Tag Archives: data privacy

Kids’ Smart Watchmaker Updates Privacy Practices at Safe Harbor’s Direction

By Gerard Stegmaier, John P. Feldman and Stuart Cobb on 4 April 2022 Posted in Cookies, Tracking & Online Behavioral Advertising, Privacy & Data Protection

On March 8th, the Children’s Advertising Review Unit (“CARU”), a FTC-approved safe harbor organization that monitors compliance with the Children’s Online Privacy Protection Act (“COPPA”), announced it had found TickTalkTickTalk––a children’s smart watchmaker and one of CARU’s member organizations—in violation of COPPA and CARU’s privacy guidelines.… Continue Reading

Iowa Attorney General Tom Miller on the latest on consumer protection, emerging technologies and data privacy

By Divonne Smoyer and Roger Gibboni on 23 March 2022 Posted in Privacy & Data Protection

In the latest edition of the IAPP Privacy Advisor, Divonne Smoyer and Roger Gibboni talk with Iowa Attorney General (AG) Tom Miller on the latest issues surrounding emerging technology, data privacy and consumer protection. As the longest serving state AG in U.S. history and the President of the National Association of Attorneys General, AG Miller … Continue Reading

CO AG’s symposium centers on Colorado Privacy Act and data privacy policies

By Divonne Smoyer and Roger Gibboni on 2 February 2022 Posted in Privacy & Data Protection

The Attorney General Alliance and the Colorado Department of Law’s recent symposium “Colorado Privacy Act: Rights, Obligations, and Next Steps” demonstrates a continued commitment by various state attorneys general to influence and enforce data privacy policies. The panel discussions focused on the Colorado Privacy Act (CPA), one of only three comprehensive data privacy laws in … Continue Reading

Additional cybersecurity measure proposed for CIP Reliability Standards

By Colette Honorable, Debra Ann Palmer, Bart Huffman, Wendell Bartnick and Christian Blair on 1 February 2022 Posted in Privacy & Data Protection, Regulatory

In response to recent cybersecurity incidents, the Federal Energy Regulatory Commission (FERC) has announced a Notice of Proposed Rulemaking (NOPR) that would task the North American Electric Reliability Corporation (NERC) to impose additional cybersecurity requirements on high-, medium-, and, potentially, low-impact bulk electric systems in its Critical Infrastructure Protection (CIP) Reliability Standards.… Continue Reading

Connecticut AG William Tong shared compliance insight on data privacy-related matters

By Divonne Smoyer and Karen Lee Lust on 29 April 2021 Posted in Privacy & Data Protection, Regulatory

In a recent Q&A conducted by Divonne Smoyer and Karen Lee Lust with Connecticut Attorney General (AG) William Tong published in the IAPP Privacy Advisor, the AG discusses how he has continued Connecticut’s role as a privacy leader among the states, partnering with the U.S. Federal Trade Commission on data privacy-related matters and other compliance … Continue Reading

Tenn. Attorney General Slatery on state and federal consumer privacy in 2021 and beyond

By Divonne Smoyer and Karen Lee Lust on 24 February 2021 Posted in Privacy & Data Protection, Regulatory

In a recent Q&A with Tennessee Attorney General (AG) Herbert Slatery, the eight-year term AG discusses how he makes consumer protection, including privacy and cybersecurity issues, a top priority for Tennessee citizens and businesses. AG Slatery shares his thoughts on privacy on a multi-state state level, the prospect of standards of enforcement for technology companies, … Continue Reading

Nevada Attorney General Aaron Ford talks to Reed Smith about Nevada’s new data privacy law, consumer protection, and data breaches

By Divonne Smoyer and Alexis Cocco on 29 October 2020 Posted in Privacy & Data Protection, Regulatory

In a recent Q&A with Nevada Attorney General (AG) Aaron Ford, the first term AG discusses Nevada’s new data privacy law (Senate Bill 220), which provides consumers with a right to opt out of the sale of their data. AG Ford also outlines his perspective on federal privacy law and his office’s data breach enforcement … Continue Reading

U.S. data privacy considerations in the time of COVID-19

By Kimberly Gold, Samuel F. Cullari and Alexis Cocco on 23 March 2020 Posted in Privacy & Data Protection

