Tag Archives: Personally Identifiable Information

Hunton Co-Sponsors Webcast on Preparing for a New U.S. Privacy Landscape

Posted on May 23, 2012 by Hunton & Williams LLP

On May 24, 2012, Hunton & Williams LLP and Jordan Lawrence Group are pleased to present a 45-minute webcast on “Preparing for a New U.S. Privacy Landscape: An Overview of the FTC and White House Frameworks.” Presenters Lisa J. Sotto, partner and head of the Global Privacy and Data Security practice at Hunton & Williams, Aaron P. Simpson, partner at Hunton & Williams, and Rebecca Perry, Executive Vice President of Professional Services of Jordan Lawrence Group, will highlight the key privacy and information security issues contained in these new frameworks and the impact they will have on records management. The presenters also will address the key elements of the White House’s February 2012 Consumer Privacy Bill of Rights and highlights from the Federal Trade Commission’s final report on protecting consumer privacy issued in March 2012.

Continue reading…

Tags: , , , , , ,

California District Court Certifies Class in ZIP Code Collection Suit

Posted on May 21, 2012 by Hunton & Williams LLP

As reported in BNA’s Privacy & Security Law Report, on May 4, 2012, the United States District Court for the Southern District of California granted plaintiffs’ motion for class certification in an action against IKEA U.S. West, Inc. (“IKEA”) under the Song-Beverly Credit Card Act of 1971 (the “Song-Beverly Act”). The suit alleges that IKEA violated the Song-Beverly Act by requesting that cardholders provide their ZIP codes during credit card transactions, and then recording that information in an electronic database. The Court found that the class definition was not overbroad and that IKEA’s practice of requesting ZIP codes demonstrated common questions of law best resolved through a class action.

Continue reading…

Tags: , , , , , ,

FTC Reaches Settlement with Myspace for Misleading Statements in Privacy Policy

Posted on May 8, 2012 by Hunton & Williams LLP

On May 8, 2012, the Federal Trade Commission announced a settlement agreement with the social networking service Myspace LLC (“Myspace”). The FTC alleged that Myspace’s practice of sharing users’ personal information with unaffiliated third-party advertisers conflicted with representations the company made in its privacy policy, and could allow those advertisers to obtain users’ names, publicly available information and information about their online browsing habits.

Continue reading…

Tags: , , , , , , , , ,

Chinese Ministry of Industry and Information Technology Issues New Data Protection Regulations

Posted on February 3, 2012 by Hunton & Williams LLP

The Ministry of Industry and Information Technology of the People’s Republic of China (the “MIIT”) recently issued a regulation entitled “Several Provisions on Regulating Market Orders of Internet Information Services” (the “New Regulations”). The New Regulations, which will take effect on March 15, 2012, include significant new data protection requirements applicable to Internet information service providers (“IISPs”). Consistent with data protection regimes currently in place elsewhere in the world, IISPs will be required to provide much stronger protection for the personal data they collect from users in China, and will be subject to notice and consent requirements, collection limitations and use limitations.

Continue reading…

Tags: , ,

Connecticut AG Announces Agreement with MetLife over 2009 Breach Incident

Posted on January 27, 2012 by Hunton & Williams LLP

On January 24, 2011, Connecticut Attorney General George Jepsen and Consumer Protection Commissioner William Rubenstein announced that they had reached an Assurance of Voluntary Compliance (“AVC”) with Metropolitan Life Insurance Co. (“MetLife”) in connection with an incident involving the disclosure of customer personal information on the Internet. In November 2009, a MetLife employee posted the personally identifiable information of current and former MetLife customers, including their Social Security numbers, on the Internet. Following the discovery of the posting, MetLife acted to mitigate possible harm by providing credit monitoring and identity theft insurance to the affected customers.

Continue reading…

Tags: , , , , ,

Massachusetts Court Dismisses ZIP Code Suit for Failure to Allege a Cognizable Injury

Posted on January 12, 2012 by Hunton & Williams LLP

On January 6, 2012, the United States District Court for the District of Massachusetts granted Michaels Stores, Inc.’s (“Michaels”) a motion to dismiss against a customer-plaintiff who alleged that Michaels’ in-store information collection practices violated Massachusetts law. Although the court ruled in Michaels’ favor, it found that customer ZIP codes do constitute personal information under Massachusetts state law when collected in the context of a credit card transaction. The plaintiff’s class action complaint alleged that “Michaels illegally requested customers’ ZIP codes when processing their credit card transactions in violation of” Massachusetts General Laws Chapter 93, Section 105(a) (“Section 105(a)”). Specifically, Section 105(a) states that “[n]o person, firm, partnership, corporation or other business entity that accepts a credit card for a business transaction shall write, cause to be written or require that a credit card holder write personal identification information, not required by the credit card issuer, on the credit card transaction form.”

