The Federal Trade Commission announced on January 17, 2008 that it has agreed in principle to a consent order with Life is good, Inc. and Life is good Retail, Inc. (collectively “Life is good”) resolving allegations that the apparel company collected sensitive information from consumers and failed to secure it in compliance with its own privacy and security policies. The consent order against Life is good, among other things, prohibits future deceptive privacy and security claims and requires the company to implement a comprehensive information security program that includes biennial audits by an independent security professional for the next twenty years.

In a unanimous panel opinion issued on January 28, 2008, the Ninth Circuit upheld the National Labor Relations Board’s (NLRB) newly-announced three-factor test for determining whether employer surveillance activity of potential union members is coercive and therefore in violation of the National Labor Relations Act (NLRA). The case, Local Joint Executive Board of Las Vegas et al. v. NLRB, No. 05-75515, — F.3d –, 2008 WL 216935 (January 8, 2008), involved two incidents of alleged surveillance of union activities at Aladdin Gaming, LLC, in which Aladdin officials conferred with employees in the cafeteria who had been presented with union cards.

On December 18, the FTC announced a settlement in its 15th case (and its first in 13 months) addressing the data security practices of companies handling sensitive consumer information. American United Mortgage Company agreed to pay a $50,000 penalty for failing to implement reasonable safeguards to protect customer information and failing to provide customers with privacy notices.

Businesses are on notice to pay more attention to computer security in order to protect business assets and private information, and to thwart infiltrations that threaten interconnected computers.  And help is available from the United States Computer Emergency Readiness Team (“US-CERT”).

Department of Homeland Security (“DHS”) Secretary Michael Chertoff and Assistant Secretary of Cybersecurity Greg Garcia recently warned that an uptick in cyber attacks  reveal a growing threat to critical U.S. infrastructure and private networks. Garcia warned that hackers “are making massive efforts to compromise computer systems on a global scale,” a reference to the fifty percent in crease in cyber-attacks between 2006 and 2007.  Chertoff called upon businesses to help protect networks and infrastructure from infiltration and data theft.  Secretary Chertoff remarked, “There’s no question this is the vulnerability of the 21st century.”

FTC staff issued a statement today proposing four “self-regulatory” principles to guide businesses engaged in online behavioral advertising. FTC staff also seeks public comments on these principles as well as additional information on what other uses businesses are making of online tracking data. Interested parties can submit comments by February 22, 2008.

The statement, titled “Online Behavioral Advertising: Moving the Discussion Forward to Possible Self-Regulatory Principles” follows from the FTC’s town hall meeting held in early November 2007. There, FTC considered privacy issues raised by behavioral advertising and heard from consumer interest groups and businesses’ alike.

In a case of first impression, the Arizona Court of Appeals recently considered the ability of a litigant to determine the identity of an anonymous Internet user. Mobilisa, Inc v. Doe, Case No 1-CA-CV 06-0521, 2007 Ariz. App. LEXIS 225 (Ariz. Ct. App., November 27, 2007). While the Court did not require disclosure of an anonymous Internet user’s identity (as the lower court had done), it set forth a balancing test to consider whether or not the user’s identity should remain anonymous. Thus, the Arizona court recognized that there may indeed be circumstances where anonymity must fall and a user’s identity must be disclosed in litigation.