The French Data Protection Authority (“CNIL”) has recently issued its activity report for 2011. It provides us with some interesting data and allows us to reflect on the ever-growing importance of privacy and data protection in France. Video-surveillance, the right to be forgotten on the Internet, data breaches and abusive data collection by companies were the key highlights of 2011 and have remained dominant issues in 2012.

On June 29, 2012, New Jersey Governor Chris Christie signed into law legislation amending New Jersey’s unclaimed property law relating to the escheat of abandoned stored value cards (SVCs) to the state. Under the original unclaimed property law, which took effect July 1, 2010, SVCs that were inactive for two years were presumed abandoned, and New Jersey required that the monetary value associated with the inactive cards be escheated to the state. Additionally, SVC issuers were required to (a) “obtain” the name and address of each card owner or purchaser, and (b) “at a minimum, maintain a record of the zip code of the owner or purchaser” of each SVC. Under the amended law, SVCs are presumed abandoned after five years of inactivity (as opposed to two years), and SVC issuers have a forty-eight month grace period before they are required to collect the names, addresses, and zip codes of SVC owners or purchasers. Issuers that do not collect purchasers’ names and addresses in the normal course of business or during a card-registration process are exempted from collecting purchasers’ names and addresses under the law, but they are still required to collect and maintain purchasers’ zip codes.
It should be noted that the unclaimed property law potentially conflicts with a separate New Jersey law protecting the personal information of credit card holders (N.J. Stat. § 56:11-17 (2012)). That law makes it unlawful for any person to require the disclosure of any personal identification information from a credit card holder that is not required to complete the transaction as a condition of allowing the card holder to use the credit card to complete the transaction. While we await the resolution of this potential conflict, courts may rule that no conflict exists: § 56:11-17 only addresses credit card use, but the state’s unclaimed property law makes no distinction between payment methods (and, therefore, doesn’t condition the use of a credit card on the collection of personal information).

The Federal Trade Commission (“FTC”) recently announced settlements of cases brought against Google and Facebook for alleged privacy violations. The Google settlement drew headlines for being the largest fine ever assessed for the violation of a FTC consent order ($22.5 million).  But Commissioner J. Thomas Rosch’s dissents are perhaps more momentous, as they have prompted the FTC to re-examine its practice of accepting settlements in which companies deny wrongdoing.

When Social Security Numbers were initially issued in 1936 as part of the New Deal Social Security program, few could foresee that this nine digit number would evolve beyond its limited purpose to become a universal identifier replete with privacy and identity theft implications. More and more, government agencies and private entities have required the disclosure of individuals SSNs to extend their services. While the Privacy Act of 1974 largely addressed the collection and dissemination of SSNs by and among federal government agencies, state law has governed such uses by private entities. This month Governor Andrew Cuomo signed legislation A.8992 to strengthen protection of SSNs by limiting the instances where persons and businesses are allowed to require New Yorkers to provide their SSNs or numbers derived from them. (This is in addition to New York’s SSN confidentiality statute, N.Y. Gen. Bus. Law § 399-dd*4, which is similar to laws in many states.)