Monthly Archives: May 2011

California Bill Targets Social Networking Privacy

Posted on May 17, 2011 by Hunton & Williams LLP

A new bill proposed in California, the Social Networking Privacy Act (the “Act”), would force social networking websites to establish default privacy settings for their users that prohibit such sites from publicly displaying most information about users without the users’ consent.  Given that many social networking websites currently have default settings that make user personal information and photos public unless the user changes those settings, the Act would represent a fundamental shift in social networking privacy. Continue reading…

Tags: California, Facebook, Google, Online Privacy, Penalty, Social Media, Twitter, U.S. State Law

German Federal Office for Information Security Issues Final Framework Paper on Information Security for Cloud Computing

Posted on May 16, 2011 by Hunton & Williams LLP

On May 10, 2011, the German Federal Office for Information Security, (the Bundesamt für Sicherheit in der Informationstechnik or “BSI”) released the final framework paper on information security issues related to cloud computing.  The paper describes the minimum requirements for information security for cloud computing services.  As we previously reported, in September 2010, the BSI had presented the draft framework paper which received positive reviews and constructive comments from cloud computing providers, users, associations and other stakeholders.  The comments and contributions have been incorporated in the final framework paper.  According to the BSI, the paper provides “Best Practices” and serves as a basis for the discussion between cloud computing service providers and cloud users.  Based on the paper, concrete recommendations for companies or public authorities may be developed, including at the international level.

Tags: Cloud Computing, European Union, Germany, Information Security, International, Jörg Hladjk

UK Cookie Law Requires Opt-in Consent

Posted on May 14, 2011 by Hunton & Williams LLP

From May 26, 2011, UK law regulating the use of cookies on websites will change from an opt-out regime, to one requiring prior opt-in consent.  This change poses significant practical challenges for website operators.  In guidance on the new regulations, the UK Information Commissioner has acknowledged the challenge but warned that website operators must take steps now to ensure that they are ready to comply. Continue reading…

Tags: Behavioral Advertising, Consumer Protection, Cookies, Enforcement, European Union, Information Commissioners Office, International, Online Privacy, Opt-In Consent, United Kingdom

White House Releases Cybersecurity Legislative Proposal

Posted on May 13, 2011 by Hunton & Williams LLP

On May 12, 2011, the White House released the long-expected cybersecurity legislative proposal in response to the need to protect Americans from cyber threats.  The proposal is the culmination of several years of work following the White House’s release of the Cyberspace Policy Review in 2009 and includes the following sections:

Continue reading…

Tags: Cybersecurity, Information Security, Legislation, Obama, Security Breach, U.S. Federal Law

Disney Subsidiary Settles FTC COPPA Violation Charges with $3 Million Penalty

Posted on May 13, 2011 by Hunton & Williams LLP

On May 12, 2011, the Federal Trade Commission announced that Playdom, Inc., a Disney subsidiary, has agreed to pay $3 million to settle charges that the company violated Section 5 of the FTC Act and the Children’s Online Privacy Protection Rule (“COPPA Rule”) “by illegally collecting and disclosing personal information from hundreds of thousands of children under age 13 without their parents’ prior consent.”  This settlement marks the largest civil penalty imposed for an FTC COPPA Rule violation. Continue reading…

Tags: Consent Order, Consumer Protection, COPPA, Enforcement, Federal Trade Commission, Information Security, Online Privacy, Penalty

UK ICO Releases Code on Data Sharing

Posted on May 12, 2011 by Hunton & Williams LLP

On May 11, 2011, the UK Information Commissioner’s Office (the “ICO”) published a new statutory code of practice on the sharing of personal data.  As stated in the ICO’s press release, the code of practice covers best practices for both routine and one-off data sharing activities, and offers organizations tips for reducing the risk of inappropriate or insecure data sharing.  By helping organizations understand how to share data appropriately, the code of practice should facilitate compliance with the Data Protection Act and minimize the risk of enforcement actions by the ICO or other regulators.

Continue reading…

Tags: Christopher Graham, Data Protection Act, European Union, Information Commissioners Office, Information Security, International, Security Breach, United Kingdom

Senator Rockefeller Introduces the Do-Not-Track Online Act of 2011

Posted on May 9, 2011 by Hunton & Williams LLP

On May 9, 2011, Senator Jay Rockefeller (D-WV), the Chairman of the Senate Committee on Commerce, Science and Transportation, introduced the “Do-Not-Track Online Act of 2011” (the “Act”).  The Act instructs the Federal Trade Commission to promulgate regulations that would (1) create standards for the implementation of a “Do Not Track” mechanism that would enable individuals to express a desire to not be tracked online and (2) prohibit online service providers from tracking individuals who express such a desire.  The regulations would allow online service providers to track individuals who do not want to be tracked only if (1) the tracking is necessary to provide a service requested by the individual (and the individuals’ information is anonymized or deleted when the service is provided), or (2) the individual is given clear notice about the tracking and affirmatively consents to the tracking.

Continue reading…

Tags: Anonymization, Behavioral Advertising, Do Not Track, Enforcement, Federal Trade Commission, Jay Rockefeller, Legislation, Online Privacy, Penalty, Senate, State Attorneys General

Supreme Court Hears Oral Argument in Sorrell v. IMS Health

Posted on May 9, 2011 by Hunton & Williams LLP

On April 26, 2011, the United States Supreme Court heard oral argument in Sorrell v. IMS Health, a case concerning the constitutionality of a Vermont law that restricts access to prescription drug records.  Laws enacted by New Hampshire, Maine and Vermont prohibit pharmacies from selling prescriber-identifiable information in prescription records to third parties for marketing purposes.  The Supreme Court seeks to resolve a circuit split that resulted from legal challenges to the statutes in all three states.  Thomas Julin, partner at Hunton & Williams LLP, represents IMS Health and discussed the litigation in an interview with Fred Cate, Senior Policy Advisor of the Centre for Information Policy Leadership, during the Centre’s First Friday Call on May 6, 2011.

Tags: Centre for Information Policy Leadership, Health Privacy, Litigation, Maine, Marketing, New Hampshire, Supreme Court, U.S. State Law, Vermont

Update: NLRB Remains Focused on Social Media Issues

Posted on May 5, 2011 by Hunton & Williams LLP

As reported in Hunton & Williams’ Employment & Labor Perspectives blog:

The National Labor Relations Board (“NLRB”) regional offices addressing complaints involving employers’ social media policies must seek advice from the NLRB’s Division of Advice before taking any action.  The memorandum, issued by the NLRB’s Office of the General Counsel on April 12th, added social media disputes to the list of matters that must be submitted to the Division of Advice.  The Division of Advice is responsible for issuing opinions on difficult or novel labor issues.

Continue reading…

Tags: Facebook, Social Media, Twitter, Workplace Privacy

Ceridian and Lookout Services Settle FTC Charges over Failure to Secure Customers’ Personal Information

Posted on May 5, 2011 by Hunton & Williams LLP

On May 3, 2011, the Federal Trade Commission announced that it had reached settlements with Ceridian Corporation and Lookout Services, Inc. after alleging both companies had misrepresented the extent of their data security practices and subsequently failed to safeguard their customers’ information.  According to the FTC’s press release, the settlements “are part of the FTC’s ongoing efforts to ensure that companies secure the sensitive consumer information they maintain.”

Continue reading…

Tags: Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Hacker, Information Security, Security Breach, Social Security Number