Tag Archives: Privacy & Management

Is Your Employee-Monitoring Policy Up to the Job? UK Case Shows Importance of Having the Right Policy

The UK Employment Appeal Tribunal (the “EAT”), in the case of Atkinson v Community Gateway Association UKEAT/0457/12/BA, dismissed the employee’s claim that his right to privacy had been infringed, and confirmed, more generally, that an employer will be entitled to monitor its employees’ workplace emails and Internet use where a clear policy is in place. … Continue Reading

Amendments to Poland’s Data Protection Law Ease the Rules on Data Exports and Data Protection Officers

The Polish Parliament passed the Facilitation of Business Activity Act (source in Polish) which significantly amends the existing Act on Personal Data Protection. The amendments come into force 1 January 2015. The changes mean that the EU Commission’s approved Standard Contractual Clauses for data transfers (“SCCs”) and approved Binding Corporate Rules (“BCRs”) are automatically recognised … Continue Reading

EU Art. 29 Proposes Class Actions to Enforce Privacy Rights

This month, the Article 29 Data Protection Working Party (Working Party) and the French Data Protection Authority (CNIL) held the European Data Governance Forum, an international conference focusing on the issues of privacy, innovation and surveillance in Europe. The conference highlighted many of the issues raised in the Joint Statement released by the Working Party … Continue Reading

Privacy Authorities Urge Mobile Apps to Implement Privacy Policies

In December, 23 privacy authorities – many of which are members of the Global Privacy Enforcement Network (GPEN) – signed an open letter to the operators of seven app marketplaces, urging them to improve consumers’ access to privacy information on mobile apps. The letter states that: Mobile apps that collect data in and through mobile … Continue Reading

Oregon Breach Notification Law Changes on the Horizon

On December 10, Oregon Attorney General Ellen Rosenblum testified in front of the joint Oregon Senate and House Judiciary Committee on the evolving nature of not only data collection and use, but also on cybersecurity incidents and hacking, and the need to amend the Oregon data breach notification law to provide enforcement authority to the … Continue Reading

One Year Later: Consumers Can Proceed Against Target in Data Breach Lawsuit

On the one-year anniversary of Target’s announcement that it had suffered a massive data breach, Judge Magnuson in the District of Minnesota cleared the way for a consumer class action against the retailer to move forward into discovery. Earlier this month, the court ruled that the financial institution class actions can also proceed. In the … Continue Reading

EU Council Agrees on Partial General Approach to General Data Protection Regulation

At the latest meeting in Brussels, Justice ministers agreed on a partial general approach. Andrea Orlando, Italy’s Minister for Justice and President of the Council, expressed the importance of this consensus on one of the “most politically sensitive issues on data protection reform”. The press release states that the partial general approach includes articles which … Continue Reading

UK Public Authority Forced To Identify Private Sector Consultant Under Freedom of Information Act

The First Tier Tribunal General Regulatory Chamber (Information Rights) (the “FTT”), in the case of Alan Matthews v Information Commissioner [2014] EA/2012/0147, ruled that – despite being “personal data” – the name and qualifications of a private consultant should be released in response to a request under the Freedom of Information Act 2000 (“FOIA”). This … Continue Reading

Draft Data Protection Regulation delayed

At the latest meeting in Brussels, Justice ministers failed to come to a consensus on the “one stop shop mechanism” and the role of the proposed European Data Protection Board (EDPB). The minutes state that while a “majority of ministers endorsed the general architecture of the proposal,” “further technical work is required”. Ahead of the … Continue Reading

PCI Seeks to Help Organisations Educate Staff on Information Security with New Guidance

In October, the Payment Card Industry (“PCI”) Security Standards Council published the Best Practices for Implementing a Security Awareness Program Information Supplement (“Supplement”) to help organisations educate their employees on the importance of protecting, the care in handling, and the risks of mishandling sensitive information. The PCI Special Interest Group (“PCI SIG”) developed the Supplement … Continue Reading

EU Art. 29 Releases Guidelines on the Right to be Forgotten

In November, the Article 29 Data Protection Working Party (Working Party) released guidelines as to how the Data Protection Authorities (DPAs) assembled in the Working Party intend to implement the judgment of the Court of Justice of the European Union (CJEU) in the case of Google Spain SL and Google Inc. v Agencia Española de … Continue Reading

FCC’S Notice of Opportunity To Comment on Robocalls and Call-Blocking Issues Raised by 39 Attorneys General