Continue reading…

Tags: , , , , , ,

FTC Settles with Alleged Stealth Behavioral Advertising Targeter

Posted on January 9, 2012 by Hunton & Williams LLP

On January 5, 2012, the Federal Trade Commission announced a proposed settlement with Upromise, Inc., a membership reward service that gives cash rebates for college savings accounts to members who purchase products and services from its partner merchants. The FTC alleged that the “Personalized Offers” feature on the Upromise TurboSaver Toolbar (1) collected far more information about users’ browsing behavior than was disclosed at the time of installation, and (2) contrary to representations in the company’s privacy notice, transmitted that information, which included data such as Social Security numbers and financial account numbers, in clear text.

Continue reading…

Tags: , , , , ,

Netflix Litigation Ordered to Mediation as House Passes VPPA Amendment

Posted on December 15, 2011 by Hunton & Williams LLP

On December 1, 2011, a consolidated litigation against Netflix was ordered to private mediation pursuant to an agreement between the parties. As we previously reported, the plaintiffs allege that Netflix’s practice of maintaining customer movie rental history and recommendations after their subscriptions are cancelled violates the federal Video Privacy Protection Act (“VPPA”). In August 2011, several similar cases against Netflix were consolidated by a federal court in California.

News of the mediation order comes as a significant amendment to the VPPA awaits Senate approval. On December 6, 2011, the House of Representatives passed House Bill 2471 (“H.B. 2471”), which would allow video tape service providers to obtain consumers’ informed, written consent to disclose their personally identifiable information “[i]n advance for a set period of time or until consent is withdrawn.” H.B. 2471 also provides that “informed written consent” may be obtained electronically over the Internet. As we reported earlier this year, concerns regarding potential VPPA violations prompted Netflix to delay the U.S. launch of an integrated service with Facebook that would allow subscribers to share their television and movie viewing information. In July 2011, Netflix’s CEO criticized the VPPA as being “ambiguous” and “poorly drafted.” Discussing H.B. 2471 on the Netflix Blog, the company called on its customers to email Congress “to urge them to pass this modernizing legislation.”

Tags: , , , , , , , ,

Netflix Backs Amendment to Video Privacy Protection Act

Posted on July 27, 2011 by Hunton & Williams LLP

On July 25, 2011, Netflix stated that it will hold off on the launch of its Facebook integration in the U.S. due to legal issues related to the Video Privacy Protection Act (“VPPA”).  The new Facebook feature would allow Netflix subscribers to share their movie viewing information with friends online.  Netflix indicated in its second quarter shareholder letter that it supports House Bill 2471 (“H.B. 2471”), a proposed bipartisan amendment to the VPPA intended to clarify the consent requirement for sharing consumer video viewing information.  The letter states that “[u]nder the VPPA, it is ambiguous when and how a user can give permission for his or her video viewing data to be shared” and that the VPPA “discourages us from launching our Facebook integration domestically.”  As a result, the company plans to limit the campaign to Canada and Latin America until questions concerning the VPPA are resolved. Continue reading…

Tags: , , , , , , , ,

Senator Leahy Introduces the Personal Data Privacy and Security Act of 2011

Posted on June 10, 2011 by Hunton & Williams LLP

On June 7, 2011, Senator Patrick Leahy (D-VT) introduced the “Personal Data Privacy and Security Act of 2011” (the “Act”), co-sponsored by Senators Charles Schumer (D-NY) and Ben Cardin (D-MD).  This marks the fourth time Senator Leahy has introduced ambitious privacy legislation; in 2005, 2007 and 2009, similar bills failed to advance in the Senate.  In his press release, Senator Leahy stated that “many recent and troubling data breaches in the private sector and in our government are clear evidence that developing a comprehensive national strategy to protect data privacy and security is one of the most challenging and important issues facing our country.”

Continue reading…

Tags: , , , ,