Caveat Vendor

    LinkedIn Reference Searches Do Not Violate the FCRA, Says a Federal Court

    by Mary-Elizabeth M. Hadley on Apr 23, 2015
    Posted in
    • Privacy and Security
    • Complex Litigation
    Last week, Magistrate Judge Paul S. Grewal issued an order for the Northern District of California granting LinkedIn Corporation’s (“LinkedIn”) Motion to Dismiss a proposed class action alleging that its “Reference Searches” – which enable employers to find people with whom a job applicant may have worked previously – violated the Fair Credit Reporting Act (“FCRA”).
    Full story

     


    The Video Privacy Protection Act - Recent Decisions Further Narrow the Contours of Liability

    by Behnam Dayanim and Kevin P. Broughel on Apr 14, 2015
    Posted in
    • Privacy and Security
    • Complex Litigation
    The Video Privacy Protection Act (“VPPA”) came into existence in the wake of a Washington Post report of Supreme Court nominee Robert Bork’s video rental history. Although the days of renting VHS tapes are now gone, the VPPA endures. Over the last several years a number of high profile lawsuits have been filed against online video and service providers for alleged violations of the VPPA, causing anxiety among content providers of all stripes. However, two recent decisions perhaps point to an emerging sense among courts that some limitations on the statute’s application are warranted.
    Full story

     


    Clear and “Present” (Capacity): In the Absence of FCC Guidance, Federal Judge Interprets Scope of Autodialer Definition under TCPA

    by Sherrese Smith and Matt Gibson on Feb 10, 2015
    Posted in
    • Regulation and Enforcement
    • Privacy and Security
    Late last week, GroupMe, Inc. won an important victory in Glauser v. GroupMe, Inc., a federal class action stemming from allegations that the company violated the Telephone Consumer Protection Act of 1991 (TCPA) by sending unauthorized text messages to the plaintiff. Perhaps more significantly, in granting summary judgment to GroupMe, the trial court took a step that the Federal Communications Commission (FCC) thus far has not taken and addressed a lingering question of how the TCPA and the FCC’s implementing regulations define an automatic telephone dialing system (ATDS).
    Full story

     


    In Sweeping Proposal to Regulate Broadband Internet Service, FCC Sets Stage for Greater Privacy and Data Security Oversight

    by Sherrese Smith and Matt Gibson on Feb 05, 2015
    Posted in
    • Regulation and Enforcement
    • Privacy and Security
    As described in our recent Stay Current, yesterday the Federal Communications Commission (FCC) released a Fact Sheet outlining many aspects of FCC Chairman Tom Wheeler’s draft order to reclassify broadband internet services as a “telecommunications service” thereby enhancing the FCC’s ability to regulate different aspects of broadband internet service.
    Full story

     


    FTC to IoT Developers: Get Serious (or at Least Reasonable) About Security

    by Matt Gibson on Feb 02, 2015
    Posted in
    • Regulation and Enforcement
    • Privacy and Security
    Just last week, the Federal Trade Commission (FTC) released a staff report on the Internet of Things (IoT) outlining specific recommendations and its views on best practices that IoT developers should implement to protect consumer privacy and security of IoT devices. The FTC defines IoT as devices – other than computers, smartphones and tablets – that “connect, communicate or transmit information with or between each other through the Internet.”
    Full story

     


    New Law Requires New Jersey Health Insurance Companies to Encrypt Personal Information

    by Mary-Elizabeth M. Hadley on Jan 14, 2015
    Posted in
    • Legislation
    • Privacy and Security
    • Consumer Protection
    New legislation signed by New Jersey Governor Chris Christie late last week mandates that health insurance companies in the state protect the personal information they compile or maintain through encryption or “by any other method or technology rendering it unreadable, undecipherable, or otherwise unusable by an unauthorized person.”
    Full story

     


    In Visit to FTC, President Outlines Broad Privacy Agenda, Offers Scant Details

    by Matt Gibson on Jan 13, 2015
    Posted in
    • Privacy and Security
    • Legislation
    On Monday, January 12, President Obama gave a speech at the Federal Trade Commission in which he announced a multi-faceted legislative agenda aimed at creating a uniform national breach notification requirement, establishing national standards for consumer privacy, and expanding protections for educational data. While the President’s speech and the accompanying fact sheet outlined a broad privacy agenda, both were short on detail, leaving the public – and Congress – to speculate about the specifics of the President’s plan.
    Full story

     


    Privacy and Security Issues Faced by Tech Companies

    by Behnam Dayanim on Dec 15, 2014
    Posted in
    • Privacy and Security
    In a recent interview (from before reports of the Sony data breach!), I discuss some of the most pressing privacy and security issues facing tech companies today.
    Full story

     


    Self-Regulatory Organization Enforcement Agreements Aim to Increase Transparency in Personalized Ads

    by Devon Winkles and Mary-Elizabeth M. Hadley on Nov 06, 2014
    Posted in
    • Regulation and Enforcement
    • Privacy and Security
    • False Advertising
    • Consumer Protection
    Last week, the Advertising Self-Regulatory Council’s Online Interest-Based Advertising Accountability Program released agreements with five website operators addressing their compliance with the Self-Regulatory Principles for Online Behavioral Advertising (“OBA Principles”).
    Full story

     


    FCC Enters New Area of Privacy and Data Security Regulation with Proposed $10 Million Fine

    by Matt Gibson on Oct 28, 2014
    Posted in
    • Regulation and Enforcement
    • Privacy and Security
    In a split vote last Friday, the Federal Communications Commission (FCC or Commission) invoked a seldom-used provision of the Communications Act and signaled its intent to impose a $10 million fine on two affiliated telecommunications carriers, TerraCom, Inc. and YourTel America, Inc., for allegedly failing to protect consumers’ personal information. By flexing previously unused statutory muscles, last week’s decision is a strong signal of the Commission’s desire to expand its role as a privacy and data security regulator. In particular, the Commission appears to be attempting to create an entirely new data breach notification requirement under federal communications law. Telecommunications carriers should take note.
    Full story