Caveat Vendor

    New Law Requires New Jersey Health Insurance Companies to Encrypt Personal Information

    by Mary-Elizabeth M. Hadley on Jan 14, 2015
    Posted in
    • Legislation
    • Privacy and Security
    • Consumer Protection
    New legislation signed by New Jersey Governor Chris Christie late last week mandates that health insurance companies in the state protect the personal information they compile or maintain through encryption or “by any other method or technology rendering it unreadable, undecipherable, or otherwise unusable by an unauthorized person.”
    Full story

     


    In Visit to FTC, President Outlines Broad Privacy Agenda, Offers Scant Details

    by Matt Gibson on Jan 13, 2015
    Posted in
    • Privacy and Security
    • Legislation
    On Monday, January 12, President Obama gave a speech at the Federal Trade Commission in which he announced a multi-faceted legislative agenda aimed at creating a uniform national breach notification requirement, establishing national standards for consumer privacy, and expanding protections for educational data. While the President’s speech and the accompanying fact sheet outlined a broad privacy agenda, both were short on detail, leaving the public – and Congress – to speculate about the specifics of the President’s plan.
    Full story

     


    Privacy and Security Issues Faced by Tech Companies

    by Behnam Dayanim on Dec 15, 2014
    Posted in
    • Privacy and Security
    In a recent interview (from before reports of the Sony data breach!), I discuss some of the most pressing privacy and security issues facing tech companies today.
    Full story

     


    Self-Regulatory Organization Enforcement Agreements Aim to Increase Transparency in Personalized Ads

    by Devon Winkles and Mary-Elizabeth M. Hadley on Nov 06, 2014
    Posted in
    • Regulation and Enforcement
    • Privacy and Security
    • False Advertising
    • Consumer Protection
    Last week, the Advertising Self-Regulatory Council’s Online Interest-Based Advertising Accountability Program released agreements with five website operators addressing their compliance with the Self-Regulatory Principles for Online Behavioral Advertising (“OBA Principles”).
    Full story

     


    FCC Enters New Area of Privacy and Data Security Regulation with Proposed $10 Million Fine

    by Matt Gibson on Oct 28, 2014
    Posted in
    • Regulation and Enforcement
    • Privacy and Security
    In a split vote last Friday, the Federal Communications Commission (FCC or Commission) invoked a seldom-used provision of the Communications Act and signaled its intent to impose a $10 million fine on two affiliated telecommunications carriers, TerraCom, Inc. and YourTel America, Inc., for allegedly failing to protect consumers’ personal information. By flexing previously unused statutory muscles, last week’s decision is a strong signal of the Commission’s desire to expand its role as a privacy and data security regulator. In particular, the Commission appears to be attempting to create an entirely new data breach notification requirement under federal communications law. Telecommunications carriers should take note.
    Full story

     


    Certain Financial Institutions Can Save Money by Posting Privacy Notices Online, Says the CFPB

    by Mary-Elizabeth M. Hadley on Oct 22, 2014
    Posted in
    • Regulation and Enforcement
    • Privacy and Security
    Earlier this week, the Consumer Financial Protection Bureau (CFPB or Bureau) issued a final rule permitting financial institutions to post privacy notices online – instead of distributing an annual copy by mail – but only if they comply with several important conditions.
    Full story

     


    TCPA Update: Second Circuit Agrees with FCC and Limits Scope of Son-In-Law’s Consent

    by Matt Gibson on Oct 20, 2014
    Posted in
    • Regulation and Enforcement
    • Privacy and Security
    Last week, the Second Circuit agreed with the FCC’s analysis in Nigro v. Mercantile Adjustment Bureau
    Full story

     


    FCC Seeks Public Input: Who Qualifies as a “Called Party” Under TCPA?

    by Matt Gibson on Oct 20, 2014
    Posted in
    • Regulation and Enforcement
    • Privacy and Security
    Last week, the Federal Communications Commission (FCC) released a Public Notice announcing that it was seeking comment on a Petition for Declaratory Ruling that the Consumer Bankers Association (CBA) filed in September.
    Full story

     


    TCPA Update: Eleventh Circuit Rejects District Court’s Attempt to Review the FCC’s Consent Policy for Debt Collection Calls

    by Matt Gibson on Oct 08, 2014
    Posted in
    • Privacy and Security
    • Regulation and Enforcement
    Sometimes weather looks threatening, but the rain never falls. Such is the case with our recent post discussing a cluster of cases addressing whether federal district courts have the authority to consider the validity of the FCC’s debt collection consent policy under its Telephone Customer Protection Act rules.
    Full story

     


    Do Proposed #FDA Pharma Twitter Rules Violate the #FirstAmendment?

    by Devon Winkles on Sep 29, 2014
    Posted in
    • False Advertising
    • Regulation and Enforcement
    How many warnings can one 140-character tweet contain? Well, under the U.S. Food and Drug Administration’s proposed guidance for pharmaceutical promotion on Twitter and other character-limited platforms such as Google Sitelinks, we soon may find out.
    Full story