Spain, The Netherlands, the United Kingdom and the United States) in order to provide a worldwide perspective of workplace use of social media.  This survey not only shed light on notable developments in the use of social media in the workplace, but also helped identify consistent traits.

As physicians, nurses, therapists and health care providers continue to utilize new smart phones, tablets, and laptops in caring for patients, the Department of Health and Human Services (“HHS”) has responded with educational videos, worksheets and guidance to help health care providers  create a “culture of compliance and awareness” and to protect patients’ Protected Health Information (“PHI”).  While the material is focused on health care professionals, the information is also applicable to group health plan professionals and their business associates who use mobile devices to store and transmit PHI in connection with administration of group health plans.

It has been reported that Google will give EU businesses the opportunity to store personal data exclusively on servers in the EU. This appears to have been prompted by compliance difficulties with the current EU data protection Directive when cloud computing service providers store personal data on servers or in data centres based outside the EU. Such compliance difficulties encountered by cloud clients were highlighted by Peter Hustinx, the European Data Protection Supervisor (EDPS), in his opinion issued on November 16, 2012 (http://www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2012/12-11-16_Cloud_Computing_EN.pdf).

On November 26, 2012, the Department of Health and Human Services Office for Civil Rights (“OCR”) published a thirty-two page document titled “Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule” (“De-Identification Guidance”).  OCR described the guidance document as a culmination of two years of work by “stakeholders with practical, technical and policy experience in de-identification.”  OCR also acknowledged that the guidance implements many of the issues and topics that were raised during an OCR workshop held in Washington, DC on March 8-9, 2010.

In its Memorandum Opinion and Order dated November 9, 2012, the US District Court for the Northern District of Alabama in Pinkard v. Wal-Mart Stores, Inc. held that under the Telephone Consumer Protection Act (TCPA), when an individual discloses his or her cellular phone number to a business, that individual is deemed to have expressly consented to receive telephone calls and text messages from that business unless he or she has expressly limited the scope of such consent at the time of the disclosure.