Technology Law Source

Tag Archives: Data Security

Trends in behavioral advertising: What you need to know about cross-device tracking

The Federal Trade Commission (FTC) recently issued a staff report (available here) on the trend to link consumers’ online behavior across multiple devices. Among other recommendations, the FTC suggests that companies not track sensitive information which may include health, financial, children’s and precise geolocation information without the consumers’ affirmative express consent. The FTC also recommends that all companies engaged in cross-device tracking should truthfully disclose their tracking activities. The FTC reviewed the privacy policies of 100 top websites and only found 3 policies that expressly mentioned enabling third-party cross-device tracking on their websites.…

Big data and what can be done with it

Our colleagues at AntirustLawSource.com recently shared parts one and two in a three part podcasting series; “Big data and what can be done with it.” Podcast host and editor, Jay Levine, talks with Phil Rist, executive vice president of Prosper Business Development, about challenges and opportunities for big data in 2016. From the internet of things providing more data available for tracking (Part 1), to using big data for key financial decisions (Part 2), we think you’ll find the discussion quite interesting.

Stay tuned for part 3.

 …

EU Conference: Privacy and Protection of Personal Data

The EU Conference on Privacy and the Protection of Personal Data held March 19 in Washington, D.C., was a great illustration of the importance of the topic within the European Union. The conference was extremely well attended by high-level EU regulators and provided valuable insights into the respective priorities. Tangible results, however, were scarce and consisted largely of a joint statement on privacy by EU Commission Vice-President Viviane Reding and US Commerce Secretary John Bryson. The Joint Statement recognized the need for multinational cooperation to create mutual recognition frameworks that protect privacy in order to facilitate the free flow of information across borders. Both sides reaffirmed their commitment to the US-EU Safe Harbor Framework as a means to transfer data from the EU to the US.…

Grandfather Provision of Massachusetts Data Security Requirements Expiring

This note is a reminder of the expiration of the grandfather provision under the Massachusetts Data Security Regulations, summarized here, which expires on March 1, 2012.   Any applicable third party service provider contract entered into prior to March 1, 2010 must incorporate the appropriate security measures for personal information as specified in the regulations.  Companies should take steps immediately to ensure that their contracts with third party service providers who maintain, receive, or access personal information of Massachusetts residents conform with the regulation’s requirements.…

Basic Principles of European Union Consent and Data Protection

Any US company that receives data about individuals living in the European Union must be familiar with the basic principles of consent and data protection within the EU to avoid costly mistakes that are easily made in obtaining consent, should the validity of such consent be challenged by the EU data protection agencies. While certain exemptions may apply that allow receipt of data into the US without consent, companies need to analyze their receipt of such data in light of the new consent opinion discussed below.…

Starbucks Makes News with Logo and Mobile Payment Option

When Starbucks recently announced a change to their iconic logo, I took interest not only as an attorney specializing in trademark and advertising law, but also as a fairly regular consumer of Starbucks coffee (and, I confess, a Starbucks "Gold Level" card holder).

This article discusses issues pertinent to both and addresses some interesting theories behind the reasons and implications of logo revisions generally, as well as some thoughtful observations on the Starbucks logo change and the advantages of a wordless logo for a global marketplace.

Also, Starbucks has launched a mobile application allowing users to track the funds in their Starbucks stored value cards and to use their phones for payment—with the phone essentially taking the place of the card.  It’s a cool and useful application, and seems to be perfectly suited for its targeted audience.  I have the application downloaded and use it to track or reload my own card balance, which I am starting to find surprisingly useful.  I’ve had a mixed experience with baristas who either handle my phone or refuse to handle my phone citing company policy.  While the latter makes for a somewhat awkward counter transaction, I find it preferable.  There is something very personal about handing over my phone (as compared to a credit card or Starbucks card), and given the amount of information we carry around on our phones, it seems like a security concern—especially  if that phone is going in through a drive-through window.  In any case, this functionality perhaps brings …

Massachusetts Data Security Requirements Go Into Effect

A new Massachusetts data security regulation — the “Standards for the Protection of Personal Information of Residents of the Commonwealth” (.PDF) — has gone into effect as of March 1, 2010.  The new regulation is intended to apply to any business that collects or retains personal information of Massachusetts residents.

Personal information, as defined under the regulation, includes a first name or first initial and last name in combination with any one of a (i) Social Security number; (ii) driver’s license number or state identification card number; or (iii) financial account or credit card number with access codes.…

LexBlog