On September 27, 2012, the European Commission presented its new strategy on cloud computing, entitled “Unleashing the Potential of Cloud Computing in Europe.” The Commission’s strategy is outlined on a new webpage that includes a communication document and a more detailed staff working paper.
On September 25, 2012, the Federal Trade Commission announced that it had settled a case involving allegations of spying by software company DesignerWare, LLC (“DesignerWare”) and several rent-to-own companies that rent computers to consumers, such as Aaron’s, Inc., ColorTyme, Inc., and Premier Rental Purchase. The FTC collaborated with Illinois Attorney General Lisa Madigan in its investigation.
As reported in the Hunton Employment & Labor Perspectives Blog:
On September 20, 2012, Administrative Law Judge Clifford H. Anderson struck down telecommunications company EchoStar Corporation’s policy prohibiting employees from making disparaging comments about it on social media sites. The National Labor Relations Board (“NLRB”) judge found that the prohibition, as well as a ban on employees using social media sites with company resources or on company time, chilled employees’ exercise of their rights under Section 7 of the National Labor Relations Act (“NLRA”). The EchoStar decision comes on the heels of the NLRB’s recent ruling striking down Costco Wholesale Corporation’s policy barring employees from posting statements online that were harmful to the company’s reputation.
On September 27, 2012, the UK Information Commissioner’s Office (“ICO”) published guidance on complying with the requirements of the UK Data Protection Act 1998 (“DPA”) in the context of cloud computing services (the “Guidance”). In its Guidance, the ICO reminds data controllers that transferring personal data to the cloud does not absolve them of their compliance obligations under the DPA.
On September 20, 2012, Hunton & Williams LLP announced Lisa J. Sotto, head of the firm’s Global Privacy and Data Security practice and managing partner of the New York office, was named among Ethisphere Institute’s “Attorneys Who Matter” for 2012. The annual listing includes approximately 100 lawyers from a range of legal disciplines who surpass their peers based on their experience, public service, legal community engagement and client endorsement.
As reported in the Hunton Employment & Labor Perspectives Blog:
On September 7, 2012, the National Labor Relations Board invalidated Costco Wholesale Corp.’s policy of prohibiting employee electronic posts in its first decision involving an employer’s social media policy. In Costco Wholesale Corporation and UFCW Local 371, Case No. 3A-CA-012421, the Board held, among other things, that Costco’s rule prohibiting employees from posting statements electronically that “damage the Company, defame any individual or damage any person’s reputation” was overly broad. The Board reasoned that the policy language contained no restrictions on its application and, thus, clearly encompassed protected concerted communications, such as speech that is critical of Costco or its agents. Accordingly, the rule had a tendency to chill employees’ protected activity in violation of Section 8(a)(1) of the National Labor Relations Act, which makes it an unfair labor practice for an employer to interfere with, restrain, or coerce employees in the exercise of their rights guaranteed by Section 7.
On September 13, 2012, the PCI Security Standards Council (“PCI SSC”) issued new guidelines entitled “PCI Mobile Payment Acceptance Security Guidelines” (the “Guidelines”), which outline best practices for mobile payment acceptance security. As we reported in May, the PCI SSC Mobile Working Group published its “At a Glance: Mobile Payment Acceptance Security” fact sheet, detailing how merchants can more securely accept payments on mobile devices.
On September 17, 2012, the Department of Health and Human Services (“HHS”) announced a $1.5 million settlement with the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (“MEEI”) for potential violations of the HIPAA Security Rule. In connection with the announcement, the HHS Office for Civil Rights (“OCR”) Director Leon Rodriguez stated that organizations should pay special attention to safeguarding information “stored and transported on portable devices such as laptops, tablets, and mobile phones” and that “compliance with the HIPAA Privacy and Security Rules must be prioritized by management and implemented throughout an organization, from top to bottom.”
On July, 19, 2012, the Article 29 Working Party (the “Working Party”) issued an Opinion finding that the Principality of Monaco ensures an “adequate level of protection” for personal data within the meaning of the European Data Protection Directive (Article 25 of Directive 95/46/EC) (the “Directive”). Under the Directive, strict conditions apply to personal data transfers to countries outside the European Economic Area that are not considered to provide an “adequate” level of data protection.
On September 12, 2012, Congressman Edward Markey (D-MA) released a bill that would require companies to tell customers about monitoring software installed on their mobile devices and obtain customers’ express consent before engaging in monitoring. These requirements would apply to mobile phone makers, network providers and application developers.
Reporting from Israel, legal consultant Dr. Omer Tene writes:
In a detailed, 27-page decision (Admin. App. 24867-02-11 IDI Insurance v. Database Registrar), the Tel Aviv District Court recently upheld the validity of an instruction issued by the data protection regulator restricting financial institutions from using information about a third party’s attachment of their client’s account for the financial institution’s own purposes. The court held that the regulator is authorized to issue market instructions interpreting the law. The decision is likely to have far-reaching effects on the validity and weight given to a series of detailed guidance documents and market instructions published by the Israeli Law, Information and Technology Authority (“ILITA”) over the past two years. These include instructions regarding:
On September 5, 2012, the Federal Trade Commission issued guidelines for mobile app developers entitled “Marketing Your Mobile App: Get It Right from the Start.” The guidelines are largely a distillation of the FTC’s previously expressed views on a range of topics that have relevance to the mobile app space. They are summarized below:
As of September 1, 2012, all personal data in Germany may only be processed and used for marketing purposes (including address trading) with the express opt-in consent of the affected individuals. Furthermore, the consent language must have been specifically drawn to the attention of the relevant individual as part of the terms and conditions governing the use of his or her personal data.
The American Bar Association Journal is compiling a list of the 100 best legal blogs of 2012 and is inviting readers to submit nominations. Click the voting button below to submit a nomination for Hunton & Williams' Privacy and Information Security Law. PR News named Hunton & Williams' Privacy Blog the Best Legal PR Blog of 2011.
Submissions are accepted through Friday, September 7th, so please vote!
On August 21, 2012, the European Commission formally approved Uruguay’s status as a country providing “adequate protection” for personal data within the meaning of the European Data Protection Directive (Article 25(6) of Directive 95/46/EC). This follows the Article 29 Working Party’s earlier favorable Opinion issued in 2010, and takes into account certain interpretative assurances and clarifications provided by Uruguay. Accordingly, transfers of personal data from the EU to Uruguay may now take place without additional intergovernmental guarantees and in accordance with applicable data protection provisions.
On August 23, 2012, the Federal Trade Commission announced that it had filed suit against DISH Network LLC (“DISH Network”) alleging violations of the FTC’s Telemarketing Sales Rule (“TSR”). The FTC’s complaint claims that DISH Network is a “seller” and “telemarketer” as such terms are defined by the TSR because the company sells satellite television programming to consumers and also markets its programming through a variety of methods, including telemarketing. According to the complaint, since September 2007, DISH Network has engaged in initiating ...
On August 23, 2012, the United States Court of Appeals for the Sixth Circuit held in Retailer Ventures, Inc. v. Nat’l Union Fire Ins. Co. that losses resulting from the theft of customers’ banking information from a retailer’s computer system are covered under a commercial crime policy’s computer fraud endorsement.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- U.S. State Privacy
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Disclosure
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition
- Facial Recognition Technology
- FACTA
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Legislature
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Online Behavioral Advertising
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Paul Tiao
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- WeProtect Global Alliance
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code