Data Protection Officers: A Comparison of US Law, EU Law, and Soon-to-be-EU Law

Data Protection Officers: A Comparison of US Law, EU Law, and Soon-to-be-EU Law

Although organizations in the United States have dealt with privacy issues for years, only in the past decade have they begun to view the complexities of privacy as requiring formal organizational structure and, in some cases, one, or more, dedicated employees. While in some organizations “data privacy” and “data security” falls within the ambit of the legal department, other organizations have created offices that are focused solely on privacy issues. There is little commonality in how these offices are staffed, funded, or organized. For example, while some organizations have “Chief Privacy Officers” or “Chief Information Technology Officers” that report directly to senior management, other organizations have privacy officers that report through a General Counsel or to a Chief Compliance Officer. …

Data Protection Officers A Comparison of US Law, EU Law, and Soon-to-be-EU Law

 

 

How to Design or Review an Encryption Policy (2016)

Encryption refers to the process of converting data into a form that is unreadable unless the recipient has a pre-designated algorithm, “key,” and password to convert the information into readable text. Most statutes, regulations, and agencies that require that companies utilize encryption to protect data do not mandate that a specific encryption standard be used. Some statutes do require, however, that companies use an encryption key that is at least 128-bits in length . . . 2016Encryption

Understanding EU-US Safe Harbor Framework and Its Validity (2016)

The EU Data Protection Directive 95/46/EC (the “Directive”) creates the legal framework for the national data protection laws in each EU member state. The Directive states that personal data may only be transferred to countries outside the EU when an adequate level of protection is guaranteed. Few exemptions apply, and the laws of the United States are not considered by the European Union as providing an adequate level of data protection. … safeharborpic

How to Conduct a Data Inventory (2016)

Knowing the type of data that you collect, where it is being held, with whom it is being shared, and how it is being transferred is a central component of most data privacy and data security programs. The process of answering these questions is often referred to as a “data map” or a “data inventory.”  Although the questions that a data map tries to solve are relatively straightforward, the process of conducting a data map can be daunting depending upon the size and structure of an organization . . . 2016DataInventory

Best Practices for Handling Vehicle Event Data Recorders (2016)

Event data recorders, also known as “black boxes” or “sensing diagnostic modules,” capture information such as the speed of a vehicle and the use of a safety belt. In the event of a collision this information can be used to help understand how the vehicle’s systems performed.  In December of 2012, the National Highway Traffic Administration proposed a rule that would require automakers to install event data recorders in all new light passenger vehicles. . . 2016VehicleEventDataRecorders

Data Privacy Recommendations For Crafting Employee Monitoring Policies (2016)

Federal laws prohibit the interception of another’s electronic communications, but these same laws have multiple exceptions that generally allow employers to monitor employees’ email and internet use on employer-owned equipment or networks. As a result, under federal law, when private-sector employees use an organization’s telephone or computer system, monitoring their communications is broadly permissible, though there may be exceptions once the personal nature of a communication is determined. Also, under the National Labor Relations Act, employers cannot electronically spy on certain types of concerted activity . . . 2016EmployeeMonitoringPolicies

Evaluating Data Privacy and Security Issues of Self-Driving Vehicles (2016)

Self-driving cars, or autonomous vehicles, may be the greatest disruptive innovation to travel that we have experienced in a century. A fully-automated, self-driving car is able to perceive its environment, determine the optimal route, and drive unaided by human intervention for the entire journey. Self-driving cars have the potential to drastically reduce accidents, travel time, and the environmental impact of road travel. However, obstacles remain for the full implementation of the technology including the need to reduce public fear, increase reliability, and create adequate regulations . . . 2016SelfDrivingCars

Best Practices For Drafting Employee Privacy Policies (2016)

In 2005 Michigan became the first state to pass a statute requiring employers to create an internal privacy policy that governs their ability to disclose some forms of highly sensitive information about their employees. Michigan’s Social Security Number Privacy Act expressly requires employers to create policies concerning the confidentiality of employees’ social security numbers (“SSN”) and to disseminate those policies to employees . . .PrivacyPolicyDraftingThumbnail

SEC CyberDisclosures At A Glance (2015)

Cybersecurity Disclosures - At A GlanceThe SEC has made clear that there are a number of disclosure requirements that might impose an obligation on an issuer to disclose cyber-risks and cyber-incidents and has discussed certain of those requirements, including disclosures required in risk factors, MD&A, business descriptions, legal proceedings, financial statements and disclosure controls and procedures. . . .

