RSS Print Email


FTC Issues Study on Mobile Shopping Apps Reviewing Pre-download Disclosures

On August 1, 2014, the Federal Trade Commission (“FTC”) issued a study called “What’s the Deal? An FTC Study on Mobile Shopping Apps,” with recommendations concerning pre-download disclosures. FTC staff surveyed and reviewed 121 mobile shopping apps that fell into three categories: price comparison apps, deal apps, and in-store purchase apps. FTC staff focused their analysis on (1) the in-store purchase apps’ pre-download disclosures concerning payment disputes, and (2) all of the surveyed apps’ pre-download disclosures concerning how the apps collect and handle consumer data.

Read More

Dominique Shelton Named Most Influential Lawyer in Digital Media and E-Commerce Law by Los Angeles Business Journal

July 31, 2014 | Posted by Privacy & Data Security Team | Topic(s): Data Security, Privacy

Dominique Shelton, partner in the firm’s Litigation & Trial Practice and Privacy & Data Security Groups was recently included by the Los Angeles Business Journal in their inaugural, “Most Influential Lawyers: Digital Media and E-Commerce.”

The list recognizes 30 Los Angeles attorneys who have demonstrated outstanding achievements in digital media and e-commerce law. Shelton is noted as one of the top practitioners in her field, advising clients on “cutting-edge” legal issues and “representing companies in a variety of industries and service sectors, including digital sales and marketing, advertising, wireless/mobile Internet, lead generation, manufacturing and electrical, software, telecommunications and television.”

Posted by Privacy & Data Security Team | Alston & Bird LLP

FTC Updates Guidelines for Obtaining Parental Consent Applicable to Website Operators and Developers of Children’s Apps

On July 16, 2014, the Federal Trade Commission (“FTC”) issued revised guidance regarding compliance with the Children's Online Privacy Protection Act (“COPPA”). COPPA and the rules promulgated thereunder regulate the collection, use, and disclosure of personal information from children under age 13 by operators of commercial websites and online services, including mobile apps. The recent changes to the FTC’s Complying with COPPA: Frequently Asked Questions document clarify parental consent requirements with respect to such websites and services.

Read More

Kim Peretti and Jessica Corley co-author Bloomberg BNA article on Director Liability for Cybersecurity

July 29, 2014 | Posted by Security Incident Management & Response Team | Topic(s): Data Security, Cybersecurity, Privacy, Data Breach, Privacy Policy

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, co-authored with Jessica Corley, chair of the firm’s Securities Litigation Group, the Bloomberg BNA article, “Cybersecurity: What Directors Need to Know in an Era of Increased Scrutiny.” In the article, Peretti and Corley discuss the cybersecurity issues that directors and officers face due to the fact that most companies’ assets are stored digitally and, therefore, at risk of cyberattacks. Because of these risks, well-designed policies and procedures to ensure data security are crucial to companies of all sizes, both in the public and private sectors. Directors and officers are under increased scrutiny and expected to be fully aware and engaged in their companies’ cybersecurity measures. Peretti and Corley’s article addresses the risks and impacts of data breaches, as well as practical pre- and post-breach guidance.

To read the full article, click here.

Posted by Security Incident Management & Response Team | Alston & Bird LLP

OCR Issues Two New Reports to Congress on HIPAA Compliance and Enforcement from 2011 to 2012

Last week the HHS Office for Civil Rights (“OCR”) presented certain findings regarding Health Insurance Portability and Accountability Act (“HIPAA”) compliance and enforcement to the National Committee on Health and Vital Statistics (“NCHVS”), an HHS advisory committee. The presentation reviewed OCR’s two recently issued reports to Congress. OCR is required to submit such reports under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. The first report, “HIPAA Privacy, Security, and Breach Notification Rule Compliance,” examines the number and type of complaints received by OCR regarding HIPAA violations and the agency’s response. The second report, “Breaches of Unsecured Protected Health Information,” reviews breach notifications received by OCR and the agency’s response. The report also includes the agency’s first enforcement actions under the Breach Notification Rule.

