Enforcement | Privacy and Information Security Law Blog

FTC Reaches Settlement with Myspace for Misleading Statements in Privacy Policy

Posted on May 8, 2012 by Hunton & Williams LLP

On May 8, 2012, the Federal Trade Commission announced a settlement agreement with the social networking service Myspace LLC (“Myspace”). The FTC alleged that Myspace’s practice of sharing users’ personal information with unaffiliated third-party advertisers conflicted with representations the company made in its privacy policy, and could allow those advertisers to obtain users’ names, publicly available information and information about their online browsing habits.

Tags: Anonymization, Consent Order, Cookies, Encryption, Federal Trade Commission, MySpace, Personally Identifiable Information, Privacy Policy, Safe Harbor, Social Media

EU Justice Commissioner Viviane Reding Addresses European Data Protection Authorities at Spring Conference

Posted on May 3, 2012 by Hunton & Williams LLP

On May 3, 2012, Viviane Reding, Justice Commissioner and European Commission Vice-President, delivered a speech during the European data protection authorities’ (“DPAs’”) Spring Conference, which was held in closed sessions in Luxembourg. In her speech, Commissioner Reding discussed how the proposed EU Data Protection Regulation aimed to empower the DPAs and addressed some of the DPAs’ primary concerns with the reform.

Tags: Accountability, Article 29 Working Party, Data Protection Authority, Data Transfer, EU Data Protection Directive, EU Member States, Legislation, Privacy By Design

French Data Protection Authority Unveils Its Agenda for 2012

Posted on April 25, 2012 by Hunton & Williams LLP

On April 19, 2012, the French Data Protection Authority (the “CNIL”) issued a press release detailing its enforcement agenda for 2012. In a report adopted March 29, 2012, the CNIL announced that it will conduct 450 on-site inspections this year, with particular focus on the specific themes described below. The CNIL also indicated that it will continue the work started in 2011 with at least 150 additional inspections related to video surveillance, especially with respect to surveillance in locations that are frequented by large numbers of individuals.

Tags: Cloud Computing, CNIL, Data Controller, Data Protection Authority, EU Member States, France, Video Surveillance

HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation

Posted on April 19, 2012 by Hunton & Williams LLP

In the past month, the Department of Health and Human Services (“HHS”) sent its final omnibus rule modifying the HIPAA Privacy, Security and Enforcement Rules to the White House Office of Management and Budget (“OMB”) and announced a $100,000 settlement with Phoenix Cardiac Surgery, P.C. for violations of the HIPAA Rules.

Tags: Consumer Protection, Department of Health and Human Services, HIPAA, HITECH Act, Penalty, Privacy Rule, Protected Health Information, Security Rule

RockYou Settles FTC Charges Related to Data Breach, COPPA Violations

Posted on March 28, 2012 by Hunton & Williams LLP

On March 27, 2012, the Federal Trade Commission announced a proposed settlement order with RockYou, Inc. (“RockYou”), a publisher and developer of applications used on popular social media sites. The FTC alleged that RockYou failed to protect the personal information of 32 million of its users, and violated multiple provisions of the FTC’s Children’s Online Privacy Protection Act (“COPPA”) Rule when it collected information from approximately 179,000 children.

Tags: Consent Order, Consumer Protection, COPPA, Federal Trade Commission, Hacker, Penalty, Privacy Policy, RockYou, Social Media

Massachusetts Attorney General Announces $15,000 Settlement with Property Management Firm

Posted on March 27, 2012 by Hunton & Williams LLP

On March 21, 2012, Massachusetts Attorney General Martha Coakley announced that Maloney Properties Inc. (“MPI”), a property management firm, executed an Assurance of Discontinuance and agreed to pay $15,000 in civil penalties following an October 2011 theft of an unencrypted company-issued laptop. The laptop contained personal information of more than 600 Massachusetts residents and was left in an employee’s car overnight. MPI has indicated that it has no evidence of unauthorized access to or use of the personal information in connection with this breach.

Tags: Consumer Protection, Massachusetts, Penalty, State Attorneys General

EU-U.S. Interoperability Not Ready for Prime Time

Posted on March 23, 2012 by Hunton & Williams LLP

On March 19, 2012, the European Commission hosted this year’s Safe Harbor Conference in Washington, D.C., to address the transfer of data from Europe to the United States. Although it appears the Safe Harbor framework will remain unchanged for the time being, it seems unlikely the United States will be considered adequate, or even interoperable, with the EU for purposes of cross-border data transfers.