 

Due Diligence in Mergers & Acquisitions At A Glance (2015)

The FTC has held acquirers responsible for the bad data security and privacy practices of the companies that they acquire.  Evaluating a potential target’s data privacy and security practices can be daunting and complicated . . .

Mergers and Acquisition Due Diligence_At A Glance

 

Webinar: Developments in Cyber Insurance for In-House Lawyers – Are You Getting the Coverage You Expect?

July 28, 2016 at 12 p.m. EDT

Five years ago only a minority of companies had cyber insurance. With high profile breaches insurance has quickly become the standard, and not the exception, but a cyber insurance policy is far from standardized. Bryan Cave’s David Zetoony discusses how in-house counsel should read cyber insurance policies to make sure that their clients receive the coverage that they expect. Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

Webinar: An In-House Attorney’s Guide to Creating an Effective Privacy Policy

June 28, 2016 at 12 p.m. EDT

Almost every company now has an online presence and, with it, an online privacy policy. While privacy policies are not new, attorneys need to keep current with the laws and regulations and to draft the policies effectively so that consumers can understand them. Boulder Partner David Zetoony and Associate Christopher Achatz discuss the legal issues involved with drafting privacy policies and explore best practices on how to create effective policies. Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

Webinar: Cyber Extortion — What are the Laws that Protect Against It and How Should Lawyers Respond?

June 16, 2016 at 12 p.m. EDT

While extortion is not a new concept, in the digital world, it is taking on a new dimension. Individuals, companies, organized crime, and even terrorist groups are increasingly threatening cyber-attacks, public disclosure of personal information, or reporting security vulnerabilities to regulators if companies do not accede to their demands. Join Mary Beth Buchanan and David Zetoony as they:

  • discuss different types of cyber-extortion,
  • describe the interaction between criminal laws preventing extortion and the data security laws, and
  • provide practical advice on how lawyers should respond to cyber-extortion demands.

Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

Webinar: What In-House Lawyers Should Know about the Legal Risks of Identity Theft and the Role of Credit Monitoring Services

May 24, 2016 at 12 p.m. EDT

Following a data security breach many companies assuage consumer fears by offering credit monitoring, ID restoration services, or ID theft insurance. Many in-house counsel misunderstand the legal risks of identity theft and the role that credit monitoring products play in protecting consumers from harm when such theft occurs. Boulder Partner David Zetoony discusses ID theft risks and the legal issues that in-house counsel need to consider when selecting a credit monitoring service. Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

Wire Transfer Fraud At A Glance (2015)

Businesses are increasingly falling victim to wire fraud scams – sometimes referred to as “man-in-the-email” or “business email compromise” scams.  Although there are multiple variants, a common situation involves an attacker gaining access to the email system of a company, or the company’s vendor, and monitoring email traffic about an upcoming transaction . . . Wire Transfer Fraud At A Glance

 

Webinar: mCommerce — A Guide to Legal Issues in the Evolving Mobile Landscape

May 12, 2016 at 12 p.m. EDT

The days of swiping a credit card on a card reader are over. Companies are increasingly exploring new and creative ways to allow their customers to pay for items using smartphones, computers, and mobile technologies. Boulder Partner David Zetoony and Courtney Stout will discuss the legal, regulatory and industry privacy and data security issues that arise when developing, deploying, or utilizing the latest mobile commerce solutions.  Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

Webinar: How to Improve Data Security in Payment Systems — Changing Risks and Changing Technology for In-House Counsel

March 31, 2016 at 12 p.m. EDT

With new technology behind how credit card transactions are processed and protected, accepting credit cards carries new data security risks and potential legal liabilities. In addition to the normal repercussions of a data security breach (reputation damage, the risk of class action litigation, and the risk of a regulatory investigation), if a retailer’s credit card system is compromised, the retailer may be contractually liable to its payment processor, its merchant bank, and ultimately the payment card brands. Boulder Partner David Zetoony and Courtney Stout discuss new payment processing technologies, their impact on data security, the risk implications for companies, and how in-house counsel can negotiate third party vendor contracts to minimize these risks. Click here for more information or to register.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

Live Event: Data Breach & Privacy Litigation Conference

DBPCon16Zetoony1PgFeb. 11, 2016

Julia Morgan Ballroom, San Francisco

Bryan Cave LLP is proud to participate in the Data Breach & Privacy Litigation Conference — this is the first conference to be dedicated specifically to privacy and security litigation.  David Zetoony, a partner in our Boulder/Washington offices has been invited to co-Chair the conference.  Dan Rockey, a partner in our San Francisco office, and Mary Beth Buchannan, a partner in our New York office, will both be speaking.  Please consider joining us in San Francisco on Feb. 11, 2016.