As businesses and individuals across the globe struggle to adapt to a new normal of remote work and social distancing due to the COVID-19 (a/k/a novel coronavirus) pandemic, they should also be aware of a number of U.S. data privacy and data security implications arising from these changes. In addition, businesses must be cognizant of … Continue Reading

COVID-19 outbreak: Data privacy issue requirements on employee personal data differ in China, Hong Kong, and Singapore

By Dora Wang, Amy Yin, Peter Witherington, Cindy Shen, Asha Sharma, Steve Tam, Evelyn Dai, Charmian Aw and Carolyn Chia, Resource Law LLC on 12 March 2020 Posted in Privacy & Data Protection

On January 30, 2020, The World Health Organization (WHO) declared that the outbreak of novel coronavirus (COVID-19) is a “public health emergency of international concern.” This was, in part, an acknowledgement of the geographic spread of the virus and the need for intensified support for preparation and response, especially in vulnerable countries and regions. Further … Continue Reading

Novel coronavirus outbreak throws up data privacy questions for businesses in China, Hong Kong and Singapore

By Dora Wang, Amy Yin, Peter Witherington, Cindy Shen, Catherine Jing, Asha Sharma, Steve Tam, Evelyn Dai, Charmian Aw and Carolyn Chia, Resource Law LLC on 4 February 2020 Posted in Privacy & Data Protection, Regulatory

The World Health Organization (WHO) declared on January 30, 2020, that the outbreak of 2019 nCoV (novel coronavirus) is a “Public Health Emergency of International Concern.” Further information is available in the WHO statement. On January 31, 2020, the Centers for Disease Control and Prevention (CDC) in the United States also declared a public health … Continue Reading

OCR releases new FAQs on use of health apps

By Nancy Halstead, Kimberly Gold, Wendell Bartnick and Rebecca E. Dittrich on 21 May 2019 Posted in Privacy & Data Protection, Regulatory

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) released a new set of Health Insurance Portability and Accountability Act (HIPAA) FAQs building upon prior guidance from OCR. The new FAQs discuss the applicability of HIPAA to covered entities and business associates that interact with health apps and explain when HIPAA regulated … Continue Reading

First sanction decision rendered by the CNIL under the GDPR: GDPR awareness 2.0 has begun

By Daniel Kadar and Laetitia Gaillard on 24 January 2019 Posted in Big Data, Cookies, Tracking & Online Behavioral Advertising, Global Data Transfers, Privacy & Data Protection, Regulatory

In an interview dated February 2018,[1] Isabelle Falque-Pierrotin, at the Head of the French data protection authority (CNIL), stated that the CNIL would adopt a flexible and pragmatic approach from May 2018 onwards when controlling compliance with data protection requirements. The first decision of sanction rendered by the CNIL on Monday January 21, 2019, which … Continue Reading

Joint Committee on Human Rights launches inquiry into Article 8 and the digital revolution

By Cynthia O’Donoghue and Eleanor Brooks on 11 December 2018 Posted in Privacy & Data Protection

The Joint Committee on Human Rights has launched an inquiry into the right to privacy under Article 8 of the European Convention on Human Rights (ECHR) and the “Digital Revolution”. The inquiry will examine whether further safeguards to regulate the collection, use, tracking, retention and disclosure of personal data by private companies are required to … Continue Reading

An interview with North Carolina AG Josh Stein

By Divonne Smoyer and Kimberly Chow on 27 September 2018 Posted in Privacy & Data Protection, Regulatory

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with North Carolina Attorney General (AG) Josh Stein. Throughout his tenure as AG, Stein has shown a clear commitment to data privacy and security through his advocacy for strong … Continue Reading

An interview with Indiana AG Curtis Hill

By Divonne Smoyer and Kimberly Chow on 28 March 2018 Posted in Privacy & Data Protection, Regulatory

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with Indiana Attorney General Curtis Hill. AG Hill has prioritized rolling back federal overreach and safeguarding consumers from fraud and scams, along with continuing to take a hard line … Continue Reading

FTC report looks to improve mobile device security for businesses

By Gerard Stegmaier, Mark H. Francis and David Krone on 20 March 2018 Posted in Privacy & Data Protection

