Privacy and Information Security Law Blog

Tag Archives: Personally Identifiable Information

California AG’s Mobile App Case Against Delta Dismissed

Posted on May 10, 2013 by Hunton & Williams LLP

A state court has dismissed the California Attorney General’s claims that Delta Air Lines Inc. (“Delta”) violated the California Online Privacy Protection Act by failing to have an appropriately posted privacy policy for its mobile application, Bloomberg reports. The California AG sued Delta in December as part of an enforcement campaign that began with the issuance of warning letters to approximately 100 operators of mobile apps, including Delta. According to the Bloomberg report, a basis for the dismissal was the federal Airline Deregulation Act, under which a state “may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier that may provide air transportation under this subpart.” 49 U.S.C. § 41713.

Tags: California, Enforcement, Mobile App, Online Privacy, Personally Identifiable Information, Privacy Policy, State Attorneys General, U.S. Federal Law, U.S. State Law

FTC Issues Updated FAQs Addressing COPPA Compliance Requirements

Posted on April 26, 2013 by Hunton & Williams LLP

On April 25, 2013, the Federal Trade Commission released an updated version of its frequently asked questions regarding the Children’s Online Privacy Protection Act of 1998 (“COPPA”). The revised FAQs, entitled Complying with COPPA: Frequently Asked Questions (A Guide for Business and Parents and Small Entity Compliance Guide), provide general information on COPPA’s requirements and also include new guidance on the recent amendments to the Children’s Online Privacy Protection Rule (“COPPA Rule”).

Tags: COPPA, Federal Trade Commission, Geolocation, Internet, Mobile App, Online Privacy, Personally Identifiable Information, Privacy Policy, Social Security Number

Chinese Ministry of Industry and Information Technology Enacts Draft Rules on Personal Information

Posted on April 24, 2013 by Hunton & Williams LLP

On April 10, 2013, the Ministry of Industry and Information Technology of the People’s Republic of China (the “MIIT”) enacted two draft rules (“Provisions on the Protection of Personal Information of Telecommunications and Internet Users” and “Provisions on the Registration of Real Identity Information of Telephone Users”) to solicit public comments. The comment period is open until May 15, 2013. Both Drafts include proposals for substantial provisions on the protection of personal information and were enacted according to the Resolution of the Standing Committee of the National People’s Congress Relating to Strengthening the Protection of Information on the Internet (issued by the Standing Committee in December 2012) and some other telecommunications rules.

Tags: China, Criminal Law, Enforcement, Information Security, International, Marketing, Online Privacy, Penalty, Personally Identifiable Information, Security Breach, Telecommunications

UK ICO issues Guidance on BYOD for Organizations

Posted on March 18, 2013 by Hunton & Williams LLP

On March 7, 2013, the UK Information Commissioner’s Office (“ICO”) published guidance (the “Guidance”) on Bring Your Own Device (“BYOD”) to explain to data controllers “what they need to consider when permitting the use of personal devices to process personal data for which they are responsible.” BYOD refers to the use of individuals’ personal devices to access and store corporate information.

Tags: Accountability, BYOD, Christopher Graham, Data Controller, Data Protection Act, European Union, General, Geolocation, Information Commissioners Office, International, Personally Identifiable Information, Social Media, United Kingdom, Workplace Privacy

Massachusetts Court Ruling Benefits Plaintiff in Zip Code Case

Posted on March 11, 2013 by Hunton & Williams LLP

On March 11, 2013, in Tyler v. Michaels Stores, Inc., the Massachusetts Supreme Judicial Court effectively reinstated the suit against the retailer by answering favorably for the plaintiff three certified questions from the United States District Court for the District of Massachusetts regarding Massachusetts General Laws Chapter 93, Section 105(a) entitled “Consumer Privacy in Commercial Transactions” (“Section 105(a)”). The court ruled that (1) a ZIP code constitutes personal identification information under the Massachusetts law; (2) a plaintiff may bring an action for a violation of the Massachusetts law absent identity fraud; and (3) the term “credit card transaction form” refers equally to electronic and paper transaction forms. The Massachusetts court’s determination that a ZIP code constitutes personal identification information is similar to the determination in Pineda v. Williams-Sonoma Stores, Inc., in which the California Supreme Court held that ZIP codes are “personal identification information” under California’s Song-Beverly Credit Card Act. More than 15 states, including Massachusetts and California, have statutes limiting the type of information that retailers can collect from customers.

Tags: California, Class Action, Consumer Protection, Enforcement, Identity Theft, Information Security, Litigation, Massachusetts, Payment Card, Personally Identifiable Information, Song-Beverly Act, U.S. State Law, ZIP Codes

UK Court Rules Criminal Records Checks System Breaches Human Rights

Posted on February 6, 2013 by Hunton & Williams LLP

On January 29, 2013, the UK Court of Appeal ruled that the UK criminal records disclosure regime is disproportionate and incompatible with the UK Human Rights Act 1998 (the “Act”). The landmark judgment focused on the case of an appellant named “T,” who had received two “cautions” for stealing two bicycles when he was 11 years old. After a number of years, the appellant had to disclose these cautions twice in connection with required criminal records checks: first, at the age of 17, when he applied for a part-time job at a local football club, and again when he applied for a college course.

