Author Archives: Maki DePalo

Maki DePalo
Maki DePalo devotes her practice to clients' initiatives in technology and corporate transactions encompassing intellectual property licensing, strategic outsourcing, Internet-based marketing and advertising, data privacy and security, governance and compliance.  Read More

May 30 is Fast Approaching – Are You Ready for Compliance with the Amended Act on Protection of Personal Information in Japan?

Written by
Japan’s Act on Protection of Personal Information currently in force (“Current APPI”) dates back to 2003.  It was originally enacted on May 30, 2003, and came into effect in 2005.  Ten years later, the National Diet passed extensive reforms to modernize the Current APPI in September, 2015.  Although the Amended Act on Protection of Personal Information (“Amended APPI”) has been partly in effect, it will come fully into effect on May 30, 2017. It is important to note that the Amended APPI applies to “personal information handling business operators” which is defined as a person [...] Read more

FTC Issues Warning Letters to 28 Companies Claiming Participation in the APEC CBPR System

Written by
On July 14, 2016, the Federal Trade Commission (FTC) announced that it had issued warning letters to 28 companies regarding their claim of participation in the Asia Pacific Economic Cooperation Cross Border Privacy Rule (APEC CBPR) system.  The APEC CBPR system is a voluntary, enforceable mechanism that certifies a company’s compliance with the principles in the APEC CBPR and facilitates privacy-respecting transfers of data among APEC member economies.  The warning letter states the FTC’s records do not indicate these companies have taken the requisite steps to be able to claim participation [...] Read more

FTC Approves Final Order Prohibiting Misrepresentation about Vipvape’s Participation in APEC Cross Border Privacy Program

Written by
On June 29, 2016, the Federal Trade Commission (FTC) announced it had approved a final order resolving the complaint against Vipvape, a manufacturer of hand-held vaporizers.  The complaint alleged Vipvape misrepresented its practices on the website related to Vipvape’s participation in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system when, if fact, Vipvape was not certified to participate in the APEC CBPR system. In the Analysis of Proposed Consent Order to Aid Public Comment, the FTC explained that the APEC CBPR system is a voluntary, enforceable mechanism [...] Read more

Support Data Privacy Day on January 28, 2015

Written by
Did you know January 28 is Data Privacy Day (DPD)?  DPD commemorates Convention 108, the first legally binding international treaty dealing with privacy and data protection, signed on January 28, 1981.  DPD began in the United States and Canada in January 2008 as an extension of the DPD celebrated in Europe.  On January, 27, 2014, the 113th U.S. Congress adopted a nonbinding resolution expressing support for the designation of January 28 as “National Data Privacy Day.” National Cyber Security Alliance (NCSA), a non-profit organization dedicated to cyber-security education and awareness, [...] Read more

NIST releases “Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans.”

Written by
On December 12, 2014, the National Institute for Standards and Technology (“NIST”) announced the release of Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (“SP 800-53A”). SP 800-53A is a companion guideline to Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organizations (“SP 800-53”) and discusses how to build effective assessment plans and how to analyze and manage assessment results. NIST’s announcement highlights [...] Read more

23 Privacy Enforcement Authorities Issue a Joint Open Letter to App Marketplaces

Written by
On December 9, 2014, a joint open letter (“Letter”) was issued to the operators of seven (7) app marketplaces, urging them to “make the basic commitment to require each app that can access or collect personal information, to provide users with timely access to the app’s privacy policy.” Although the Letter was sent to Apple, Google, Samsung, Microsoft, Nokia, BlackBerry and Amazon.com, the Office of the Privacy Commissioner of Canada (“OPC”) explains that it is intended for all companies that operate app marketplaces. The Letter was issued by twenty-three (23) privacy enforcement [...] Read more

WP29 Announces a Common “Tool-Box” Approach to Handling of Complaints under the Right to be Forgotten

Written by
On September 18, 2014, the Article 29 Working Party (the “WP29”) issued a press release, announcing that the European data protection authorities agreed on a common “tool-box” approach to handling complaints lodged due to search engines’ refusal to remove complainant’s entries from their search results. In a landmark ruling on May 13, 2014, the Court of Justice of the European Union (“CJEU”) found that search engine operators, as data controllers, have the obligations to “remove [links to web pages] from the list of results displayed following [...] Read more

International Collaboration Disrupts GameOver Zeus and CryptoLocker

Written by
On June 2, 2014, in collaboration with the European Cybercrime Centre at Europol, the Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) announced a multi-national effort to disrupt the GameOver Zeus botnet, an extremely sophisticated type of malware designed to steal banking and other credentials from infected computers. The DOJ and the FBI also announced that command and control servers central to CryptoLocker, a form of “ransomware” that encrypts and locks the files on victims’ computers and demands a fee in return for unlocking those files, [...] Read more

American Apparel Settles FTC Charge on Falsely Claiming Compliance with Safe Harbor Privacy Framework

Written by
On May 9, 2014, the Federal Trade Commission (the “FTC”) announced that American Apparel, Inc. (“American Apparel”) agreed to settle FTC charges that American Apparel falsely claimed it was compliant with the U.S.-European Union Safe Harbor (the “US-EU Safe Harbor Framework”). The FTC’s complaint alleged that American Apparel, a clothing manufacturer and retailer with more than 200 stores worldwide, falsely represented that it was a “current” participant in the US-EU Safe Harbor Framework on its website when it was not a “current” [...] Read more

Mobile Apps in the Spotlight during Upcoming GPEN International Privacy Sweep

Written by
On May 6, the Office of the Privacy Commissioner of Canada (the “Commissioner”) announced mobile apps as the Global Privacy Enforcement Network’s (“GPEN’s”) focus area during the upcoming International Privacy Sweep (the “Sweep”). The Sweep will be held from May 12 to 18, 2014, involving 27 privacy enforcement authorities from around the world. The news release describes that this year’s Sweep will aim at “shedding light on the collection and use of personal information on mobile apps.” This year, 27 authorities will participate [...] Read more