Privacy & Information Security Law Blog

As part of its ongoing efforts to examine evolving internet marketing practices, earlier today the Federal Trade Commission released a report on self-regulation of online behavioral advertising.  This report analyzes the comments received from interested parties in response to proposed self-regulatory principles issued by the Commission in December 2007.  It covers a wide range of issues including the increasingly blurred line between personally identifiable information and non-personally identifiable information and the applicability of regulations to "first party" ...

The New Jersey Division of Consumer Affairs has published a pre-proposal of rules relating to the protection of personal information (“PPR”) and is accepting comments on the PPR until February 13, 2009, after which it will formally propose rules. The PPR comes nearly a year after the state withdrew earlier proposed rules (the “Original Proposal”) that drew fire from the business community for the burdens they would have imposed. Among other obligations, the PPR would (i) require implementation of a comprehensive written security program; (ii) impose security breach ...

In SACEM v. Cyrille Saminadin (Cour de Cassation, chambre criminelle, 13 janvier 2009), the SACEM (a representative body of authors, composers, and music editors) asked one of its agents to carry out an investigation and to collect evidence of copyright infringements on a peer-to-peer network. After selecting a peer-to-peer network, the agent manually typed in the title of a song belonging to one of the rights holders and searched for all available files corresponding to this title. The agent then randomly selected one of these files and saved all the information relating to it (IP address, country of origin, name of the internet service provider, etc.) onto a CD-ROM as evidence for use in filing a complaint. The question raised in this case was whether such activity constitutes data processing requiring the prior authorization of the French Data Protection Authority (CNIL).

On February 4, 2009 the Trilateral Committee on Transborder Data Flows met in Mexico City.  The committee is comprised of representatives from the Canadian, Mexican and U.S. governments and is part of the Security and Prosperity Partnership of North America.  The Trilateral Committee invited representatives from the private sector to give testimony on current and potential impediments to the free flow of personal data in North America.

On December 2, 2008, the European Court of Human Rights (ECHR) ruled in K.U. v. Finland that Article 8 of the European Convention on Human Rights requires national laws to protect individuals from serious online privacy infringements, but also that the national legal framework must allow for the identification and prosecution of offenders. This case involved an advertisement of a sexual nature, which was placed on an Internet dating site on behalf of the applicant, who was twelve years old at the time, without his knowledge ...

The Federal Trade Commission ("FTC") recently settled complaints against two telemarketing companies that allegedly called numbers listed on the National Do Not Call Registry.  The companies will pay a combined total of nearly $1.2 million dollars in civil penalties to settle charges that their marketing practices ran afoul of the Telemarketing Sales Rule ("TSR").

A recent federal court decision offers a detailed analysis of several theories of liability for violations of a privacy policy.  Pinero v. Jackson Hewitt Tax Service Inc., No. 08-3535, 2009 WL 43098 (E.D. La. January 7, 2009). 

Plaintiff Pinero visited Jackson Hewitt Tax Service in Louisiana to have her tax returns prepared.  During her visit, she provided Jackson Hewitt with confidential information such as her Social Security number, date of birth and driver’s license number.  Pinero signed Jackson Hewitt’s privacy policy, which stated that Jackson Hewitt had policies and procedures in place, including physical, electronic, and procedural safeguards, to protect customers' private information.  Pinero alleged that she relied on this statement in her decision to turn over her information.

Provisions of the economic stimulus legislation (known as the American Recovery and Reinvestment Act (“ARRA”)), recently passed by the U.S. House of Representatives, require certain entities to notify affected individuals, government agencies and the media of breaches of “unsecured protected health information.” Additional provisions substantially revise regulations promulgated pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). While these provisions are specifically limited to the context of health data, they have ...

The Centre for Information Policy Leadership provides the following thoughts on the Obama Administration's views on privacy:
 
The themes of President Obama’s inaugural address not only conveyed a strong message to the nation, but reflected current concerns about data governance shared by privacy professionals and policymakers as well.  His speech captured the importance of individual responsibility in public and personal life as America faces challenging economic times.  In demanding accountability from government, he required that the nation’s work be conducted “in the light of day -- because only then can we restore the vital trust between a people and their government.”  Obama’s remarks about the potent values of responsibility and accountability apply in the information-intensive world of business. 

Wednesday, January 28, 2009, marks the second annual international Data Privacy Day, which brings together a broad coalition of privacy professionals from both the private and public sectors, as well as corporations, academics and policymakers, with the goal of promoting awareness and collaboration on a variety of data privacy issues.

A wide variety of events celebrating Data Privacy Day has been scheduled throughout the week across the United States, Canada and the European Union. The Triangle Center on Terrorism and Homeland Security and Intel Corporation are sponsoring a ...