|
June 14, 2010
Regulated Social Media: Practical Advice for Addressing Evolving Technologies in Regulated Industries
BNA's Privacy & Security Law Report
Social media sites are rapidly redefining the flow of information from corporate entities. Regulated industries, such as pharmaceutical, healthcare, financial services, telecommunications, and professional services, participating in social media must grapple with unique regulatory requirements, as regulators themselves struggle to understand these evolving technologies and issue new guidance or adapt existing rules to fit them. The often unappealing choice between the awkward application of existing regulations and the looming possibility of new regulations specific to social media creates tensions for regulated companies seeking to participate meaningfully in online conversations, while remaining within regulatory paradigms designed without reference to modern interactive media.
|
|
Articles
|
|
October 2009
Federal Court Dismisses Data Breach Class Action Brought Against J.P. Morgan Chase Based on Federal Preemption
Privacy & Data Security Law Journal
This article discusses a recent New York district court case holding that the Fair Credit Reporting Act (FCRA) requirements for data disposal will preempt similar state laws, thereby making it more clear that financial institutions may be able to rely upon the federal data disposal requirements for credit report information without regard to the growing number of state data disposal laws.
|
|
Articles
|
|
September 14, 2009
An Uneasy Peace: Maine’s Act to Prevent Marketing to Minors and the Continuing Problems of Privacy for Children and Teens
BNA's Privacy & Security Law Report
Although Maine’s new law banning most collection and use of personal data of minors for marketing purposes has been put on hold and may likely never be implemented, the statute has been overwhelmingly successful in increasing the focus on the issues of child and teen privacy, the authors write.
|
|
Articles
|
|
September 2009
Developments in Data Breach Liability
Privacy & Data Security Law Journal
As data breaches continue apace, so do enforcement action and litigation. This article describes a recent data breach settlement under the consumer protection statutes of 41 jurisdictions, as well as recent federal and state court judicial opinions addressing liability for data breaches under Maine and District of Columbia law.
|
|
Articles
|
|
July 15, 2009
End of the Notice Paradigm? : FTC’s Proposed Sears Settlement Casts Doubt On the Sufficiency of Disclosures in Privacy Policies and User Agreements
BNA's Electronic Commerce & Law Report
The Federal Trade Commission’s recent proposed settlement with retailer Sears regarding an alleged failure to adequately disclose the scope of consumer personal information collected by marketing research software is at odds with established industry and regulatory practice. The settlement has the potential to create substantial uncertainty for online commerce, and thereby undercut the clear rules that have helped the Internet become a robust engine of economic growth and consumer choice.
|
|
Articles
|
|
July 2009
Reconciling European Data Privacy Concerns with US Discovery Rules: Conflict and Comity
Global Competition Litigation Review
The need for multinational corporations to prepare for, manage and vigorously prosecute transnational litigation is often in tension with cultural norms. Few areas have provoked as much attention as the recent conflict between the intensely adversarial truth-seeking function of US litigation and European efforts to protect spheres of personal privacy.
|
|
Articles
|
|
March 30, 2009
National Security Letters: Practical Advice For Understanding and Handling Exceptional Requests
BNA Privacy & Security Law Report
National Security Letters (NSLs) were once an exceptionally rare form of federal administrative subpoena that few corporate attorneys and privacy officers would ever confront. In light of the U.S. response to international terrorism, the once infrequent use of NSLs and similar forms of process has increased significantly.
|
|
Articles
|
|
March 9, 2009
Assessing the EU Working Party’s Guidance on Harmonizing U.S. Discovery and EU Data Protection Requirements
BNA Privacy & Security Law Report
The European Union’s Article 29 Data Protection Working Party has taken an important first step toward reconciling EU data protection obligations with the information disclosure requirements of U.S. discovery rules.
|
|
Articles
|
|
September 15, 2008
Damages for the Harm of Data Breaches and Other Privacy Claims
BNA Privacy & Security Law Report
In the absence of actual identity theft or other quantifiable harms, courts have declined to recognize amorphous emotional or dignitary harms from privacy violations as being sufficient to support standing or prove damages as a necessary element of a cause of action.
|
|
Articles
|
|
July/August 2008
Competitive Privacy: Towards A New Area of Privacy Litigation?
Privacy Tracker
An apparent afterthought in a patent case may point the way to a new type of privacy litigation, and it may offer the potential for companies to shape robust privacy practices into an offensive tool for litigation against their competitors.
|
|
Articles
|
|
April 2008
French CNIL Examines Data Protection Issues Linked to U.S. Litigation Disclosures
Privacy and Data Security Law Journal
As explained by the authors, a French commission has recently voiced concern over the proliferation of demands for the production and transfer of European data for use in U.S. legal proceedings.
|
|
Articles
|
|
January 2008
Public Right of Access to Lobbyist Information Trumps EU Privacy Rights
Privacy & Data Security Law Journal
In this article, authors Stephen Kinsella, Alan Charles Raul, Edward McNicholas and Hanne Melin analyze a recent decision by the European Court of First Instance that suggests that data protection or privacy is not an absolute right in the European Union - and that it has to be balanced against other societal interests.
|
|
Articles
|
|
January 7, 2008
New State Attempts at Data Security Laws Offer Uncertain Promise
BNA Privacy & Security Law Report
A legal standard for information security has started to emerge from state information privacy laws and Federal Trade Commission enforcement actions. A Nevada law that will take effect later this year and requires encryption in transit for all personal information takes a leap, the authors argue, by directly mandating encryption for personal data. While the Nevada law does not specify what type of encryption is required, proposed regulations in New Jersey would specify encryption for both stored and in transit communication. Compliance with detailed security standards could become unmanageable if multiple states specify distinct security requirements purporting to govern interstate computer systems, according to the authors.
|
|
Articles
|
|
October 15, 2007
A Path to Resolving European Data Protection Concerns With U.S. Discovery
BNA Privacy & Security Law Report
U.S. litigation discovery requirements are not necessarily antithetical to compliance with EU data protection law, the authors posit. They propose that three existing mechanisms — privacy notices, protective orders, and model contracts — could be adapted to form the basis for an international consensus on how to resolve tensions between the demands of U.S. discovery and EU data protection compliance.
|
|
Articles
|
|
October 2007
Federal Court of Appeals Dismisses Data Breach Class Action Following Hack of Bank’s Marketing Web Site
Privacy & Data Security Law Journal
The authors discuss a decision by a federal court of appeals dismissing a purported class action against a bank that alleged failure to protect personal information on the bank’s marketing Web site after a “sophisticated, intentional, and malicious” intrusion.
|
|
Articles
|
|
October 2007
Defendant Prevails in Privacy Case Where Data Theft Results in No Injury to Plaintiffs
Privacy & Data Security Law Journal
The recent “data breach” case of Randolph v. ING Life Insurance and Annuity Company limits prospective liability where a loss or theft of personal data presents no more than a speculative threat of invasion of privacy, identify theft, or fraud. The case, which was resolved on motion to dismiss, reflects the trend in U.S. case law that data controllers will not necessarily face liability for losing control of personal information if the loss did not cause concrete harm to the affected individuals.
|
|
Articles
|
|
|