On February 28, 2018, the Federal Trade Commission (FTC) released a report about security update practices for businesses providing mobile phones and other connected devices. The report recommends that manufacturers and carriers provide security updates that are consistent with consumer expectations, provide better information regarding their security practices and educate consumers on their role in … Continue Reading

ECPA Reform Legislation on the Horizon (Again)

By Ariana Goodell on 4 August 2017 Posted in Privacy & Data Protection, Regulatory

Three bipartisan Senate bills are up for consideration in Congress that would attempt to modernize the legal standards under which the U.S. government can access communications electronically stored by email service providers and cloud computing companies. The proposed bills, introduced July 27, 2017, each provide a different scheme in updating the Electronic Communications Privacy Act … Continue Reading

South Korea joins APEC’s Cross Border Privacy Rules system

By Cynthia O’Donoghue and Chantelle Taylor on 15 June 2017 Posted in Privacy & Data Protection

This week, it was officially announced that South Korea has become the fifth country to join the Asia-Pacific Economic Cooperation’s (APEC) Cross Border Privacy Rules (CBPR) system. This system was developed by APEC in 2011 to “build consumer, business and regulator trust in cross border flows of personal information” and thus facilitate e-commerce among APEC … Continue Reading

J. Crew Credit Card Digit Class Action Dismissed Again Because of Overly Speculative Identity Theft, Fraud Risks

By Brian J. Willett on 12 June 2017 Posted in In the Courts

As courts continue to grapple with close calls on standing following the U.S. Supreme Court’s seminal decision in Spokeo v. Robins, another court has given defendants a win for intangible injuries and risk of future harm. On June 6, the District of New Jersey dismissed – for the second time – a putative class action … Continue Reading

Bare Statutory Violation of FCRA Fails to Satisfy Standing Requirements Post-Spokeo, Says District of New Jersey in Suit Over Michaels Employment Disclosures

By Brian J. Willett on 23 February 2017 Posted in In the Courts

Michaels escaped a potential class action alleging Fair Credit Reporting Act (“FCRA”) violations late last month when a federal judge found the United States Supreme Court’s recent decision in Spokeo, Inc. v. Robbins, 136 S. Ct. 1540 (2016) foreclosed the plaintiffs’ claim for a bare statutory violation not resulting in concrete damages. The recent ruling … Continue Reading

Superior Court of Pennsylvania Affirms Rejection of Proposed Data Breach Class of UPMC Workers, Finding Hospital Owed No Duty to Protect Information

By Brian J. Willett on 20 January 2017 Posted in In the Courts

Affirming a lower court decision this blog discussed here, the Superior Court of Pennsylvania held January 12 that dismissal of a proposed data breach class action was proper, because the University of Pittsburgh Medical Center lacked a legal duty to protect employee information stolen by a third party. The 2-1 majority’s finding that UPMC had … Continue Reading

The new Cybersecurity Law of China: What does it mean for the International Market?

By Cynthia O’Donoghue and Zack Dong on 17 January 2017 Posted in Privacy & Data Protection

On 7 November, the government of the People’s Republic of China passed the much-anticipated Cyber Security Law of China, which will come into force 1 June 2017. After first and second drafts were put out for public consultation in June 2015 and May 2016, respectively, it was a third draft issued in October 2016 that … Continue Reading

U.S. Chamber Releases Results of Data Privacy Consumer Poll Showing Non-Partisan Consensus on Legal Reform

By Divonne Smoyer and Kimberly Chow on 2 November 2016 Posted in Privacy & Data Protection, Regulatory

In an election season in which it seems Americans cannot agree on much, a new poll shows that data privacy and security reform is a unifying issue. The U.S. Chamber of Commerce Institute for Legal Reform (ILR) has released the findings of a poll shedding light on American voters’ perception of the legal landscape for data … Continue Reading

Third Circuit Dismissal Affirmance Based on Economic Loss Doctrine Shows Spokeo Shouldn’t Be Your Only Data Breach Class Action Exit Strategy

By Brian J. Willett on 29 August 2016 Posted in In the Courts

While the United States Supreme Court’s ruling in Spokeo v. Robins, 136 S. Ct. 1540 (2016), has garnered much attention after being cited by numerous courts as a means to dismiss data privacy class actions, defendants should never count out any potential avenues for exiting such a suit; in Pennsylvania (and in many other states … Continue Reading