Webinar: Autonomous Vehicles Privacy and Cybersecurity Issues

January 20, 2016

With even GM investing in a driverless future, autonomous vehicles, or self-driving cars, may be the greatest disruptive innovation to travel that we have experienced in decades. A fully-automated, self-driving car is able to perceive its environment, determine the optimal route, and drive unaided by human intervention for the entire journey. Self-driving cars have the potential to drastically reduce accidents, travel time, and the environmental impact of road travel. However, obstacles remain for the full implementation of this autonomous technology. Of particular concern with regard to autonomous vehicles are data privacy and security risks that attorneys need to know. David Zetoony and Chris Achatz, Bryan Cave LLP, discuss the evolution of the technology, provide an overview of current legal and regulatory data privacy and security issues that are implicated, and explore specific data privacy and security concerns that will need to be addressed to enable the adoption of autonomous vehicles.

We are presenting this audio web cast through Celesq® Attorneys Ed Center in partnership with West LegalEdcenter.

Mobile App Privacy Policies At A Glance (2015)

Many of the most popular mobile apps collect personally identifiable information.  Although most app developers are not required to display a privacy polucy under federal law, they are contractually required to do so pursuant to the terms and conditions of the platform for which the app will be marketed. . . Mobile App Privacy Policies

Preventing Your Own Peach-Breach: A Week-long Program on Preparing for a Data Breach

Nov. 30 – Dec. 4, 2015

Headlines have focused on the “Peach Breach” — the Georgia Secretary of State’s inadvertent disclosure of sensitive information about over 6 million Georgia voters.  In response to requests from clients in Georgia, and around the country, for information on how to prepare for, and respond to, a data breach, we have put together a week-long series consisting of a one-hour webinar each day during the first week in December on a different data breach topic.  Click on the thumbnail for registration information . . . PeachBreachWeekLongProgramSeries

CAN-SPAM An In-House Guide (2015)

Email is ubiquitous in modern life with billions of emails – wanted and unwanted – sent each day.  Since its enactment, the CAN-SPAM Act has attempted to curb the number of unwanted emails and impose some rules on a largely unregulated frontier. When followed, CAN-SPAM’s restrictions give . . . CAN-SPAM

 

Behavioral Advertising At A Glance (2015)

Behavioral advertising refers to the use of information to predict the types of products or services of greatest interest to a particular consumer.  Online behavioral advertising takes two forms. “First party” behavioral advertising refers to situations in which a website uses information that it obtains when interacting with a visitor. “Third party” behavioral advertising refers to situations in which a company permits others to place tracking cookies on the computers . . . Behavioral Advertising_At A Glance_1

 

Data Maps and Data Inventories At A Glance (2015)

Knowing the type of data that you collect, where it is being held, with whom it is being shared, and how it is being transferred is a central component of many data privacy and data security programs.  The process of answering these questions is often referred to as a data map or a data inventory.  Although the questions that a data map tries to solve are relatively straightforward, the process of conducting one can be daunting . . . Data_Map_At A Glance (2)

Document Retention and Collection Policies At A Glance (2015)

Data minimization can be a powerful – and seemingly simple – data security measure.  The term refers to retaining the least amount of personal information that is necessary in order for an organization to function. Less information means that there is less that the organization needs to protect, and less opportunity for information to be lost or stolen . . .

Document Retention_At A Glance_1

 

EMV Technology At A Glance (2015)

Over the past several years the credit card industry has been encouraging banks and retailers to migrate to EMV technology, which is sometimes referred to as “chip-and-pin” or “chip-and-signature.”  EMV, which is named after the developers of the technology (Europay, MasterCard, Visa) is a technical standard that includes a microprocessor physically embedded in a plastic credit card.  The processor stores credit card data and, which, when inserted, is decrypted and read . . . EMV At A Glance

Credit Card Data Breaches At A Glance (2015)

CC_Data_Breaches_At A GlanceFor most retailers credit cards are the primary form of the payments that they receive.  Accepting credit cards, however, carries significant data security risks and potential legal liabilities.  In addition to the normal repercussions of a data security breach . . .

