On January 12, 2021, in Wengui v. Clark Hill, PLC, et al., the United States District Court for the District of Columbia rejected a law firm defendant’s assertions of the attorney-client privilege and work product doctrine for forensic reporting and other related information associated with its outside counsel’s data breach investigation.
Continue Reading D.C. Court Rejects Attorney-Client Privilege and Work Product Protections in Data Breach Case

As reported on the Hunton Retail Law Resource blog, the Federal Trade Commission settled charges with mobile advertising company Tapjoy, Inc., on allegations that the company failed to provide promised rewards in exchange for completed activities such as the payment of money, disclosure of sometimes-sensitive personal information or registration for “free trial” marketing offers.
Continue Reading FTC Pursues Advertising Network that Failed to Deliver In-Game Rewards in Exchange for Payment or Personal Information

On January 11, 2021, the FTC announced that Everalbum, Inc. (“Everalbum”), developer of the “Ever” photo storage app, agreed to a settlement over allegations that the company deceived consumers about its use of facial recognition technology and its retention of the uploaded photos and videos of users who deactivated their accounts.
Continue Reading FTC Announces Proposed Settlement with App Developer over Alleged Deceptive Practices

The Federal Trade Commission issued a call for presentations on consumer privacy and data security research for its sixth annual PrivacyCon, which is to be held on July 27, 2021. The call for presentations asks for empirical research and demonstrations, including economic analyses, with implications for privacy and data security policy and law.
Continue Reading FTC Issues Call for Presentations for PrivacyCon 2021

Lexology’s Getting the Deal Through releases its 2021 guide on Data Protection and Privacy. Hunton’s privacy and cybersecurity team members serve as contributing editors of the guide and have authored multiple chapters, including on Belgium, the UK and United States. This blog entry provides a link to download the guide.
Continue Reading Hunton Privacy Team Contributes to 2021 Getting the Deal Through Guide on Data Protection and Privacy

On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company, to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders.
Continue Reading FTC Announces Enforcement for Inadequate Third-Party Risk Management Practices Under the GLBA’s Safeguards Rule

On December 18, 2020, federal financial regulatory agencies announced a proposed rule that would require “banking organizations” to notify their primary federal regulator within 36 hours following any “computer-security incident” that rises to the level of a “notification incident.” The Proposed Rule also would require service providers to notify at least two individuals at the banking organizations they service immediately after experiencing a computer security incident that materially disrupts, degrades or impairs the services they provide.
Continue Reading Financial Regulators Announce Proposed 36-Hour Notification Requirement for Notification Incidents

On December 9, 2020, the Senate Committee on Commerce, Science and Transportation held a hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows. This post reviews the key topics, witnesses and views expressed during the hearing.
Continue Reading Senate Commerce Committee Holds Hearing on the Invalidation of the EU-U.S. Privacy Shield and the Future of Transatlantic Data Flows

On December 14, 2020, the Federal Trade Commission announced that it had issued orders to nine social media and video streaming companies, requesting information on how the companies collect, use and present personal information, their advertising and user engagement practices and how their practices affect children and teens.
Continue Reading FTC Issues Orders to Nine Social Media and Video Streaming Service Companies Regarding Privacy Practices

On November 27, 2020, New Mexico Attorney General Hector Balderas filed a notice of appeal to the U.S. Court of Appeals for the Tenth Circuit in the lawsuit it brought against Google on February 20, 2020, regarding alleged violations of the federal Children’s Online Privacy Protection Act in connection with G-Suite for Education.
Continue Reading New Mexico AG Files Notice of Appeal in Suit Against Google Regarding Alleged Violations of COPPA