Read More

Privacy Partner Dominique Shelton Authors Privacy Advisor Article on Hulu VPPA Case

Dominique Shelton, partner in Alston and Bird’s Privacy & Data Security practice and member of the Litigation and Trial Practice group, authored an article appearing on June 19 in International Association of Privacy Professionals' (IAPP) Privacy Advisor titled, “Court Denies Class-Action in Hulu Case, But There’s More." In the article, Shelton discusses the Hulu consumer class-action case that has been ongoing since July 2011. Shelton points out that any company that hosts video content on its website or mobile app and includes a “Like” button or other social networking plug-in should be following this case. The issue at-hand is whether or not the technology associated with the “Like” button constitutes a violation of the Video Privacy Protection Act (VPPA) by disclosing users’ viewing habits without their consent. Because this case touches so many companies, it is an important one to follow. The case resurfaced in the news this week because the court denied the plaintiffs’ putative class-action lawsuit, without prejudice.

Read More

Angela Burnette and Julia Dempewolf Publish Article On Student Privacy and Preventing Campus Violence

Angela Burnette, Counsel at Alston & Bird, and Julia Dempewolf, an associate at Alston & Bird, have compiled practical guidance for schools and universities to consider regarding student privacy and the prevention of school violence.  Their recent article, published by LexisNexis in Health Care Law Monthly, is entitled “Clarity Instead of Confusion: Available Solutions Under the HIPAA Privacy Rule and FERPA To Prevent Student Violence.”

Read More

Hulu: The Northern District of California Denies Class Certification without Prejudice on Grounds Class Not Ascertainable

Data privacy practices and related class action litigation continue to be super-hot topics that require close attention from companies. Brand damage, governance shakeups and congressional inquiries because of data practices should provide sufficient motivation to stay up-to-the minute in these critical areas. This advisory examines the latest developments in the Hulu litigation involving alleged violations of the Video Privacy Protection Act. While a California federal district court has denied certification of a class of Hulu video service users, it left the door open for future class cases in this emerging area.

The full Cyber Alert is available here

Written by Kim Chemerinsky, Senior Associate, Privacy & Data Security | Alston & Bird LLP

ComScore Reaches $14 Million Settlement in Electronic Privacy Class Action

June 17, 2014 | Posted by Dominique Shelton & Kim Chemerinsky | Topic(s): Federal Trade Commission (FTC), Privacy, Class Action, Big Data

On May 30, 2014, comScore Inc. announced that it has reached a $14 million settlement in the largest class ever certified in an Internet privacy lawsuit, composed of users who claim that comScore installed analytics software on their computers and sold their personal data to media outlets without their knowledge or consent. ComScore, a publicly-traded company, faced upwards of $1 billion in liability under various federal statutes aimed at protecting consumer privacy. This made it one of the largest (if not the largest) privacy class action certified in the country.

Read More

A+B Privacy Team Provides Analysis of California AG Privacy Report: New Best Practices Guidance Applies to all Businesses Collecting Personal Information from California Residents

In follow up to our previous blog, California AG Kamala Harris Issues Privacy Policy Guidance: Making Your Privacy Practices Public Contains Draft Tips for Website and Online Service Privacy Policies, regarding the release of the AG’s report, please see our recently released client advisory providing a detailed analysis of the new privacy guidance: California Attorney General Kamala Harris Releases Long-Anticipated Guidance Regarding Privacy Policy Notices . As conceived, the Report is designed to apply to all businesses, regardless of the country or state in which they operate, based on the California AG’s position that the California Online Privacy Protection Act (Cal-OPPA) applies to all companies that collect personal information about California residents through their websites, online services or mobile apps, even if the business has no other connection to California.

Written by Dominique Shelton, Partner, Privacy & Data Security and Litigation and Trial Practice and Paul Martino, Partner, Privacy & Data Security and Legislative & Public Policy| Alston & Bird LLP

Transmitting PHI by Email

Email has become an important mode of communication for business operations, with approximately 100 billion business emails sent in 2013 alone. Included in these messages are patients’ personal and health information, such as test results, diagnoses, and social security numbers. The Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) regulate the transmission of this sensitive information, known as protected health information (“PHI”), by Covered Entities, and in some circumstances, Business Associates.