Geo-Location Tracking At A Glance (2015)

Smartphones, smartphone Apps, websites, and other connective devices increasingly request that consumer’s provide their geo-location information.  Geo-location information can refer to general information about a consumer’s location, such as their city, state, or zip code, or precise information that pinpoints the consumer’s location to a few feet . . . Geo-Location_Tracking_At A Glance (2)_1

Restore Online Shoppers Confidence Act At A Glance (2015)

Online retailers often learn information about a consumer that may be used to help identify other products, services, or companies that may be of interest.  Although retailers strive to provide recommendations quickly, and to make a consumer’s transition to a third party retailer seamless, the Restore Online Shoppers’ Confidence Act (“ROSCA”) generally prohibits one online merchant from transferring payment information to another . . . Restore_Online_Confidence_At A Glance

FDIC Data Security Examinations At A Glance (2015)

FDIC bank examinations generally include a focus on information technology systems with a particular focus on data security.  The examination process relies to some extent on bank management attestations regarding the extent to which IT risks . . . FDIC Examinations_At A Glance

Look Whose Watching What! The Video Privacy Protection Act At A Glance

The Video Privacy Protection Act (“VPPA”) was passed in 1988 in reaction to a fear that people other than a consumer and a video rental store could collect information on a consumer’s video rental history.  It was not an academic concern at the time. Immediately prior to the passage of the VPPA, Judge Robert Bork, who had been nominated to the Supreme Court, had his video rental history published by a newspaper that was investigating whether he was fit to hold office . . .VPPA_At A Glance (2)

 

The (ex) EU-US Safe Harbor At A Glance (2015)

On Tuesday, October 6, 2015, the European Court of Justice decided that the EU/US Safe Harbor regime for data transfers is no longer… safe.  Until now, companies exchanging data between the EU and the US could rely on the Safe Harbor regime, but with the decision that is no longer an option.  In addition companies currently relying on Safe Harbor are scrambling to find alternative compliance strategies . . . ExSafeHarbor

Credit Card Payment Processing Agreements At A Glance (2015)

Credit cards are the primary form of the payment for most retailers.  In order to process credit cards a retailer must enter into an agreement with a bank and a payment processor.  Those agreements can be daunting and often have significant impacts on a retailer’s financial liability in the event of a data breach. Indeed, in many cases the contractual liabilities that flow from the credit card processing agreement surpass all other financial liabilities that arise from a breach including litigation . . . Negotiating Card Agreements_At A Glance_1

Data Breach Reputation Management At A Glance

The reputational injury following a data breach can be severe and often surpasses legal liabilities.  Effective management of the reputational impact of a data security incident requires a proactive and reactive strategy.  The proactive strategy assumes that the organization will control when, and what, information will be conveyed . . .

Breach Reputation Management_At A Glance

 

Healthcare Data Breach Enforcements and Fines At A Glance (2015)

The Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) is responsible for enforcing the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Enforcement of the Privacy Rule began on April 14, 2003, while enforcement of the Security Rule began on April 20, 2005 . . .Healthcare DB_Enforcements_At A Glance

 

Healthcare Breach Litigation At A Glance (2015)

Companies that have a breach involving protected health information (“PHI”) worry not only about fines and penalties imposed by the Department of Health and Human Services (“HHS”), but about class action lawsuits.   The risk that a class action lawsuit will lead to financial liability, however, is often misunderstood . . .

Healthcare DB_Litigation_At A Glance_1

State Level Enforcement and Fines for Health Data Breaches At A Glance (2015)

It does not appear that enforcing HIPAA’s data breach notification requirements is a priority for most AGs, due to the low number of actions brought under the statute. Connecticut, Vermont, Minnesota, and Indiana have each brought one action. Massachusetts is the only state that has brought more than one action . . .Healthcare DB_State_Fines_At A Glance

 

The Causes of Healthcare Breaches At A Glance (2015)

The data collected by HHS concerning breaches shows that low-tech breaches remain the most common form of data loss in the health sector – surpassing the more publicized hacking events.  Almost 40% of breaches still relate to the theft of hardware . . .

