Businesses holding personal information of Massachusetts residents have at least one thing to be thankful for this holiday season.  As reported here, Massachusetts earlier this year established strict standards for protection of personal information about Massachusetts residents. Those standards include encryption of electronic data when stored or transmitted and

When a company is considering using cloud computing in its IT infrastructure, there are some privacy issues that need to be addressed.

While the value of cloud computing certainly holds much promise, companies wishing to make the leap into the cloud would be well advised to consider the potential privacy issues.  Cloud computing, in its essence, is the migration or outsourcing of computing, hardware and storage functions to a third-party service provider, which hosts applications on the Internet through linked servers located worldwide.  Cloud computing has captured the attention of IT professionals because it offers the appealing option of reducing a company’s computer infrastructure and placing it in the hands of a vendor who can perform a company’s computing needs more cheaply and efficiently than the company can itself.

As we prepare to welcome both the 44th President and a revamped Congress to Washington, it is time to consider what privacy under the new administration will look like. Barack Obama polled strongly on the campaign trail as the candidate most likely to advance individual privacy rights, but are the pollsters a good indicator what privacy will look like under the new administration?    Here are some of our thoughts about what we may see in the next four years.

A recent decision in the Western District of Washington broadly defines the reach of the private right of action under the federal CAN-SPAM statute. In that case, Haselton v. Quicken Loans Inc., W.D. Wash., C-07-1777, 10/14/08, the court held that a company had standing to sue alleged spammers even though it is not an Internet service provider (ISP) and does not provide e-mail accounts to its customers.

On September 10, 2008, Timberland Company, an outdoor clothing and shoe merchant, along with co-defendant ad agencies GSI Commerce Inc. (“GSI”) and AirIt2Me Inc. (“AirIt2Me”), settled charges brought under the Telephone Consumer Protection Act (“TCPA”) arising from unsolicited text messages advertising Timberland’s holiday sale.  Pursuant to the settlement, Timberland must employ best practices in future marketing, and must pay $7 million into a fund for distribution to the class.  Prior to any future mobile marketing campaign, GSI agreed to circulate to its marketing personnel a copy of the Mobile Marketing Association’s Consumer Best Practices guidelines, and to establish meaningful training and compliance checks in connection with those guidelines. Additionally, the defendants must pay class counsel a maximum amount of $1,750,000.  The settlement has been agreed to by all parties, but is still subject to final approval by the court.
 

On October 9, in the case R v. S and A [2008] EWCA Crim 2177, the Criminal Division of the England and Wales Court of Appeal held that requiring criminal defendants to disclose an encryption key allegedly protecting criminal materials does not violate the privilege against self-incrimination under U.K. law or Article 6 of the European Convention of Human Rights.  The U.K. court’s ruling is at odds with Magistrate Judge Jerome J. Niedermeier’s ruling on a similar issue in the District of Vermont, In re Boucher, No. 06-mj-91, 2007 WL 4246473 (D. Vt. Nov. 29, 2007).