In response to feedback received at a public hearing held in September, the Massachusetts Office of Consumer Affairs and Business Regulation has released what it purports to be final regulations under Massachusetts’ “Act Relative to Security Freezes and Notification of Data Breaches,” which was enacted in Jul 2007.
Regulation 201…
Today, at the urging of Members of Congress, the Federal Trade Commission (“FTC”) announced that it will delay enforcement of its Red Flags Rule for the fourth time. Financial institutions and creditors subject to enforcement by the FTC will now have until June 1, 2010 to develop written policies and…
A typical corporate data security policy classifies consumer contact information as confidential, but not “highly confidential” or “sensitive.” Should mere contact information be afforded greater protection?
One case on point has dragged on since late 2007, when Ameritrade reported that a database of its customers’ contact information (including names, physical addresses, email addresses and phone numbers) had been compromised. A class action law suit quickly followed, and the third settlement attempt was rejected just recently by the court on the grounds that, in the judge’s view, it provided an inadequate remedy for the affected consumers.
The U.S. District Court for the District of Columbia has ruled that the Federal Trade Commission’s Red Flags Rules cannot be enforced against lawyers, saying that the FTC’s interpretation of the Fair and Accurate Credit Transactions Act overreaches, and its application to lawyers is unreasonable. Judge Reggie Walton said he…
Earlier today, the FTC announced its latest COPPA enforcement action (http://www.ftc.gov/opa/2009/10/iconix.shtm). Iconix Brand Group, Inc., the operator of websites featuring its apparel brands, was fined $250,000 for collecting personal information from children without complying with COPPA’s parental consent rubric.
The FTC cited the websites associated with the brands…
On October 6, 2009, in one fell swoop, the Federal Trade Commission (“FTC”) announced proposed settlements of charges against six companies for violations under the US/EU Safe Harbor Program. Specifically, these companies (World Innovators, Inc.; ExpatEdge Partners LLC; Onyx Graphics, Inc.; Directors Desk LLC; Collectify LLC; and Progressive Gaitways LLC) were alleged to have continued to represent in their online privacy policies that they were self-certified under the Safe Harbor Program when in fact they had allowed their certifications to lapse, and thus had engaged in deceptive practices.
Since the Third Circuit said so, in its September 22, 2009 decision in AT&T v. Federal Communications Commission (No. 084024).
Most privacy practitioners would not consider a legal entity to have privacy rights. Rather, a legal entity may have trade secrets or contractual confidentiality protections. However, in its novel holding, the Third Circuit found that a corporation (AT&T) was protected by an exemption in the Freedom of Information Act (FOIA) that applies to “unwarranted invasions of personal privacy.” Specifically, FOIA exempts “records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information … could reasonably be expected to constitute an unwarranted invasion of personal privacy…”(emphasis added). This exemption, combined with FOIA’s definition of “person” to include legal entities, enabled AT&T to successfully argue that a corporation has a right to privacy. (After all, the court said, “it would be very odd indeed for an adjectival form of a defined term not to refer back to that defined term.”) As a result, AT&T’s competitors have not been able to obtain information about an FCC investigation of AT&T regarding AT&T’s alleged overcharging of some of its customers.
Whether this ruling will be followed in other FOIA cases, or used to expand the concept of privacy rights under other statutes, remains to be seen. For now, when submitting information to regulators in connection with investigations, companies should consider submitting such information as confidential, since doing so could help the company to later challenge attempts by competitors or other third parties to obtain such information from the regulator under FOIA.
Proskauer and our platform provider LexBlog each use cookies to personalize content and ads, to provide social media features and to analyze traffic. Each of us also share information about your use of our site with our social media, advertising and analytics partners. If you are happy for us to store these cookies on your device please click ‘Accept Cookies.' For more information, please see here and here.