CausesofHealthBreachesAtAGlance

Facial Recognition Technology At A Glance (2015)

There is currently no federal statute that expressly regulates private-sector use of facial recognition technology. Nonetheless, the Federal Trade Commission (“FTC”), which has authority to prevent unfair and deceptive practices, has expressed interest in the privacy implications of facial recognition technology, has issued a set of best practices concerning its use, and has investigated companies that it believes violated those recommendations . . .Facial Recognition_At A Glance_1

 

Vehicle Black Box Event Recorders At A Glance (2015)

Vehicle Event Data Recorders - At A GlanceEvent data recorders, also known as “black boxes” or “sensing diagnostic modules,” capture information such as the speed of a vehicle and the use of a safety belt, in the event of a collision to help understand how the vehicle’s systems performed.  15 states have passed statutes that discuss the privacy of the data that these devicse collect . . .

 

Trends in Data Breach Litigation At A Glance (2015)

While General Counsel cite class action fears as one of their top concerns following a data breach, there is a great deal of misunderstanding concernign the nature of data security breach class action litigation . . . Data Security Breach Litigation Trends - At A Glance

Monitoring Employees At A Glance (2015)

Although federal law permits employers to monitor their employees’ email and internet, some states require that notice be given to employees; other states place restrictions on how far the monitoring can extend to non-work related accounts . . . Employee Monitoring in the Workplace - At A Glance

Progress on EU Data Protection Reform At A Glance (2015)

A timeline has been established in the EU to find an agreement between different versions of the draft data privacy regulations.  If followed, the EU’s new regulation should come into force in 2018 . . . EU Regulation Status_At A Glance_1

Written Information Security Policies At A Glance (2015)

 

WISP

Although federal law only requires that financial institutions and health care providers maintain a written information security policy or “WISP,” approximately thirty four states have enacted legislation that requires organizations in other industries to take steps to keep certain forms of personal information safe. . .

Crowdsourcing Security With Bounty Programs At A Glance (2015)

Bounty Programs At A Glance

There is a great deal of debate about the merits of listening to the security concerns of people outside of an organization. On one end of the spectrum companies refuse to discuss any aspect of their security with the public. On the other end of the spectrum companies proactively encourage the public to report security vulnerabilities by paying well meaning hackers (usually called “white hat” hackers) to report problems. While these companies view “bounty” programs as . . .

 

Ethics and Data Breach Investigations

Thursday, June 18, 2015, 9:00 – 1:00 CT

Live Event: St. Louis

As legal departments are increasingly being called upon to help their organizations navigate a breach investigation, the program will discuss how to effectively investigate a security incident as well as the types of ethical issues that may arise.

 

LawandEthics

Monetizing Information From Startups At A Glance (2015)

Monetizing Data_At A Glance

Websites and internet-based startups are booming. Many startups thrive by collecting data about their online users’ age, gender, and geography and interpreting that data to predict consumer preferences and demand. In addition, many third party marketing services pay a premium for useful consumer data. Startups often find that data is their single most valuable commodity . . .

 

2015 Telemarketing Report

TelemarketingReportWe are pleased to announce the 2015 edition of our whitepaper discussing trends in telemarketing (TCPA) litigation. The 2015 report provides the most comprehensive analysis of complaint filings by industry, court, legal theory, and type of issue . . . (click on thumbnail for report)

2015 Data Privacy Litigation Report

2015DataPrivacyLitigationReportWe are pleased to announce the 2015 edition of our whitepaper discussing trends in data privacy class action litigation. The 2015 report provides the most comprehensive analysis of complaint filings by industry, court, legal theory, and type of privacy issue . . . (click on thumbnail for report)

Russia Data Localization Requirements At A Glance (2015)

Russia Data Localization Requirement at a Glance_1Russian Law No. 242, enacted on July 21, 2014, creates new requirements that data operators must store personal data of Russian citizens on servers located in Russia.  The law, which is effective as of September 1, 2015, has raised numerous questions from the business community.  This information sheet discusses the practical aspects of the law . . .

2015 Data Breach Class Action Report

We are pleased to announce the 5th edition of our whitepaper discussing trends in data breach class action litigation.  The 2015 report provides the most comprehensive analysis of trends in complaint filings by industry, court, legal theory, and type of data breach . . .

