On June 19, Porter Wright launches its four-part seminar series covering technology topics at the forefront of today’s businesses. Technology Law Source will continue to cover these topics in future blog posts, including navigating through U.S. and international laws, regulations and standards. The seminar series comprises: Social Media in the Law: Learn It and Use
Category Archives: Privacy
Subscribe to Privacy RSS FeedTop Three Trends From the 2013 IAPP Global Privacy Summit
Posted in PrivacyI find a certain irony in the current ubiquity of privacy-related topics when the concept was once defined (and not by current European thinking, but more than 120 years ago), as the "right to be let alone," in “The Right to Privacy,” by Warren and Brandeis, 4 Harvard L.R. 193 (Dec. 15, 1890). Nonetheless, I
One Year Later: An Update on the Proposed EU Privacy Regulation
Posted in PrivacyOn Jan. 25, 2012, the European Commission first published a proposed draft General Data Protection Regulation (the “Proposed Regulation”). Almost one year later, the Civil Liberties, Justice and Home Affairs (LIBE) Committee (the European Parliament’s lead committee considering the Proposed Regulation) issued suggested amendments to the original proposal (the "Draft Report") and reignited discussion and
Canada’s Tough Anti-spam Legislation (CASL) Moves Closer to Being Effective
Posted in PrivacyIf you are sending emails or other electronic communications to Canadian residents, you need to be aware that Canada is moving closer to finalizing the last set of highly anticipated regulations implementing Canada’s Anti-spam Legislation (CASL) . On Jan. 5, 2013, Industry Canada published regulations for a 30-day comment period, closing Feb. 4, 2013. CASL
State Tort and CFAA Claims Survive Motion to Dismiss In Ohio Employee Cyberhacking Case
Posted in PrivacyWhile we often think of cyber attacks as intrusions from external sources, companies are also vulnerable to insider attacks from their own employees. Current laws may not provide the best protection as demonstrated in a recent federal court decision out of the Southern District of Ohio, Freedom Banc Mortgage Services, Inc. v. O’Harra. We are sharing the post Brian Hall, Editor of the Firm’s Employer Law Report Blog and Partner in the Firm’s Labor Department, authored summarizing the case.
Information Privacy Regulation – What You Need to Know About Current Developments
Posted in PrivacyU.S. and EU approaches to privacy regulation have been very different, but recent developments in the U.S. may be narrowing the gap. Recently, we hosted a seminar regarding current developments in information privacy regulation. The subjects covered and a link to the materials are provided below. Our panelists included: Dennis Hirsch, Esq., Professor at Capital University
EU Conference: Privacy and Protection of Personal Data
Posted in PrivacyThe EU Conference on Privacy and the Protection of Personal Data held March 19 in Washington, D.C., was a great illustration of the importance of the topic within the European Union. The conference was extremely well attended by high-level EU regulators and provided valuable insights into the respective priorities. Tangible results, however, were scarce and
Grandfather Provision of Massachusetts Data Security Requirements Expiring
Posted in PrivacyThis note is a reminder of the expiration of the grandfather provision under the Massachusetts Data Security Regulations, summarized here, which expires on March 1, 2012. Any applicable third party service provider contract entered into prior to March 1, 2010 must incorporate the appropriate security measures for personal information as specified in the regulations. Companies
The Sedona Conference® Publishes International Principles on Discovery, Disclosure & Data Protection
Posted in Electronic Discovery, PrivacyThe Sedona Conference® recently published the International Principles on Discovery, Disclosure & Data Protection (“International Principles”) through its Working Group 6 on International Electronic Information Management, Discovery and Disclosure. The Sedona Conference® launched Working Group 6 in 2005 to bring the most experienced attorneys, judges, privacy and compliance officers, technology-thought leaders, and academics from around the
Data Protection in Social Networks
Posted in Privacy, Social MediaIn a statement published on December 8, 2011, the Association of German Data Protection Agencies known as the “Duesseldorfer Kreis,” (“DK”) issued an opinion summarizing the minimum compliance criteria for operators of social networks in Germany: Transparent privacy policy and informed consent are essential for protecting the right to data privacy Opt-out solutions are insufficient,
Will Facebook soon be privacy-friendly?
Posted in PrivacyFTC Audit Agreement According to various news reports, Facebook and the FTC are about to enter into an agreement which will subject Facebook to privacy audits for the next 20 years. The agreement will apparently require Facebook to obtain prior express consent before making public any information to which the user had granted limited access
What’s next in EU data protection?
Posted in PrivacyThe Article 29 Working Party outlined its agenda for 2012 at a recent plenary meeting in Brussels. Not surprisingly, the top priority is a new legal framework for data protection. But other topics, some of interest for US data protection developments, were discussed as well. Revision of the EU data protection framework: To ensure that
Still think consent is easy?