On November 24, the FCC released a wide-ranging public notice seeking comment on a September 9, 2014, letter from the National Association of Attorneys General (NAAG), purportedly written “on behalf of the millions of Americans regularly receiving unwanted and harassing telemarketing calls.” The letter, signed by a bipartisan group of 39 AGs led by Chris … Continue Reading

FCC Confirms that Even Solicited Fax Ads Must Contain Opt-Out Language, and Sets Six-Month Deadline for Companies to Seek a Retroactive Waiver

On October 30, 2014, the FCC issued a much-anticipated ruling (“FCC Order”) resolving several petitions seeking clarification of the opt-out notice requirement regarding advertisements faxed to consumers, contained in the Telephone Consumer Protection Act, section 227 of the Communications Act (“TCPA”). The FCC ruled that all such faxes, even those sent with the recipient’s prior … Continue Reading

Data Security Threats Are on the Rise in the Golden State, According to California Attorney General Kamala Harris

This post was also written by Maytak Chin. A California attorney general’s report released this month shows that data security threats are on the rise in the Golden State. Against a backdrop of increasing security breaches, the report recommends best practices for companies to adopt as a way to reduce their vulnerabilities and to better protect … Continue Reading

Reed Smith attorneys conduct Q&A with Idaho AG

This post was also written by Frederick Lah. Attorney General (AG) Lawrence Wasden is Idaho’s longest-serving AG, having served since his election in 2002. Wasden has been a strong advocate of consumer protection issues related to privacy, such as marketing scams and Internet safety, particularly with respect to teens and children. He also has served as … Continue Reading

TCPA: The Muddled Madness Continues!

Tuesday evening, the Federal Communication Bar Association held a seminar in Washington designed to help practitioners make some sense of the ever-expanding number of class actions that have been brought under the Telephone Consumer Protection Act (“TCPA”) by often over-zealous plaintiffs’ attorneys; the inconsistent decisions that have been rendered by the courts; and the scores … Continue Reading

Court Finds, Again, That Device ID Is Not Personally Identifiable Information (PII) Under The Video Privacy Protection Act (VPPA)

On October 8, 2014, a district court judge in Georgia dismissed with prejudice a Video Privacy Protection Act (VPPA) action against The Cartoon Network (CN), holding that the disclosure of the plaintiff’s Android ID was not actionable because the Android ID did not qualify as “personally identifiable information” (PII). The full order is attached. In … Continue Reading

Did California Just Impose a First-in-the-Nation Requirement for Breaching Companies To Offer Identity Theft Prevention and Mitigation Services?

This post was also written by Leslie Chen. Spurred by the security breaches at Target, Neiman Marcus, and The Home Depot, California Gov. Jerry Brown signed into law Assembly Bill No. 1710 September 30, 2014. The bill expands requirements on persons or businesses that own, license, and maintain personal information about a California resident. Specifically, … Continue Reading

It’s a Bird…it’s a Plane…it’s a Drone; FAA Approves Limited Use of Drones as Camera Platforms for Film and TV Production

This post was written by Hilary St. Jean. Unmanned aerial cameras have been legal in other parts of the world but prohibited for commercial use in the United States until last week, with the limited exception of two commercial-drone operations, which the FAA had previously approved for Alaskan oil operations. On September 25, 2014, the FAA … Continue Reading

PCI Addresses Payment Security Risks with New Guidance

In August, the Payment Card Industry (“PCI”) Security Standards Council published the Third Party Security Assurance Information Supplement (“Supplement”) to help organisations reduce their risk by better understanding their respective roles in securing card data. The Supplement was developed by the PCI Special Interest Group (“PCI SIG”) consisting of merchants, banks and third-party service providers, … Continue Reading

UK High Court considers implications of the Google Spain case for the first time

In July 2014, the High Court (the ‘Court’) considered for the first time the implications of the landmark decision in Google Spain, when delivering an interim judgment in the case of Hegglin v Persons Unknown [2014] EWHC 2808 (the ‘Judgment’). Mr Hegglin (the ‘Claimant’), a businessman who lived in London but now resides in Hong … Continue Reading

Direct Marketing Association releases New Privacy Code of Practice

On 18 August, the Direct Marketing Association (‘DMA’) issued its new Privacy Code of Practice (‘Code’) to address customer concerns about data privacy. The Code is a result of an 18-month consultation with the Information Commissioner’s Office, the Department for Culture, Media & Sport and Ofcom. The Code focuses on five key principles: Put your … Continue Reading
LexBlog