Though the National Association of Attorneys General (NAAG) Presidential Initiative “Privacy in a Digital Age” expired in June 2013 when a new NAAG president took over, the state attorneys general have maintained their sharp focus on all things privacy, with no signs that that focus will shift anytime soon. Most recent case in
Management
More News on COPPA…
This post was also written by Frederick Lah.
One day after the FTC issued its second report on privacy concerns with mobile apps for kids, “Mobile Apps for Kids: Disclosures Still Not Making the Grade“, a consumer privacy group filed a complaint with the FTC against a mobile game-maker for alleged violations of…
Changes in State Data Privacy Laws to Become Effective Soon
This post was also written by Frederick Lah.
We previously reported on Texas House Bill 300 that was signed into law last year. The new law presents stricter requirements for health privacy and data breach notification obligations. That law is set to become effective September 1, 2012. Two types of entities will…
Privacy Ratings: Do They Mean Anything?
This post was also written by Chris Cwalina, Nick Tyler and Frederick Lah.
Consumers increasingly demand transparency into how companies use their personal information. We’ve seen a number of responses to this. One has been legislative; for example, the accounting requirement under the Dodd-Frank Act and California’s Shine the Light Act. For our…
Case for National Breach Notification Standard – Federal Action to Follow?
On June 9, 2011, Citigroup confirmed that its online banking platform Citi Account Online had suffered a data breach involving the names, credit card numbers, addresses, and email details of approximately 200,000 customers. While Citi has already notified the Office of the Comptroller of the Currency in accordance with FDIC Guidance, financial institutions responding to a breach must also comply with the breach notification laws of the individual states.
Citi is just the latest victim in a recent string of hacking attacks, with major companies like Sony, Epsilon, Michael’s Stores, Apple, and Google having suffered recent (and in some cases widely-publicized) breaches of their own. When a company suffers a data breach, they will often be faced with the complex task of complying with a multitude of different state laws providing divergent standards of breach notification. States often differ in how they define what type of personal information triggers notification, how long a company has to send notifications, and whether notifications must be sent to third parties (e.g., government agencies or consumer reporting agencies). Navigating the sea of 47 different state laws can be quite challenging for companies confronted with the task.Continue Reading Case for National Breach Notification Standard – Federal Action to Follow?