In a move that will no doubt please many consumers, on February 15, 2012, the Federal Communications Commission approved a new set of rules aimed to substantially curb the practice of telemarketers to engage in "robocalling", or the placing of automatic, pre-recorded calls. The key development in the FCC’s 48 page Report and Order is that now, prior to initiating a "robo call", a telemarketer must obtain the consumer’s express written consent.  This new requirement of express written consent supplants the previous robocalling regime, where merely having an "existing business relationship" with a consumer was sufficient to create an exemption from the ban against robocalling; that exemption has now been eliminated under the rules. 

Whether your six year old has hijacked your iPad again to rediscover the inexplicable joy of flinging birds with a finger activated slingshot or to harness her mighty math powers in the origami-paved streets of Umi City, children are tapping into the spring of entertainment and educational value offered by the mobile applications marketplace. Yet, according to a study issued last week by the Federal Trade Commission “Mobile Apps for Kids: Current Privacy Disclosures are DisAPPointing”, the lack of privacy disclosures in these apps may hint at deeper laden privacy pitfalls which members of the kids app ecosystem may soon have to remedy.

Litigants navigating the conflict between U.S. discovery obligations and foreign data protection laws have a new ally, the American Bar Association (“the ABA”). The ABA recently passed Resolution 103, which “urges” that:

[W]here possible in the context of the proceedings before them, U.S. federal, state, territorial, tribal and local courts consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign, and the interests of any person who is subject to or benefits from such laws, with regard to data sought in discovery in civil litigation.

On January 19, 2012, Minnesota Attorney General Lori Swanson exercised her authority under the HITECH Act by filing a lawsuit against a business associate for the failure to protect protected health information (PHI) and for the failure to disclose the extent to which PHI was utilized. The case alleges that Accretive Health, Inc., a debt collection agency, lost a laptop containing unencrypted PHI of approximately 23,500 Minnesota patients. This represents one of the first cases brought by a state attorney general under HIPAA. 

The Illinois Personal Information Protection Act (PIPA) requires that any “data collector”, which includes businesses, universities, governmental agencies or any other entity that deals with personal information, notify Illinois residents in the event of a data security breach. Recently, the Office of Illinois Attorney General Lisa Madigan issued guidance that provides

The European Commission (the “EC”) has announced its anticipated comprehensive reform of EU data protection rules, intended to strengthen online privacy rights and boost Europe’s digital economy. The proposal is intended to update and modernize the principles enshrined in the 1995 Data Protection Directive. If approved, unlike the current rules which give each of the 27 member states of the EU (the “member states”) some flexibility as to how the 1995 Data Protection Directive is implemented in their jurisdiction, the new law would apply directly so that there would be an entirely uniform set of data protection standards across the EU.

Key changes include…