Privacy Law Blog

Tag Archives: personal information

Zip Codes not “Personal Identification Information” under California’s Song-Beverly Act

On December 19, 2008, in Party City Corp. v. The Superior Court of San Diego County, the California Court of Appeal in the Fourth Appellate District held that zip codes are not “personal identification information” under California’s Song-Beverly Credit Card Act of 1971, California Civil Code Sec. 1747.08 (the “Act.”). The Act prohibits a retailer … Continue Reading

Tagging Cars for Labor-Organizing Purposes May Be Subject to Punitive Damages

 The Third Circuit recently ruled that a labor union violated the federal Driver’s Privacy Protection Act (“DPPA”) when it accessed the motor vehicle records of Cintas employees for an improper “labor-organizing” purpose. In Pichler v. UNITE, the divided court affirmed the district court’s grant of summary judgment to the plaintiffs whose home addresses were obtained as … Continue Reading

European Commission Data Protection Working Party Issues Opinion on Search Engine Data Protection

The European Commission Article 29 Data Protection Working Party ("Working Party") recently released its opinion on data protection issues related to search engines. The opinion specifically addresses the applicability of the Data Protection Directive (95/46/EC) and the Data Retention Directive (2006/24/EC) to the processing of personal data by search engines. … Continue Reading

FTC Sets Sights on Goal: Student Lender Taken to School for Data Security Breakdowns

On March 4 the FTC announced that a consent agreement has been reached in its 17th case challenging data security practices by a company handling sensitive consumer information. Goal Financial, LLC, a San Diego-based student loan company, has agreed to implement a comprehensive information security program, avoid future misrepresentations about its data security practices, and receive independent, third-party audits of its data security program every two years for the next 10 years. The consent order does not provide for a civil fine. … Continue Reading

In Response To TJX Data Breach, One State Enacts Legislation Imposing New Security and Liability Obligations; Similar Bills Pending in Five Other States

Lawmakers in six states have responded quickly to the massive data breach at TJX Companies, Inc. with various bills designed to strengthen merchant security and/or render companies liable for third party companies’ costs arising from data breaches. These latest bills – introduced in California, Connecticut, Illinois, Massachusetts, Minnesota and Texas – represent a new front of … Continue Reading
LexBlog