The U.S. Supreme Court heard arguments last month in Clapper v. Amnesty International, a case that asks the Court to determine whether a group of lawyers, journalists, and human rights workers have standing to challenge the federal government’s international electronic surveillance program under the Foreign Intelligence Surveillance Act.  The plaintiffs alleged Fourth Amendment privacy violations among other things, and injury from the likelihood that the government was recording their conversations with clients and sources overseas.  But the plaintiffs could not say with certainty whether any eavesdropping occurred, giving rise to the standing issue before the Court.

Clapper involves standing in the context of constitutional privacy, but the same general standing requirements apply in consumer privacy actions.  Standing is one of the initial hurdles of any would-be plaintiff, and the first element of standing is injury-in-fact.  In the developing area of consumer privacy litigation, recent cases reflect uncertainty in the federal courts as to what constitutes injury-in-fact sufficient to confer standing.

The European Commission’s revised data protection framework proposals include provisions intended to encourage the use of data protection privacy seals, certification mechanisms and trust marks.  These provisions would allow data subjects to instantly assess the privacy standards applied by data controllers and processors, thereby providing the comfort that data subjects often seek.  The UK Information Commissioner’s Office (the “ICO”) supports the use of privacy seals and has issued an online survey to gather feedback on how privacy seals may be used to improve data protection compliance and customer privacy awareness.

As health care providers, patients, family members, friends, and disaster relief agencies such as the American Red Cross continue to grapple with the aftermath of Hurricane Sandy it is important to be mindful of privacy regulations and to prepare in advance for the next emergency. The Health Insurance Portability and Accountability Act  of 1996 (“HIPAA” or “Privacy Rule”) protects individually identifiable health information held by “covered entities.” The information protected is referred to as protected health information or PHI. The Privacy Rule permits covered entities to disclose PHI for a variety of purposes including to (a) treat patients; (b) identify, locate and notify family members, guardians, or anyone else responsible for an individual’s care; (c) obtain the services of disaster relief agencies; (d) conduct public health activities; and (e) prevent or lessen serious and imminent threats to health or safety.

Earlier this month, the Securities and Exchange Commission (“SEC”) instituted public administrative and cease and desist proceedings against eBX, LLC (“eBX”), a broker-dealer registered with the SEC.  eBX operates LeveL ATS, an alternative trading system (“ATS”) known as a “black pool,” which is a proprietary market where traders may exchange

The simultaneous denial of service attacks on the three largest U.S. banks which occurred two weeks ago were reported to have originated in Iran. After years of stealth cyber attacks on American interests, U.S. intelligence officials recently publicly accused China of cyber espionage of American high-tech data for their own economic gain. The head of U.S. Cyber Command has stated that there has been a twentyfold increase in cyberattacks on critical infrastructure from 2009 to 2011. With the need for national cybersecurity more evident now than ever before, the White House announced that it is close to completing a new cybersecurity executive order to address this critical issue.