Tags: European Union, International, Legislation, Personally Identifiable Information, United Kingdom, Workplace Privacy

California Ruling Finds Song-Beverly Act Does Not Apply to Online Transactions

Posted on February 5, 2013 by Hunton & Williams LLP

On February 4, 2013, the Supreme Court of California examined whether Section 1747.08 of the Song-Beverly Credit Card Act (“Song-Beverly”) prohibits an online retailer from requesting or requiring personal identification information from a customer as a condition to accepting a credit card as payment for an electronically downloadable product. In a split decision, the majority of the court ruled that Song-Beverly does not apply to online purchases in which the product is downloaded electronically.

Tags: Apple Inc., California, Class Action, Consumer Protection, Litigation, Online Privacy, Payment Card, Personally Identifiable Information, Song-Beverly Act, U.S. State Law

California Ruling Permits Collection of ZIP Codes After Receipt Is Provided to Customer

Posted on January 11, 2013 by Hunton & Williams LLP

As reported in BNA’s Privacy & Security Law Report, on December 14, 2012, a federal district court in California ruled that a retail store’s policy of collecting personal information only after providing customers with receipts does not violate the Song-Beverly Credit Card Act (“Song-Beverly”). Under Section 1747.08(a)(2) of Song-Beverly, a retailer that accepts credit cards for the transaction of business may not “[r]equest, or require as a condition to accepting the credit card as payment … the cardholder to provide personal identification information,” which the entity accepting the credit card then “writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.”

Tags: California, Class Action, Consumer Protection, Enforcement, Information Security, Litigation, Payment Card, Personally Identifiable Information, Safe Harbor, Song-Beverly Act, U.S. State Law, ZIP Codes

Congress Approves VPPA Consent Requirement Changes

Posted on December 21, 2012 by Hunton & Williams LLP

On December 18, 2012, the U.S. House of Representatives passed H.R. 6671, a bill that would amend the Video Privacy Protection Act (“VPPA”) consent requirements for disclosing consumers’ viewing information. The Senate approved the bill without changes on December 20, 2012. The bill would make it easier for companies to develop innovative technologies for the sharing of consumers’ video viewing habits. The current version of the VPPA requires certain video providers to obtain a consumer’s consent each time they wish to share the consumer’s viewing information, with few exceptions. The amendment would allow video providers to obtain consumers’ consent by electronic means “in advance for a set period of time, not to exceed 2 years” to share their viewing information. The video providers also must allow consumers to withdraw their consent on a case-by-case basis. President Obama is expected to sign the bill into law.

Netflix, the most prominent supporter of the bill, applauded its passage. Netflix previously had backed similar proposals to amend the VPPA.

Update: On January 10, 2013, President Obama signed the Video Privacy Protection Act Amendments Act of 2012 into law.

Tags: Congress, Consent, Consumer Protection, Netflix, Obama, Online Privacy, Personally Identifiable Information, U.S. Federal Law, Video Privacy Protection Act

California AG Sues Delta for Failure to Post a Privacy Policy on Its Mobile App

Posted on December 7, 2012 by Hunton & Williams LLP

On December 6, 2012, California Attorney General Kamala D. Harris announced a lawsuit against Delta Air Lines, Inc. (“Delta”) for violations of the California Online Privacy Protection Act (“CalOPPA”). The suit, which the Attorney General filed in the San Francisco Superior Court, alleges that Delta failed to conspicuously post a privacy policy within Delta’s “Fly Delta” mobile application to inform users of what personally identifiable information is collected and how it is being used by the company. CalOPPA requires “an operator of a commercial Web site or online service that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service,” such as a mobile application, to post a privacy policy that contains the elements set out in CalOPPA. According to Attorney General Harris’ complaint, Delta has operated the “Fly Delta” application for smartphones and other electronic devices since at least 2010. The complaint alleges that “[d]espite collecting substantial personally identifiable information (“PII”) such as user’s full name, telephone number, email address, frequent flyer account number and PIN code, photographs, and geo-location, the Fly Delta application does not have a privacy policy. It does not have a privacy policy in the application itself, in the platform stores from which the application may be downloaded, or on Delta’s website.”

Tags: California, Enforcement, Online Privacy, Penalty, Personally Identifiable Information, Privacy Policy, State Attorneys General, U.S. State Law

Privacy and Information Security Law Blog - Global privacy and information security law updates and analysis

Tag Archives: Personally Identifiable Information

California AG’s Mobile App Case Against Delta Dismissed

Chinese Ministry of Industry and Information Technology Enacts Draft Rules on Personal Information

Massachusetts Court Ruling Benefits Plaintiff in Zip Code Case

UK Court Rules Criminal Records Checks System Breaches Human Rights

California Ruling Finds Song-Beverly Act Does Not Apply to Online Transactions

California Ruling Permits Collection of ZIP Codes After Receipt Is Provided to Customer

California AG Sues Delta for Failure to Post a Privacy Policy on Its Mobile App

Published By Hunton & Williams

Search

Subscribe

Topics

Recent Updates

Blogroll

Stay Connected

Privacy News