Privacy Law Blog

Tag Archives: personally identifiable information

Tales from the (Quantum) Crypt

The dream of hack-proof communication just got a little closer to reality. On August 16, 2016, China launched the world’s first “quantum satellite,” a project the Chinese government hopes will enable it to build a communication system incapable of being hacked. Such a system, if perfected, would allow for encrypted communications between any two devices … Continue Reading

NTIA Tells UAS Operators Not to Drone On

Unmanned Aircraft Systems (UAS), more commonly known as “Drones,” are soaring in popularity – the Federal Aviation Administration saw more than 300,000 drones registered in just the first 30 days since they introduced a registration system on December 21, 2015. Drones have the potential to be a truly transformative technology; they are already disrupting business … Continue Reading

Delaware Enacts Comprehensive Online Privacy Protection Law

On January 1, 2016, the Delaware Online Privacy and Protection Act (“DOPPA”) will go into force, a law that provides strong online privacy protection for its residents.  The new law targets three areas of compliance: (1) advertising to children; (2) conspicuous posting of a compliant privacy policy; and (3) enhancing the privacy protections of users … Continue Reading

German DPAs Announce Policy Severely Limiting Mechanisms for Lawful Germany-to-U.S. Data Transfers

Over the course of the coming weeks, we will examine the various options available to companies in light of the European Court of Justice’s (CJEU) decision invalidating the US-EU Safe Harbor framework, including model contracts, binding corporate rules (BCRs), consent and reliance on derogations. News out of Germany, however, indicates that a one-size-fits all approach … Continue Reading

School’s Out: COPPA’s Limiting Reach in the Classroom

On January 23, 2015, Senior Attorney Lesley Fair at the Federal Trade Commission (“FTC”) posted on the Agency’s business blog clarifying how the Children’s Online Privacy Protection Act (“COPPA”) applies to schools.  COPPA seeks to protect the privacy of children by allowing parents to control what personal information about their children under the age of … Continue Reading

California Enacts New “Do Not Track” Disclosure Requirement Law for Websites

On September 27, California Governor Jerry Brown signed a new privacy law that has significant repercussions for nearly every business in the United States that operates a commercial website or online service and collects “personally identifiable information” (which means, under the law, “individually identifiable information about an individual consumer collected online by the operator from that … Continue Reading

Department of Education Issues Final Regulations Amending FERPA

The Family Educational Rights and Privacy Act (20 U.S.C. 1232g; 34 CFR Part 99) (“FERPA”) imposes various requirements on educational institutions regarding the privacy of personally identifiable information contained in education records of students.  On December 9, 2008, the U.S. Department of Education (“DOE”) published final rules amending the regulations that implement FERPA.      … Continue Reading

Zip Codes not “Personal Identification Information” under California’s Song-Beverly Act

On December 19, 2008, in Party City Corp. v. The Superior Court of San Diego County, the California Court of Appeal in the Fourth Appellate District held that zip codes are not “personal identification information” under California’s Song-Beverly Credit Card Act of 1971, California Civil Code Sec. 1747.08 (the “Act.”). The Act prohibits a retailer … Continue Reading

FTC Sets Sights on Goal: Student Lender Taken to School for Data Security Breakdowns

On March 4 the FTC announced that a consent agreement has been reached in its 17th case challenging data security practices by a company handling sensitive consumer information. Goal Financial, LLC, a San Diego-based student loan company, has agreed to implement a comprehensive information security program, avoid future misrepresentations about its data security practices, and receive independent, third-party audits of its data security program every two years for the next 10 years. The consent order does not provide for a civil fine. … Continue Reading

First FACTA Disposal Rule FTC Settlement Leaves American United Down in the Dumps

On December 18, the FTC announced a settlement in its 15th case (and its first in 13 months) addressing the data security practices of companies handling sensitive consumer information. American United Mortgage Company agreed to pay a $50,000 penalty for failing to implement reasonable safeguards to protect customer information and failing to provide customers with privacy notices. … Continue Reading

FTC Staff Issues Proposed Self Regulatory Principles for Behavioral Advertising and Seeks Comment

FTC staff issued a statement today proposing four “self-regulatory” principles to guide businesses engaged in online behavioral advertising. FTC staff also seeks public comments on these principles as well as additional information on what other uses businesses are making of online tracking data. Interested parties can submit comments by February 22, 2008. The statement, titled “Online Behavioral … Continue Reading
LexBlog