Posted in PrivacyIn my last entry I stressed the importance of complying with the various consent requirements hidden in European data protection laws. To prove my point and to illustrate further the high standards imposed by the German Data Protection Law, a regional German DPA (das “Unabhängige Landeszentrum für Datenschutz” in Schleswig Holstein or “ULD”) has taken
Basic Principles of European Union Consent and Data Protection
Posted in PrivacyAny US company that receives data about individuals living in the European Union must be familiar with the basic principles of consent and data protection within the EU to avoid costly mistakes that are easily made in obtaining consent, should the validity of such consent be challenged by the EU data protection agencies. While certain
Identity Fraud down 28% in 2010; Consumer Costs Up!
Posted in PrivacyAccording to Javelin Strategy & Research’s 2011 Identity Fraud Survey Report, there was a 28% drop in the number of victims of identity fraud in 2010. Additionally, the number of reported data breaches dropped significantly (404 reported breaches in 2010, down from 604 in 2009). Finally, the report states that "only" 26 million records
Porter Wright Information Privacy and Data Security Workshop Series
Posted in Data Breach Notification, Identity Theft, Information Technology, PrivacyPlease join us for this informative series focused on the technical, enforcement, and practical aspects of experiencing and responding to a data security incident. For the complete invitation and details on registration please click here. IDENTITY THEFT, CORPORATE DATA SECURITY BREACHES AND LAW ENFORCEMENT: SHOULD I CALL THE COPS? Learn How to Effectively Utilize Law
U.S., European Regulators Do Not Share Google Street View Concerns
Posted in PrivacyAs recently reported by the Washington Post and others, the FTC has ended an inquiry into privacy concerns over Google’s Street View service after Google pledged to stop gathering email, passwords, and other information from residential WiFi networks as its Street View cars creep through neighborhoods with computers on and cameras rolling. For some background
Glass Houses and an Unwanted 15 Minutes of Fame
Posted in Privacy, Social MediaWhile nothing new by now, the practice of recording images or video of others without their knowledge and then disseminating the content on a worldwide basis has come under particular scrutiny over the past week. The tragic story of the Rutgers University student (as reported by ABC News here, where I first learned of it) has become the basis of a worldwide conversation
HHS Withdrawing Breach Notification Final Rule – Temporarily
Posted in Data Breach Notification, HIPAA Compliance, PrivacyThe Department of Health and Human Services (HHS) announced yesterday that it was temporarily withdrawing the breach notification final rule from review of the Office of Management and Budget (OMB) to allow HHS further time to consider these regulations. The breach notification rule, among other things, requires covered entities to notify individuals whose protected health information
Data Breach Incidents on the Rise
Posted in Data Breach Notification, Information Technology, PrivacyThis week, the Identity Theft Resource Center released its 2010 data breach statistics report for data breaches through June 22, 2010. According to this weekly report, 2010 has already seen 325 reported data breaches exposing approximately 8.3 million records. Considering that the 2009 report shows 498 reported data breaches for all of last year, it looks like
FBI Issues Warning Regarding Denial of Service Attacks
Posted in Identity Theft, PrivacyIs your phone ringing off the hook? Then you’d better check your bank account. According to the Federal Bureau of Investigation, a new “telephone denial-of-service” attack is combining high-tech and low-tech fraud techniques to steal money from the bank accounts of unsuspecting victims. As reported in the alert issued by the FBI, the scam begins with the
New Privacy Bill Could Have Big Impact on Online Commerce
Posted in PrivacyOn Tuesday May 4, a new privacy bill, known as the Boucher-Stearns Bill was released by Representative Rick Boucher, Democrat of Virginia, and Representative Cliff Stearns, Republican of Florida. If the bill were to become law, it would represent a dramatic shift in U.S. Privacy governance. To date, privacy regulation in the U.S. has generally fallen along industry lines such as (i) HIPAA’s regulation of a
Security Breach Results in Fine Despite Prior Security Measures
Posted in Data Breach Notification, Identity Theft, PrivacyIn January 2008, the Davidson Companies, a financial services holding company, announced that a database containing current and past customer records had been hacked during a SQL injection attack. On April 14, 2010—more than two years after the network intrusion—the Financial Industry Regulatory Authority (FINRA) fined the company $375,000 for the breach.
Massachusetts Data Security Requirements Go Into Effect
Posted in PrivacyA new Massachusetts data security regulation — the “Standards for the Protection of Personal Information of Residents of the Commonwealth” (.PDF) — has gone into effect as of March 1, 2010. The new regulation is intended to apply to any business that collects or retains personal information of Massachusetts residents. Personal information, as defined under the regulation,