Tags: Adequacy, Binding Corporate Rules, Cameron Kerry, Data Transfer, Department of Commerce, European Commission, Safe Harbor, Viviane Reding

ICC Issues Policy Statement on Issues Related to Cross-Border Law Enforcement Access to Company Data

Posted on March 22, 2012 by Hunton & Williams LLP

On March 20, 2012, the International Chamber of Commerce (the “ICC”) released a policy statement entitled “Cross-border law enforcement access to company data – current issues under data protection and privacy law.” The text of the ICC press release quoting Hunton & Williams Brussels partner Christopher Kuner, Chair of the ICC Task Force on Protection of Personal Data and Privacy, is reproduced below.

The International Chamber of Commerce (ICC) has issued a policy statement pointing out conflicts that can arise between law enforcement requirements and privacy commitments when governments seek access to personal data held by companies across national borders.

Entitled “Cross-border law enforcement access to company data – current issues under data protection and privacy law”, the statement analyses the issues that can arise in such situations, and makes recommendations that can help ensure respect for both law enforcement interests and those under data protection and privacy laws and commitments.

“Companies that process data in different countries are facing increasing government pressure to comply with law enforcement and regulatory requests that may conflict both with data protection and privacy laws in other countries in which they operate, and with consumer expectations and commitments to business partners,” said Christopher Kuner, Chair of the Task Force on Protection of Personal Data and Privacy, established by the ICC Commission on the Digital Economy.

“While some countries or regions have legal frameworks for reconciling law enforcement requirements with requirements under data protection and privacy law, many do not, and this can cause companies major problems,” Mr Kuner added. “These sorts of problems are only increasing, given the growth in trans-border data flows.”

Such problems can include conflict with privacy and data protection laws; the violation of commitments to individuals, employees and/or customers; the risk of causing political tensions; and the negative impact a conflict of laws can have on companies’ decisions to invest in certain countries, thus impeding the flow of international commerce.

Drawn up by the ICC Task Force on Protection of Personal Data and Privacy, the statement aims to point out to governments and law enforcement authorities the conflicting requirements many companies are expected to meet; to make recommendations to allow these requirements to be reconciled, and thus to strengthen the flow of global commerce by giving companies the increased legal security they need.

“Implementation of the policy recommendations would allow for improved compliance with legitimate public and law enforcement requests, and would permit companies to better cope with conflicting legal obligations, promote compliance with data protection and privacy laws in general, and ultimately strengthen the flow of international commerce by giving companies increased legal security to plan further investments,” Mr Kuner said.

The ICC statement represents the participation of 95 companies, organizations and ICC national committees in 25 countries worldwide.

Read the full policy statement.

Tags: Cross-Border Data Flow, International Chamber of Commerce

HHS Settles First Breach Notification Rule Case for $1.5 Million

Posted on March 14, 2012 by Hunton & Williams LLP

On March 13, 2012, the Department of Health and Human Services (“HHS”) announced that it had settled the first case related to the HITECH Act Breach Notification Rule. BlueCross Blue Shield of Tennessee (“BCBS Tennessee”) agreed to pay $1.5 million to settle potential HIPAA violations related to the October 2009 theft of 57 unencrypted hard drives containing protected health information (“PHI”) from a network data closet at a leased facility leased in Chattanooga, Tennessee.

Tags: Consumer Protection, Department of Health and Human Services, HIPAA, HITECH Act, Penalty, Privacy Rule, Protected Health Information, Social Security Number, Tennessee

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

EU Justice Commissioner Viviane Reding Addresses European Data Protection Authorities at Spring Conference

HHS Finalizes Omnibus HIPAA Rule for OMB Review; Settles with Phoenix Cardiac Surgery Following OCR Investigation

Massachusetts Attorney General Announces $15,000 Settlement with Property Management Firm

EU-U.S. Interoperability Not Ready for Prime Time

ICC Issues Policy Statement on Issues Related to Cross-Border Law Enforcement Access to Company Data

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Privacy News