 

2015 Data Breach Litigation Report

EU Binding Corporate Rules At A Glance (2015)

BindingCorporateRules

The EU Directive creates the legal framework for the national data protection laws in each EU member state.   The EU Directive states that personal data may only be transferred to countries outside the EU when an adequate level of protection is guaranteed.  The laws of the United States are not considered by the European Union as providing an adequate level of data protection. As a result, if a company intends to transfer personal information into the United States they must take one of the following steps to achieve the “adequacy” status required by the Directive.  Binding Corporate Rules . . .

 

Live Event: Data Security Boot Camp for In-House Counsel

November 3, 2015

In-House CLE Institute
Bryan Cave, Denver

With management increasingly looking to in-house counsel for guidance in complying with data security laws and in mitigating regulatory, litigation, and reputational risk following a data security breach.  To register for this in-person event, click here.

Investigating Data Breaches: A Guide for In-House Counsel

Tuesday, June 16,  2015, 12:00 ET

Webinar

Bryan Cave LLP has investigated more than 400 data security breaches. As legal departments are increasingly being called upon to help their organizations navigate a breach investigation, the program will discuss the “how to” for effectively investigating a security incident.

June16,2015Webinar

 

Usage of US/EU Safe Harbor At A Glance (2015)

SafeHarbor2JPG

Companies completing the Safe Harbor process must make several decisions. For example, they must decide whether to have an independent third party verify their compliance with the Safe Harbor framework, whether to retain an arbitration group to adjudicate complaints about their privacy practices, and what data they wish to include within their certi.cation.  The following provides background and benchmarking concerning the types of companies that utilize . . .

 

Webinar: PCI Data Breach Preparedness

January 27, 2015
PCI Data BreachThe Bryan Cave Payments Team along with special guest speaker Andi Baritrichi, the principal in charge of Verizon’s PCI Practice, hosted a webinar that focused on PCI data breaches.

Speakers

Courtney Stout

Jena Valdetero

Webinar: Data Security and Credit Cards for In-House Counsel: How Your Organization’s Contractual Relationship with Credit Card Processors Is Changing

January 22, 2015

Data Security and Credit CardA liability shift is forcing credit and debit card transactions to be conducted using chip-based (i.e., EMV) payment cards by 2015. This transition could impact your organization in more ways than one. Join us for this important discussion of new requirements of the payment card network rules (i.e., Visa, MasterCard, American Express and Discover), the Payment Card Industry Data Security Standards (PCI DSS), and President Obama’s Executive Order (October 2014) regarding chip technology, and for additional measures (a combination of EMV, Tokenization and Encryption) that can be taken to increase your organization’s data security practices and procedures for your credit and debit card processing and Corporate Purchasing Card programs.

Speakers:

Courtney Stout

Jennifer Crowder

Boulder Event: Conducting a Data Map or a Data Inventory

August 18, 2015 (4:30MT – 6:00 MT)

This in-person event is sponsored by the IAPP and will be held in Bryan Cave’s Boulder, Colorado office.  The event will discuss how to conduct a data map or a data inventory.  It will also include a networking happy hour showcasing Boulder’s award winning microbreweries.  Click here to register.  If you are not a member of the IAPP you will be prompted to “sign up” for an IAPP account as part of registration.

 

DatamappingKnowledgeNetInvitation

WiFi Connected Cars And Privacy Concerns (2015)

WifiCars

Think data privacy is only something for “technology” or “internet” companies? Think again— America’s car companies certainly have. On Wednesday November 12, 2014, two trade groups representing 19 of the largest car companies in the world sent a letter to the Federal Trade Commission (“FTC”) outlining privacy principles the companies have committed to follow. . .

California Do Not Track Law (2014

CaliforniaDoNotTrack

A California statute requiring websites to revise their privacy policies to address “Do-Not-Track” went into effect January 1, 2014. The new statute requires all commercial websites and online services – including mobile applications – that collect personally identifiable information across third-party websites to disclose how they respond to the Do Not Track signal . . .

Whitepaper: Telemarketing Class Action Litigation (March 2014)

TelemarketingMarch2014

 

Complainants filed a substantial volume of TCPA class actions during Q4 of 2013. Of the 92 complaints filed during the period, there was a preference toward complaints involving transmissions to mobile phones. One explanation for the substantial number of complaints filed during the period is the October 16, 2013, effective date of the FCC’s new consent requirements for certain autodialed and prerecorded telemarketing calls.