On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading
On August 29, 2016, the Federal Trade Commission announced that it is seeking public comment regarding the Gramm Leach Bliley Act Safeguards Rule.… Continue Reading
On August 25, 2016, WhatsApp announced in a blog post that the popular mobile messaging platform has updated its Terms of Service and Privacy Policy to permit certain information sharing with Facebook. … Continue Reading
The State Administration for Industry and Commerce of the People's Republic of China published a draft of its Implementing Regulations for the P.R.C. Law on the Protection of the Rights and Interests of Consumers for public comment. The draft is open for comment until September 5, 2016.… Continue Reading
On July 29, 2016, the Federal Trade Commission announced that it had issued an opinion and final order reversing the administrative law judge’s decision by finding that LabMD failed to maintain reasonable security practices to protect consumers’ sensitive personal information in violation of Section 5 of the FTC Act.… Continue Reading
On June 29, 2016, the Federal Trade Commission announced that, to account for inflation, it is increasing the civil penalty maximums for certain violations of the FTC Act effective August 1, 2016. … Continue Reading
On June 22, 2016, the Federal Trade Commission announced that it reached a settlement with a mobile advertising company, InMobi, to resolve charges that the company deceptively tracked hundreds of millions of consumers’ locations without their knowledge or consent. Among other requirements, the settlement orders the company to pay 950,000 dollars in civil penalties. … Continue Reading
The NTIA's multistakeholder process to develop a code of conduct regarding the commercial use of facial recognition technology has concluded with the group reaching a consensus on a best practices document.… Continue Reading
TCCWNA. The very acronym evokes head scratches and sighs of angst and frustration among many in the retail industry. The New Jersey Truth-in-Consumer Contract Warranty and Notice Act was passed in 1981 to protect consumers from allegedly deceptive practices in consumer contracts, warranties, notices and signs. Continue reading for an in-depth view of the TCCWNA and what retailers can do to minimize risk. … Continue Reading
On June 8, 2016, the Federal Trade Commission announced that Practice Fusion, an electronic health records company, agreed to settle FTC charges that the company misled consumers about the privacy of doctor reviews submitted to the company. … Continue Reading
On June 1, 2016, a new do-not-call list was implemented in France. French residents who do not wish to receive marketing phone calls may register their landline or mobile phone number online at www.bloctel.gouv.fr.… Continue Reading
The Federal Trade Commission announced that it will host a workshop on September 15, 2016, "Putting Disclosures to the Test," on the efficacy and costs of consumer disclosures advertising and privacy policies. … Continue Reading
As we previously reported, the Supreme Court’s decision in Spokeo v. Robins, has been nearly universally lauded by defense counsel as a new bulwark against class actions alleging technical violations of federal statutes. But Spokeo also poses a significant threat to defendants by defeating their ability to remove exactly the types of cases that defendants most want in federal court.… Continue Reading
On May 9, 2016, the Federal Trade Commission announced it had issued Orders to File a Special Report to eight mobile device manufacturers requiring them to, for purposes of the FTC's ongoing study of the mobile ecosystem, provide the FTC with "information about how [the companies] issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices."… Continue Reading
On May 4, 2016, the Federal Trade Commission issued a press release announcing its recent settlement with hand-held vaporizers manufacturer Very Incognito Technologies, stemming from charges that the company falsely claimed it had certified under the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules framework.… Continue Reading
On April 13, 2016, Nebraska Governor Pete Ricketts signed into law LB 835, which among other things, adds a regulator notification requirement and broadens the definition of “personal information” in the state’s data breach notification statute. The amendments take effect on July 20, 2016. … Continue Reading
In its third simulated test of the security of the power grid, the North American Reliability Corporation (“NERC”) reported general progress across the electric utility industry in defending against physical and cyber threats, while also identifying several areas for further improvement. The NERC exercise, dubbed GridEx III, took place over two days in November 2015 … Continue Reading
On April 6, 2016, the Federal Trade Commission endorsed the Organization for Economic Cooperation and Development’s updated guidelines on consumer protection in e-commerce. This blog entry provides highlights on the OECD’s new recommendations. … Continue Reading
On March 24, 2016, Tennessee Governor Bill Haslam signed into law S.B. 2005, which makes a number of changes to the state’s data breach notification statute, Tenn. Code § 47-18-2107. The law takes effect on July 1, 2016.… Continue Reading
On March 18, 2016, a report was released by a joint team from the North American Electric Reliability Corporation’s Electricity Information Sharing Analysis Center and SANS Industrial Control Systems. According to the report, the cyber attack against a Ukrainian electric utility in December 2015 was based on months of undetected reconnaissance that gave the attackers a sophisticated understanding of the utility’s supervisory control and data acquisition networks. … Continue Reading
On February 27, 2016, the Consumer Financial Protection Bureau reached a settlement with Dwolla, Inc., an online payment system company, to resolve claims that the company made false representations regarding its data security practices in violation of the Consumer Financial Protection Act. Among other things, the consent order imposes a 100,000 dollar fine on Dwolla. This marks the first data security-related fine imposed by the CFPB. … Continue Reading
On February 23, 2016, the Federal Trade Commission announced that it reached a settlement with Taiwanese-based hardware manufacturer ASUSTeK Computer, Inc. to resolve claims that the company engaged in unfair and deceptive security practices in connection with developing network routers and cloud storage products sold to consumers in the U.S.… Continue Reading
On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 which, among other things, provides (1) an overview of businesses’ responsibilities regarding protecting personal information and reporting data breaches and (2) a series of recommendations for businesses and state policy makers to follow to help safeguard personal information. … Continue Reading
A federal judge of the U.S. District Court for the Northern District of Illinois denied Neiman Marcus’ motion to dismiss a class action complaint regarding a 2013 data breach. … Continue Reading