Read More

Privacy, Innovation and Big Data Forum Hosted by Alston & Bird

May 15, 2014 | Posted by Privacy & Data Security Team | Topic(s): Mobile Technologies, Privacy, Social Media, Tracking, Big Data

On March 25, Alston & Bird hosted a forum titled, “Privacy, Innovation and Big Data: What Does the Future Hold.” David Keating, Partner and Co-Chair of the Firm’s Privacy and Security Practice, hosted a panel discussion that included Peter Swire, Nancy J. and Lawrence P. Huang Professor, Scheller College of Business, Georgia Institute of Technology, Jerry Jones, Chief Ethics and Legal Officer at Acxiom, Cindy Liebes, Federal Trade Commission Southeast Region, and constitutional lawyer Gerald R. Weber. Click here to view a video of the event.

Written by Privacy & Data Security | Alston & Bird LLP

DOJ Issues White Paper on Cybersecurity Information Sharing Under the SCA

On Friday, May 9 the Department of Justice (DOJ) released a white paper stating that under its interpretation of the Stored Communications Act (SCA), 18 U.S.C. § 2701 et seq., communications companies are permitted to disclose “non-content information to the government” as long as that information is in its “aggregate form.” The lynchpin of the DOJ’s analysis is whether the shared information identifies or provides information regarding particular subscribers or customers. Under that standard, data that “is aggregated but still provides information about a particular subscriber or customer” is prohibited from disclosure under the SCA. In releasing its white paper, the DOJ recognized that “information sharing is a critical component of bolstering public and private network owners’ and operators’ capacity to protect their networks against evolving and increasingly sophisticated cyber threats.” As such, “the private sector would benefit from a better understanding of whether the electronic communications statutes [DOJ enforces] prohibit them from voluntarily sharing useful cybersecurity information with the government.”

Read More

Google Must Scrub its Search Engine of Individual’s Personal Data, Court Rules

May 13, 2014 | Posted by Michael Young | Topic(s): Online Privacy, Privacy, Regulatory Enforcement

The European Court of Justice (“ECJ”) ruled today that Google may be compelled to remove search listings of web pages containing information about individuals.

Mario Costeja Gonzalez, a Spanish national, complained in 2010 to Spain’s data protection authority (“Spanish DPA”) about the inclusion of a newspaper article in Google search results that appeared when searching his name. Mr. Gonzalez asked the Spanish DPA to order Google to remove its links to the 1998 story, which revealed Mr. Gonzalez’s connection with the forced sale of real-estate to recover debts. The Spanish DPA upheld Mr. Gonzalez’s complaint, taking the view that the failure to respect an individuals’ desire for anonymity on the internet could be a violation of fundamental rights under European Union law. Google objected to the decision before Spain’s National High Court, which then referred the case to the ECJ for its interpretation of E.U. law.

Read More

Kim Peretti Quoted in Law360 Article “Post-Target Breach Laws Ratchet Up Pressure On Companies”

May 13, 2014 | Posted by Privacy & Data Security Team | Topic(s): US State Law, Privacy, Data Breach

Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was quoted in the Law360 article “Post-Target Breach Laws Ratchet Up Pressure On Companies.” The article discussed how Florida, Minnesota and several other states have moved to amend their data breach notification laws to tighten reporting timelines in response to the Target data breach and other high-profile intrusions. The amendments also expand on covered personal information, which adds pressure to companies that are trying to comply with a patchwork of state laws.

“We're definitely seeing the fallout from highly visible recent payment card breaches, especially the one at Target,” Peretti said. “States feel like they need to do something about it, and the developments are only continuing to fuel the already very active role that states are...taking in responding to data security concerns.”

Posted by Privacy & Data Security Team | Alston & Bird LLP